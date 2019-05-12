Security Leftovers
Security updates for Monday
WhatsApp discovers 'targeted' surveillance attack
WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor".
Update WhatsApp now to avoid spyware installation from a single missed call
A vulnerability discovered in Facebook’s WhatsApp messaging app is being exploited to inject commercial spyware onto Android and iOS phones by simply calling the target, reports The Financial Times. The spyware, developed by Israel’s secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp.
WhatsApp vulnerability allowed [attackers] to monitor voice calls via spyware
WhatsApp discovered the vulnerability earlier this week and has issued a security advisory asking its users to update the app. The loophole allowed attackers simply to call a user and install the surveillance software even if the call was not picked up.
Hackers Exploit Confluence Vulnerability to Plant Crypto Mining Malware
As stated in the Trend Micro report, earlier in March 2019, Atlassian the creators of Confluence, an enterprise-grade collaboration software written in the Java programming language, published an advisory report on two critical security loopholes in the Confluence program: the WebDAV and Widget connector vulnerabilities.
At the time, Atlassian made it clear to users that threat actors could take advantage of the security hole to “remotely exploit a Server-Side Request Forgery (SSRF) vulnerability in the WebDAV plugin to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance.”
For the uninitiated, a Collaborative software or groupware is an application software developed to help people involved in a common task to get their work done seamlessly.
A GPS safety tracker is spectacularly unsafe
First of all, this isn't your standard [crack]. The device isn't internet connected, so there's little room for [cracking] in that sense. It relies on SMS messages, because that's how the device itself is designed to communicate. When the vulnerable person presses the panic button, or has a slip picked up by the fall detection, the device broadcasts its GPS coordinates via a text message to friends and relatives. It also has a microphone and speaker built in, so the person can be reached in emergency.
Good News! Indian State Saves Over $400 Million by Choosing Linux
Schools in Indian state of Kerala are expected to save ₹3000 crore (roughly $428 million) by choosing Linux as their choice of operating system for school computers under a state-wide project.
