Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

 
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy. This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between. Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web. The online version of ...

Choice, Flexibility and Advanced Security – Now with Google Cloud Platform

 
As a general rule of thumb, it has been a long accepted strategy in IT to avoid vendor lock in, or trusting too much in a single equipment provider that you get stuck because changing to another vendor would be too costly or inconvenient. This is especially true with public cloud providers, and fear of vendor lock in is often cited as a major road block to further cloud adoption. So how do you eliminate the risks of putting all your IT eggs in a single virtual network basket? One approach to solving this dilemma is a multi-cloud strategy. A multi-cloud approach provides benefits beyond simply eliminating financial risk; it can also help businesses redefine their software ...

Android Updates: Hurry Up and Wait  

 
Google, device makers and carriers take too long to update Android vulnerabilities. In fact, while it takes Apple just days to update iOS when it finds a vulnerability, Threatpost points out that it can take Google weeks or even months to do the same for Android. Apple needed only ten days to fix Trident vulnerabilities in iOS, but it took Google over seven months to fix all of the QuadRooter vulnerabilities in Android. While Apple is faster to fix iOS, and although iPhone and iPad devices are wildly popular, Apple doesn't rule the mobile world. Android has over 87% ownership of the global smartphone OS market, and of the top 5 smartphone vendors, 39% make Android devices – ...

Gartner Recognizes the Importance of Mobile Threat Defense

 
HummingBad. Stagefright. QuadRooter. Mobile malware and vulnerabilities have been making headlines well over the past year, and attacks are becoming a more common way for cybercriminals to steal sensitive data. We believe this trend – one that our research team encounters daily – is illustrated in the Gartner Market Guide for Mobile Threat Defense Solutions.* This rise in the sophistication and volume of mobile malware and continued exposure to unknown vulnerabilities demonstrates how Android and iOS devices simply aren’t secure on their own. The Mobile Threat Defense Market is Growing Rapidly Mobile malware and vulnerabilities aren’t all that different than their cousins ...

In The Wild: App Stores Are No Sanctuary for Mobile Malware

 
Most mobile users rely on Google Play and the Apple App Store for their safety and assume that by downloading only highly-rated apps from these stores keeps them safe from mobile malware. In the past, this might have been a good strategy, but today it doesn’t always work. Breaking the Myth: Google Play The Check Point research team recently detected two instances of new malware on Google Play called “DressCode” and “CallJam.” While these aren’t the first malware to infiltrate Google Play successfully, CallJam demonstrates exactly how malware can deceive cautious users. CallJam masqueraded as an app that provides free items for the game “Clash Royal.” Users were ...

Web Scripting Language PHP-7 Vulnerable to Remote Exploits

 
Exploiting server side bugs is a jackpot for hackers. Users tend to keep their data in one big pot – the server. This allows attackers to focus on one target, instead of individual users, making it possible for them to achieve greater results. This approach has been extremely profitable for attackers with various goals ranging from credential theft to cyber espionage. They manage to hack servers time and again by exploiting numerous vulnerabilities in server-side scripting languages. The most popular web server-side scripting language in use today is PHP, with over 80% of websites using it, according to Web Technology Surveys. Many secure coding practices are used when developing in ...

The QuadRooter Domino Effect

 
Component suppliers, Android device manufacturers and developers all test their products rigorously. Even still, vulnerabilities -- both in hardware and software -- can be found on the smartphones and tablets we trust with our sensitive data. Until a patch for a vulnerability is installed, an affected device is exposed. That's why fixing vulnerabilities like QuadRooter requires the cooperation of everyone in the Android ecosystem including researchers, suppliers, Google, device manufacturers, and carriers. Suppliers: Check Point mobile researcher Adam Donenfeld informed Qualcomm about four vulnerabilities he discovered in its chipset software drivers between February and April, in ...

Hack In The Box: System Vulnerabilities Can Leave Mobile Devices Exposed

 
System vulnerabilities are a major threat facing users and enterprises today, and these need to be remedied thoughtfully. Since these vulnerabilities don’t require social engineering schemes to become exposed, and because they have an alarmingly high success rate, they are also one of the easiest ways to attack Android and iOS devices. The constant release of numerous security patches -- which are never enough to keep users safe – leaves a number of different in-market versions of both operating systems. These patches get released after significant delays, allowing attackers to thrive on vulnerabilities from the moment they are discovered until they are finally fixed. The longer ...

Is your Mobile Device Vulnerable to the Heartbleed Bug? Test it now.

 
Heartbleed has taken the Internet by storm, affecting both PC and mobile users. Heartbleed is a serious flaw in the method used by more than two thirds of the Internet to secure communications between users and the servers. The problem with mobile exacerbates as even when fixes are available for users, the patching process is long and not under the control of admins or end-users. What exactly is Heartbleed? The Heartbleed bug is a serious vulnerability in the OpenSSL cryptographic software library. This library is widely used within vendors products, services and sites to secure web browsing (i.e whenever you see a padlock in your browser or the url begins with HTTPS), as well as used ...