Just Answering A Video Call Could Compromise Your WhatsApp Account

From thehackernews.com

how to hack whatsapp account

What if just receiving a video call on WhatsApp could hack your smartphone?

This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.

The vulnerability is a memory heap overflow issue which is triggered when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app.

Windows 10 Update: Microsoft updates CPU requirements for the October 2018 update

From techworm.net

Windows 10 Update - October 2018 update

Microsoft updates its Windows Processor Requirements page

Amidst the chaos created due to Microsoft users complaining of data loss caused by rollout of Windows 10 October 2018 update (version 1809), Microsoft has gone ahead and updated its Windows Processor Requirements page for the new version of the OS. The main modification is that it now supports Qualcomm’s upcoming Snapdragon 850 chipset.

Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

From thehackernews.com

microsoft windows patch update

Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products.

This month’s security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.

Out of 49 flaws patched this month, 12 are rated as critical, 35 are rated as important, one moderate, and one is low in severity.

Three of these vulnerabilities patched by the tech giant are listed as “publicly known” at the time of release, and one flaw is reported as being actively exploited in the wild.

Windows Zero-Day Exploited in Attacks Aimed at Middle East

From securityweek.com

One of the vulnerabilities patched by Microsoft with its latest Patch Tuesday updates is a Windows zero-day exploited by an advanced persistent threat (APT) group in attacks aimed at entities in the Middle East.

The flaw, tracked as CVE-2018-8453, has been described by Microsoft as a privilege escalation issue related to how the Win32k component of Windows handles objects in memory. An authenticated attacker can exploit the vulnerability to take control of an affected system.

The vulnerability was reported to Microsoft by Kaspersky Lab after one of the security firm’s systems detected an exploitation attempt. Kaspersky said it had reported the vulnerability to Microsoft on August 17 – it’s unclear why Microsoft waited so long to release a fix.

945 data breaches led to compromise of 4.5 billion data records in first half of 2018

From helpnetsecurity.com

Gemalto released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018.

data breaches 2018

Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 133 percent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident.

Malicious links

08 Oct 2018

Stop and think before you click!

Inspect a link before clicking and get in the habit of hovering – use a desktop computer to hover your mouse curser over the link before clicking it. This will show you the address the link is trying to take you to. Check for anything unexpected in the address e.g. extra numbers or letters and if the link is genuinely what it said in the text.

If you received the link on mobile phone, then wait until you can check it using a desktop to confirm its legitimacy.

You can always use a website like virustotal.com to check if the link is malicious. Find out more about malicious links here: Identify malicious URLs

Take a look at our guidance on: Click Wisely