Security Alerts & News
by Tymoteusz A. Góral

#1229 WhatsApp isn't fully deleting its 'deleted' chats
WhatsApp retains and stores chat logs even after those chats have been deleted, according to a post today by iOS researcher Jonathan Zdziarski. Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place.

In most cases, the data is marked as deleted by the app itself — but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default.
#1228 New trojan SpyNote installs backdoor on Android devices
A new Android Trojan called SpyNote has been identified by researchers who warn that attacks are forthcoming.

The Trojan, found by Palo Alto Networks’ Unit 42 team, has not been spotted in any active campaigns. But Unit 42 believes because the software is now widely available on the Dark Web, that it will soon be used in a wave of upcoming attacks.

Unit 42 discovered the Trojan while monitoring malware discussion forums. Researchers say that’s where they found a malware builder tool specifically designed to be used to create multiple versions of SpyNote Trojan.
#1227 Cleaning up after cyber attacks is good, but deterring attackers is better
The Presidential Policy Directive on United States Cyber Incident Coordination makes it clear for the first time that the FBI and the National Cyber Investigative Joint Task Force (NCIJTF) would take the lead in 'threat response activities'.

The Department of Homeland Security will be in charge of 'asset response activities,' which includes providing technical assistance to the affected entities to protect their assets and mitigate the impact of the attack, while the Office of the Director of National Intelligence is the lead agency 'for intelligence support'.
#1226 KeySniffer – here’s what you need to know
A few months ago, US startup Bastille Networks announced research that showed how some wireless computer mice could be hacked by intercepting and manipulating the signals between the devices and your computer.

Now, Bastille has focused its efforts on wireless keyboards, and found that the situation was, well, worse.

Last time, they dubbed their attack Mousejacking. They’re branding this one KeySniffer.

Similar to Bastille’s previous Bug With An Impressive Name (or BWAINs, as we call them), keyboards that have the KeySniffer vulnerability transmit information unencrypted.

This means all keystrokes sent are in plaintext and can be easily read and recorded by anyone with the right eavesdropping hardware.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12