Security Alerts & News
by Tymoteusz A. Góral

#1889 Bug 'exposes' WhatsApp message secrets
Some messages sent through WhatsApp can be intercepted and read thanks to a bug in the app, suggests research.

The bug arises because of the way WhatsApp encrypts the messages sent via its service.

Security expert Thomas Boelter found that eavesdropping was possible when circumstances called for encryption keys to be reissued.

Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix.

The response he received said that what he had discovered was expected behaviour.
#1888 This phishing email uses an unexpected trick to infect PCs with keylogger malware
Cybercriminals are targeting a US major financial services provider with malicious emails containing the tools required to install information collecting keylogging software onto the infected systems.

Keylogging enables hackers to see everything that's typed using the keyboard of an infected machine, something which can be exploited to steal information, personal information, and login credentials.

Cybersecurity researchers at Proofpoint note that the attack is very narrow in scope, targeting users in just a single US-based financial services and insurance organisation with malicious emails. Naturally, banks are a high-profile target for cybercriminals who not only see money as a lucrative target, but also view financial institutions as a treasure trove of data to exploit.
#1887 The worst passwords of 2016 are as lazy as ever
It seems that password security simply doesn't work.

Many of us rely on simple, easy-to-remember strings of characters and letters, including strings found on your keyboard such as "1234567" or "qwertyu."

While these strings are easy for you to remember, they are also no trouble at all for attackers to brute-force hacking techniques -- or little more than a guess or two -- to compromise your online accounts and take over your digital identity.
#1886 Wide impact: Highly effective Gmail phishing technique being exploited
A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

This attack is currently being used to target Gmail customers and is also targeting other services.

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12