The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of the National Technical University of Athens and Dionysis Zindros of the University of Athens debuted their attack framework called Rupture, and demonstrated how BREACH can be resurrected to steal private messages sent over Gmail and Facebook.
"WhatsApp has always prioritized making your data and communication as secure as possible. And today, we're proud to announce that we've completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats."
Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary of as they’re preparing to file their taxes in 2016.
In a report “CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities” researchers claim 2,000 Firefox extensions – including nine of the top 10 extensions – are exploitable via “extension-reuse vulnerabilities.” Researchers tested the desktop version of the Firefox browser running on Mac OS X and Windows platforms finding them both vulnerable.
According to cybersecurity firm Avast, fake jQuery injections have become a very popular attack of late. In a blog post, the team said a particular attack method which has surged in popularity over the past few months includes the use of a fake jQuery script injected into the head section of websites powered by the Wordpress and Joomla content management systems, leading to a web of infection supported by compromised and malicious domains.
Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys.