Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.

CVE-2022-47027

Categories: News
Tags: WhatsApp

Tags:  security features

Tags:  Account Protect

Tags:  Device Verification

Tags:  Key Transparency

Tags:  Auditable Key Directory 

WhatsApp has announced several new security features, including one that makes it a lot easier for you to verify the contact you are communicating with.



(Read more...)




The post WhatsApp introduces new security features appeared first on Malwarebytes Labs.

Posted: April 14, 2023 by

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijack their account.

This Account Protect feature may have been triggered by an increase in account take-overs, like the one we reported about a few months ago, where cybercriminals take over your account while you are away from your device.

Another new security feature is Device Verification, which is mainly meant to stop malware on a device from sending spam and phishing messages. This specifically targets fake versions of WhatsApp that contain malware. WhatsApp uses cryptographic keys to ensure that communications across the app are end-to-end encrypted. One of these encryption keys is the authentication key. The authentication key allows a WhatsApp client to connect to the WhatsApp server to establish a connection based on previously established trust, so the users don’t have to enter a password, PIN, SMS code, or other credential each and every time they turn on the app.

This mechanism is secure because the authentication key cannot be intercepted by any third party, including WhatsApp. But, if a device is infected with malware the authentication key can be stolen and abused for nefarious purposes. These purposes include impersonating the victim to send spam, scams, and phishing attempts to other potential victims.

WhatsApp uses three different methods that benefit from how people typically read and react to messages sent to their device to distinguish between a connection request of the actual user or one started by malware.

The Device Verification feature is only available for Android users at the moment, iOS users can expect it to be rolled out shortly.

The third new feature we want to highlight is Key Transparency, which allows users to automatically check they are using a secured connection. End-to-end encryption is the foundation of private messaging on WhatsApp, helping to ensure that only you and the person you’re communicating with can read what’s sent, and nobody in between, not even WhatsApp.

In fact, the option to verify the keys on the other end of the conversation already existed, but the method was rather complicated—comparing a a 60-digit number—and this feature can now be replaced with a new Auditable Key Directory (AKD). This AKD means that WhatsApp has a Security Page for each contact that has a QR code and a 60-digit number that can be verified outside of WhatsApp to make sure it matches what your contact sees on their device. In short, it’s a unique hash of both your public keys and their public keys, so if either of you have the wrong value, the hashes won’t match.

The old methods required QR code scanning for in person contact, or the number matching feature. But either way required communicating with your contacts outside of WhatsApp and was near impossible to do in larger groups.

**Making WhatsApp more secure**

These security features will be made available for all devices in the coming months. Until then there are a few things you can do yourself to make WhatsApp more secure.

*   Only install WhatsApp from the Apple App Store or Google Play, to avoid getting an infected version of the app.
*   Enable two-step verification:

1.  Open Settings in WhatsApp under More (three vertical dots) > Settings
2.  Tap Account > Two-step verification > Enable.
3.  Enter a six-digit PIN.
4.  Enter an email address, or tap Skip if you don’t want to. WhatsApp says it recommends adding an email address so you can reset two-step verification if you need to.
5.  Tap Next.
6.  Confirm the details and tap Save or Done.

*   Use of end-to-end encrypted backups:

1.  Open Settings in WhatsApp under More (three vertical dots) > Settings
2.  Tap Chats > Chat Backup > End-to-end Encrypted Backup.
3.  Tap Turn On, then follow the prompts to create a password or key.
4.  Tap Create, and wait for WhatsApp to prepare your end-to-end encrypted backup. You might need to connect to a power source.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

**RELATED ARTICLES**

WhatsApp introduces new security features

By Owais Sultan
If you encounter a “No signal” issue on your monitor despite your computer being powered on, and you…
This is a post from HackRead.com Read the original post: Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back

If you encounter a “No signal” issue on your monitor despite your computer being powered on, and you receive messages such as “No signal detected,” “Check signal cable,” or “No input signal,” regardless of the type of connection (HDMI, VGA, Display Port, DVI), this article will provide you with some simple solutions to help you restore your computer display.

****The Root of the Issue****

If your computer doesn’t turn on when indicator lights are on or turn on when they are off, there could be several reasons. You may encounter three different error messages on your monitor screen that can help identify the issue.

⚠️ No input signal

⚠️ Check signal cable

⚠️ No signal detected

All these notifications indicate that the input is not receiving the supported video signal, and the underlying reason is the same. However, the specific alerts may vary depending on your monitor.

Regardless, it’s important to take your time before sending your computer for repair, as various factors such as the power supply, motherboard, cable, or battery can affect the performance of your equipment.

To troubleshoot and potentially fix the issue, you can take specific steps to identify the cause of the malfunction and attempt to resolve it on your own. Alternatively, you can seek assistance from experts at consulting service Howly for an easier solution. If you prefer to tackle the problem independently, the following information will be helpful.

****Essential Ways to Solve the Problem****

It’s important to start by considering the simple and common causes of the problem, along with their corresponding solution methods. It’s crucial not to skip any point, even if you believe everything is okay with it.

*   Make sure to check if the cable connecting the monitor or PC video card is securely connected and not disconnected. Sometimes, accidental impacts or movements can loosen the cable.
*   If you have recently upgraded your monitor or video card and connected it using an adapter or cable with different interfaces (e.g., Display Port to HDMI, HDMI to VGA/DVI), keep in mind that these cables or adapters can sometimes be the source of problems. Some of them are unidirectional, and others may only work with specific equipment (e.g., video cards that support analogue output via HDMI).

Proper solutions to consider are: Try to connect using the same type of ports or at least digital output to digital input. Avoid using adapters or opt for an active signal converter. Consider using the monitor’s original cable without adapters.

*   If you have connected your computer to a second monitor, projector, or TV, turn off your computer, unplug the TV cable from the video card, then turn the computer back on and check if the “No signal detected” or “Check the signal cable” problem is resolved.
*   If your monitor menu has an input source selection option, open the menu and manually select the input signal used.
*   Connect your monitor to another computer or laptop to rule out a problem with the monitor itself or its ports. If there is no signal on the other computer as well, the issue likely lies with the monitor itself.
*   If your computer previously had a discrete video card, but you now connect the monitor to the integrated video output on the motherboard and receive a “No signal” message, it may be due to disabled integrated video in the BIOS, PCI-E video card priority setting in the BIOS, or the processor lacking integrated video.
*   Some older graphics cards may not output a signal to the Display Port before the drivers are loaded during system boot. If you have just assembled a computer with such a video card or are reinstalling the operating system from a USB flash drive, and the monitor is connected via Display Port, there may be no signal.
*   If you have purchased a new monitor with a USB-C/Thunderbolt connection and connected it to a laptop, check the laptop specifications as not all laptops support display output via USB-C. It is recommended to use the “native” cable provided with the monitor, as not all USB-C cables may support video/audio output to the monitor.

****Heavier Artillery****

If the previously mentioned solutions did not work, here are some other possible options to consider, although they may be more complex than the previous ones, they can still be applied at home.

*   If you have integrated video, you can try disconnecting the discrete graphics card and connecting the monitor to the integrated video output to see if that resolves the issue. If it does, possible causes could be: additional power not connected to the discrete video card, hardware problems with the video card, insufficient power from the power supply unit, or issues with the slot where the video card is plugged in.
*   If your computer appears to be working with fans running and indicator lights on, but there is no signal on the monitor, it may not necessarily mean that the computer is fully functional. Issues with the video card, power supply, RAM, or motherboard power connections can prevent the computer from starting and displaying a signal on the monitor.
*   If your computer starts but the monitor shows a POST/BIOS or logo screen followed by a “No signal” or “Signal is out of range” message, there may be an issue with the output settings of your operating system.

One possible solution is to boot into safe mode and use restore points or boot from a USB flash drive with the same version of the OS you have installed, then select “System Restore” on the second screen at the bottom left corner and use the restore points.

In Windows 10, you can access the recovery environment (Windows RE) after two forced shutdowns. Alternatively, you may need to consider reinstalling the operating system.

****Conclusion****

If you haven’t been able to find a solution for the “No signal” monitor issue, you can always seek help from specialists. It’s important to prepare all the necessary information for them, such as the model of your video card and monitor, details about the connection setup, what might have caused the issue, and what troubleshooting steps you have already taken. With this information, the experts will be able to provide a tailored solution for your specific case.

1.  How to Teach Your Child Coding
2.  What to Do If Your Mac Keeps Freezing
3.  How to Create and Manage Groups on iPhone
4.  Top 5 macOS Monterey Issues You Might Need to Fix
5.  How to Hide Tables in SQL Server Management Studio

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back

<p>In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat <a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">OpenShift</a> can be deployed on <a href="https://aka.ms/azurecc">Azure Confidential Computing</a> for providing confidential container capabilities to its users. For this purpose, OpenShift uses the <a href="https://www.redhat.com/en/blog/learn-openshift-sandboxed-containe

Deploying confidential containers on the public cloud

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.

Specifications

**Model Name**

**DR750-2CH IR LTE (JP)**

**Channel**

2CH

**Highlights**

Built-in 4G LTE, Sony STARVIS image sensors, Infrared (IR) Interior Camera

**Product Dimensions**

**Front:** Black / Width 137.6 mm x Height 43 mm / 166 g  
**Rear:** Black/Width 67.4 mm x Height 25 mm/26 g

**Rear Camera Connection**

Coaxial cable

**Memory Support**

microSD card up to 256GB

**Recording Modes**

– Normal,  
– Event (Impact Detection / Speed Limit / Manual),  
– Parking Mode (Impact+Region-based Motion Detection, Timelapse+Events)

**Parking Mode**

YES (with accessory)

**Parking Mode Event Voice Notifications**

YES

**Imaging Sensor**

**Front:** Sony STARVIS™ CMOS Sensor (Approx. 2.1MP)  
**Rear:** CMOS Sensor (Approx. 2.1 MP)

**Viewing Angle**

**Front:** Diagonal 139°, Horizontal 116°, Vertical 61°  
**Rear:** : Diagonal 145°, Horizontal 118°, Vertical 59°

**Resolution Frame Rate**

**Front / Rear**  
Full HD (1920×1080) @60fps – Full HD (1920×1080) @30fps  
\* Frame rate may vary during Wi-Fi streaming.

**Video Codec**

H.264 (AVC)

**Image Quality and Bitrate Front/Rear**

Highest (Extreme): 25+10 Mbps  
Highest: 12+10 Mbps  
High: 10+8 Mbps  
Normal: 8+6 Mbps

**Format Free**

YES (Adaptive)

**Event File Overwrite Protection**

YES (up to 50)

**SD Card Failure Alert**

YES

**Scheduled Reboot**

YES

**Video File Extension**

MP4

**Wi-Fi**

Built-in (802.11n (2.4~2.4835 GHz))

**Cloud Compatible**

YES

**GPS**

Built-in

**Microphone**

Built-in

**Speaker**

Built-in

**Impact Sensor**

3-Axis Acceleration Sensor

**LED Indicators**

**Front:** Recording LED, GPS LED, LTE/Wi-Fi LED, Front Security LED  
**Rear:** Rear Security LED

**Button**

**Wi-Fi button:** turn Wi-Fi ON/OFF.  
**Format button:** format the microSD card (hold until voice prompt, and then hold again).  
**Proximity sensor:** audio recording ON/OFF _or_ Start Manual Event video. Can be deactivated.  
All actions are confirmed by a voice prompt.

**Operation Temperature**

\-20℃ – 70℃ (-4°F – 158°F)

**Storage Temperature**

\-20℃ – 70℃ (-4°F – 158°F)

**High Temp Cut Off**

Approx. 80℃ (176°F)

**Backup Battery**

Built-in supercapacitor

**Input Power**

DC 12V-24V (DC Plug (Ø3.5 x Ø1.35), MAX 1A/12V)

**Power Consumption Hour**

Avg. 410 mA (4.92 W at 12 V, when GPS and Wi-Fi is On)  
Avg. 320 mA (3.84 W at 12 V, when GPS and Wi-Fi is Off)  
Avg. 450 mA (5.4W at 12 V, when GPS and LTE is On)  
\* Approx. 60mA increase in current when IR LEDs are ON.  
\* Actual power consumption may vary depending on use  
conditions and environment.

**Certifications**

**Front:** : RCM, Telec, CE, FCC, PTCRB, ISED, RoHS, WEEE  
**Rear:**CE, FCC, RoHS, WEEE

**Software**

BlackVue Viewer  
\* Windows XP or higher and Mac Yosemite OS X (10.10) or higher

**Application**

BlackVue Application (Android 5.0 or higher, iOS 9.0 or higher)

**Others**

Built-in 4G LTE module compatible with Nano-SIM.  
Frequency Bands: Japan (**JP** version): B1, B3, B18, B19

**LTE**

Built-in (SIM card not included)

CVE-2023-27748: DR750-2CH IR LTE (JP)

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

Thursday, April 13, 2023 14:04

Welcome to this week’s edition of the Threat Source newsletter.

Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals.

On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums, known for being a place where users could buy and sell stolen user information. They also arrested a 20-year-old suspected of being the site’s founder and main administrator.

Then last week we had “Operation Cookie Monster” in which several international agencies worked together to take down Genesis Market, a similar dark web forum, arresting dozens of suspected users and administrators.

These arrests and network operations are important in that they disrupted sites that were known for highly sensitive information and served as a place for some of the most prolific cyber criminals to make money. The U.S. Department of Justice estimated that Genesis Market was responsible for the sale of data on more than 1.5 million compromised computers around the world containing over 80 million account access credentials. And the U.K.’s National Crime Agency (NCA) said credentials were available for as little as 70 cents to hundreds of dollars depending on the stolen data available.

But the user base for these sites was also huge (after all, someone had to be buying those credentials). At the time of its takedown, BreachForums had 340,000 members, according to the FBI. And reporting on Operation Cookie Monster stated that Genesis Market had 59,000 registered users.

So while it’s great that these sites have been disrupted, I can’t help but assume that two more sites are going to pop up to service these cyber criminals. It’s impossible for any agency to arrest 340,000 people, so even if a handful of administrators are restricted from accessing the internet for a while, the other 339,000 people are going to be looking for a new home.

Some of the same agencies celebrated in March 2021 that they disrupted Emotet, one of the most infamous botnets ever. As anyone who follows security news will know, Emotet didn’t actually go anywhere and was recently rebooted as recently as last month, according to our research.

RaidForums, a forefather of BreachForums, was also disrupted in April 2022, along with the arrest of several administrators and accomplices.

All of this is not to discount the great strides made in the past few weeks in disrupting these marketplaces and taking them offline. But a lot of these headlines are sounding familiar to me after a few years, so it’s important to remember that we as a security community can’t take our foot off the gas and assume that because there were a few big wins that dark web forums are just going to go away forever.

**The one big thing**

Microsoft’s Patch Tuesday for April included another zero-day vulnerability in the Windows Common Log File System Driver. CVE-2023-28252, which could allow an attacker to obtain SYSTEM privileges, is actively being exploited in the wild, according to Microsoft. The U.S. Cybersecurity and Infrastructure Security Agency already added the vulnerability to its list of know exploited issues and urged federal agencies to patch it as soon as possible. Microsoft disclosed a similar zero-day issue in September that could also lead to the same privileges: CVE-2022-37969.

**Why do I care?**

Security researchers say that the vulnerability has already been exploited in Nokoyawa ransomware attacks, so it’s important to patch this issue as soon as possible. The Nokoyawa ransomware is known for targeting 64-bit Windows systems in double extortion attacks in which the actors encrypt targets’ files and then threaten to leak them unless the ransom is paid.

**So now what?**

Microsoft has a patch available, so all Windows users should update now if they haven’t already. Talos also has new Snort detection coverage available for CVE-2023-28252 and other vulnerabilities disclosed as part of Patch Tuesday.

**Top security headlines of the week**

**A trove of classified military documents and images leaked on several social media channels** over the past week, including potentially sensitive information on Russia’s invasion of Ukraine and China’s military plans. The images first surfaced in a Discord channel, eventually making their way onto the Telegram messaging app, the popular forum 4Chan and then broader social media sites like Twitter. The U.S. Department of Justice and the Pentagon have since launched a formal investigation into the leaks. Ukrainian officials have blamed Russian actors for the leaks, trying to cast doubt on the authenticity of the images, while Russia accused Western governments of trying to spread disinformation. (Bellingcat, New York Times)

**Apple released patches for two zero-day vulnerabilities** targeting current and older versions of iOS, iPadOS, macOS and Safari that attackers were exploiting in the wild. The vulnerabilities, CVE-2023-28206 and CVE-2023-28205, could lead to arbitrary code execution. CVE-2023-28206 specifically could allow an adversary to execute code with kernel privileges. Apple initially patched the issue in current iPhones and other devices and followed up a few days later with fixes for older hardware like the iPhone 8. This was the third instance of Apple patching a zero-day vulnerability since the start of the year. (SC Media, Security Week)

**The FBI warned users again this week against plugging their phones in public charging stations** at common spaces like airports, hotels and shopping centers. The agency stated that threat actors have found ways to use the public USB ports to “introduce malware and monitoring software onto devices." Instead, the Federal Communications Commission suggests users carry their own USB cables and charging blocks to plug directly into outlets rather than relying on or trusting a cable. However, the tweet from the FBI’s Denver office did not offer examples of any recent attacks that would have prompted a fresh warning. (Axios, NBC News)

**Can’t get enough Talos?**

*   How threat actors are using AI and other modern tools to enhance their phishing attempts
*   How do you hunt cybersecurity threats in a war zone? Like this
*   Cisco unveils latest security trends from Cisco Talos report at GISEC 2023
*   Researcher Spotlight: Giannis Tziakouris first learned how to fix his family’s PC, and now he’s fixing networks all over the globe

**Upcoming events where you can find Talos**

**RSA** **(April 24 - 27)**

San Francisco, CA

**Cisco Talos Incident Response: On Air** **(April 27)**

Virtual

**Cisco Live U.S.** **(June 4 - 8)**

Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week**

  
**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6  
**MD5:** 1e2a99ae43d6365148d412b5dfee0e1c  
**Typical Filename:** PDFpower.exe  
**Claimed Product:** PdfPower  
**Detection Name:** Win32.Adware.Generic.SSO.TALOS

**SHA 256:** f3d5815e844319d78da574e2ec5cd0b9dd0712347622f1122f1cb821bb421f8f  
**MD5:** a2d60b5c01a305af1ac76c95e12fdf4a  
**Typical Filename:** KMSAuto.exe  
**Claimed Product:** N/A  
**Detection Name:** W32.File.MalParent

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  
**MD5:** 93fefc3e88ffb78abb36365fa5cf857c  
**Typical Filename:** Wextract  
**Claimed Product:** Internet Explorer  
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

**SHA 256:** 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725  
**MD5:** d47fa115154927113b05bd3c8a308201  
**Typical Filename:** mssqlsrv.exe  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.65065311

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Security researchers are jailbreaking large language models to get around safety rules. Things could get much worse.

As a result, jailbreak authors have become more creative. The most prominent jailbreak was DAN, where ChatGPT was told to pretend it was a rogue AI model called Do Anything Now. This could, as the name implies, avoid OpenAI’s policies dictating that ChatGPT shouldn’t be used to produce illegal or harmful material. To date, people have created around a dozen different versions of DAN.

However, many of the latest jailbreaks involve combinations of methods—multiple characters, ever more complex backstories, translating text from one language to another, using elements of coding to generate outputs, and more. Albert says it has been harder to create jailbreaks for GPT-4 than the previous version of the model powering ChatGPT. However, some simple methods still exist, he claims. One recent technique Albert calls “text continuation” says a hero has been captured by a villain, and the prompt asks the text generator to continue explaining the villain’s plan.

When we tested the prompt, it failed to work, with ChatGPT saying it cannot engage in scenarios that promote violence. Meanwhile, the “universal” prompt created by Polyakov did work in ChatGPT. OpenAI, Google, and Microsoft did not directly respond to questions about the jailbreak created by Polyakov. Anthropic, which runs the Claude AI system, says the jailbreak “sometimes works” against Claude, and it is consistently improving its models.

“As we give these systems more and more power, and as they become more powerful themselves, it’s not just a novelty, that’s a security issue,” says Kai Greshake, a cybersecurity researcher who has been working on the security of LLMs. Greshake, along with other researchers, has demonstrated how LLMs can be impacted by text they are exposed to online through prompt injection attacks.

In one research paper published in February, reported on by Vice’s Motherboard, the researchers were able to show that an attacker can plant malicious instructions on a webpage; if Bing’s chat system is given access to the instructions, it follows them. The researchers used the technique in a controlled test to turn Bing Chat into a scammer that asked for people’s personal information. In a similar instance, Princeton’s Narayanan included invisible text on a website telling GPT-4 to include the word “cow” in a biography of him—it later did so when he tested the system.

“Now jailbreaks can happen not from the user,” says Sahar Abdelnabi, a researcher at the CISPA Helmholtz Center for Information Security in Germany, who worked on the research with Greshake. “Maybe another person will plan some jailbreaks, will plan some prompts that could be retrieved by the model and indirectly control how the models will behave.”

No Quick Fixes

Generative AI systems are on the edge of disrupting the economy and the way people work, from practicing law to creating a startup gold rush. However, those creating the technology are aware of the risks that jailbreaks and prompt injections could pose as more people gain access to these systems. Most companies use red-teaming, where a group of attackers tries to poke holes in a system before it is released. Generative AI development uses this approach, but it may not be enough.

Daniel Fabian, the red-team lead at Google, says the firm is “carefully addressing” jailbreaking and prompt injections on its LLMs—both offensively and defensively. Machine learning experts are included in its red-teaming, Fabian says, and the company’s vulnerability research grants cover jailbreaks and prompt injection attacks against Bard. “Techniques such as reinforcement learning from human feedback (RLHF), and fine-tuning on carefully curated datasets, are used to make our models more effective against attacks,” Fabian says.

The Hacking of ChatGPT Is Just Getting Started

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account.
"Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,"

Mobile Security / Privacy

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account.

"Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement.

Called Device Verification, the security measure is designed to help prevent account takeover (ATO) attacks by blocking the threat actor's connection and allowing the target to use the app without any interruption.

In other words, the goal is to deter attackers' use of malware to steal authentication keys and hijack victim accounts, and subsequently impersonate them to distribute spam and phishing links.

This, in turn, is achieved by introducing a security-token that's stored locally on the device, a cryptographic nonce to identify if a WhatsApp client is contacting the server to retrieve incoming messages, and an authentication-challenge that acts as an "invisible ping" from the server to a user's device.

The client is required to send the security-token every time it connects to the server. The security-token, for its part, is updated every time it fetches an offline message from the server.

An authentication-challenge is considered a failure when the client responds to the challenge from a different device, indicating an anomalous connection originating from an attacker. This causes the connection to be blocked.

Should there be no response from the client, the process is retried a "few more times," after which the connection will be blocked if the client still doesn't respond.

WhatsApp said Device Verification has been rolled out to all Android users and that it's in the process of being rolled out to iOS users.

The feature is part of a broader set of new enhancements that are designed to authenticate and verify users' identities, including displaying alerts when there is an attempt to migrate a WhatsApp account from one device to another.

Also launched by WhatsApp is a "Key Transparency" feature to automatically confirm whether chats are end-to-end encrypted without requiring any additional actions from the user.

To do so, it's implementing a new Auditable Key Directory (AKD) that's based on existing protocols like CONIKS and SEEMless to help users verify their conversation security.

"The AKD will enable WhatsApp clients to automatically validate that a user's encryption key is genuine and enables anyone to verify audit-proofs of the directory's correctness," the company said.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

Verification currently requires users in a chat to manually compare the security code (which exists as a QR code and a 60-digit number) by sending it to the participant on the other end via SMS or email, or alternatively by scanning the QR code if the parties are physically next to each other.

The security code is nothing but a unique hash of both the public/private key pair that's generated to facilitate end-to-end encrypted messaging. It can change when users switch devices or reinstall WhatsApp.

Key Transparency streamlines the verification process by making use of an automated flow that maintains a record of public key changes in a directory, thereby allowing a client to check against it.

WhatsApp intends to make this feature live in the coming months, although it's already hosting and operating an Auditable Key Directory of all its users. "This is an important mechanism that empowers security-conscious users to verify an end-to-end encrypted personal conversation quickly," the company added.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

By Waqas
Watch out for compromised Facebook business pages offering fake and malware-infected installers for ChatGPT and Google Bard AI chatbot.
This is a post from HackRead.com Read the original post: Malicious ChatGPT & Google Bard Installers Distribute RedLine Stealer

**Cybercriminals are hijacking Facebook pages and using sponsored posts to offer downloads of ChatGPT and Google Bard AI, which in reality spread RedLine Stealer malware.**

According to a report from security automation startup Veriti, threat actors are attempting to exploit the popularity of OpenAI’s chatbot **ChatGPT** and Google Bard to distribute malware and steal sensitive data. These attempts underscore the risks associated with generative AI platforms.

It should come as no surprise that ChatGPT’s popularity has been exploited for malicious purposes since its launch. As a result, OpenAI, ChatGPT’s parent company, recently introduced its **first-ever bug bounty program**.

****Attack Mechanism****

Veriti researchers have observed that attackers first hijack Facebook business or community pages, carefully selecting pages with thousands of followers. They then post seemingly legitimate sponsored ads on these pages, offering free downloads of ChatGPT and **Google Bard**. Unsuspecting visitors fall into the trap and download the malicious files, which then unleash the RedLine information-stealing malware on their devices.

Compromised Facebook pages spreading RedLine stealer (Via: Veriti)

“These posts are designed to appear legitimate, using the buzz around OpenAI language models to deceive unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the **RedLine Stealer malware** is activated and can steal passwords and download further malware onto the user’s device,” reads Veriti’s **report**.

For reference, RedLine Stealer is sold on online hacker forums as a malware-as-a-service (MaaS) platform, with a primary focus on targeting browsers to collect users’ data. This commoditized malware is often favoured by cybercriminals due to its low cost, priced at $100 to $150.

****What are the Dangers?****

When a victim installs the malicious file from one of these sponsored ads, their device is **hijacked by the RedLine infostealer**, which can then steal confidential data, disrupt critical infrastructure, and compromise financial accounts.

By targeting web browsers on the infected device, RedLine Stealer can steal credentials, credit card information, or other payment card details, as well as conduct system inventory to identify vulnerabilities for further attacks.

Furthermore, RedLine Stealer has the capability to upload/download files and execute commands, providing even novice hackers with extensive opportunities to carry out various types of cyberattacks.

****Who are the Targets?****

Researchers detected this campaign in January 2023 and observed a peak in March. So far, dozens of Facebook accounts have been hijacked across ten countries to distribute RedLine Stealer through malicious ads.

The highest number of victims were identified in Greece, followed by India, Mexico, the USA, and Bangladesh. Approximately 77% of the attacks were observed in the USA, with Canada at 9%, Mexico at 6%, India at 4%, and Portugal at 2%.

This campaign serves as an early warning of what may lie ahead, as the soaring popularity of AI-based chatbots has made them lucrative targets for threat actors. They can exploit the versatility of these products, which can be packaged in different forms such as open source or mobile applications, allowing them to create **trojanized downloads**.

The potential impact is significant, as attackers can steal anything from private to financial data and target critical infrastructure.

Researchers suggest that enterprises should upgrade their cybersecurity practices, educate employees about the risks associated with downloading files from unauthenticated or unknown sources, and ensure strong security configurations to prevent system compromise.

Limiting the downloading of executables and implementing sandboxing of executables before downloading can also reduce the risk of infecting corporate IT infrastructure.

1.  Bard AI Causes Google Losses of $100 Billion
2.  Scammers Pose as ChatGPT in New Phishing Scam
3.  ChatGPT Clone Apps Collect Data on iOS, Play Store
4.  Fake ChatGPT Extension Hijacks Facebook Accounts
5.  Researchers create Blackmamba malware with ChatGPT

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Malicious ChatGPT & Google Bard Installers Distribute RedLine Stealer

**OSLO****, Norway** **,** **April 12, 2023** **/PRNewswire/ --** Opera (NASDAQ: OPRA) – the company behind the award-winning family of web browsers – is announcing the extension of its free browser VPN service to Opera Browser for iOS. Already available to some users for early access, the full rollout will be completed within the coming weeks. With this addition, Opera became the first web browser to offer a free built-in VPN across all major platforms, including Mac, Windows, Linux, Android, and iOS.

Staying private online is becoming increasingly challenging. When users browse the internet, they can be subject to data collection from websites and online services, many of which are not always transparent about how they store and use this data. Meanwhile, unsecure networks, such as some public Wi-Fi are vulnerable to attacks from bad actors, which can compromise sensitive personal data like web banking information or credit card details. VPNs, as a result, are an increasingly essential feature of life online – they help protect one's identity and activity so that users can peruse the internet privately, their personal information safe from prying eyes.

With the addition of its VPN service to iOS, Opera becomes the first browser company to offer a built-in, free VPN on every platform. Opera's VPN service requires no subscription, no logging into an account, and no additional extensions – users simply need to toggle a switch in the main menu to browse in peace, since the Opera Browser makes sure VPN traffic is encrypted and IP address is private.

"Opera has always been known for its unique feature set. We are proud to bring our free built-in VPN to all major platforms and to be the first browser company to do so. Our commitment to providing users with a secure browsing experience has led us to develop this feature over the years. We are excited to bring this vital tool to iOS users to ensure their online safety and privacy," said Jørgen Arnesen, EVP Mobile at Opera.

A no-log service, the VPN does not collect any personal data or information related to users' browsing history or originating network address, ensuring anonymity. Fast and secure, users have instant access to virtual locations around the world.

The Opera Browser for iOS is an award-winning browser that is enjoyed by millions of users worldwide. Featuring an interface that has garnered multiple design awards, the browser affords an unparalleled user experience. Designed to be used on the go, Opera's Fast Action Button gives users the full range of navigation tools within a thumb's reach. Users can additionally keep photos, articles, recipes, travel ideas, and links with them at all times with My Flow, which allows for seamless and secure file sharing between phones, tablets, and computers. The browser even integrates a native Crypto Wallet, enabling users to keep track of their digital assets at all times.

Apart from its convenience, the Opera Browser for iOS also offers unparalleled speed and security. It features, for example, a built-in ad blocker – speeding up the loading process as well as shielding users from unwanted advertisements – plus the Apple Intelligent Tracking Prevention, which blocks third party tracking cookies and cookie dialogue. The browser also boasts Opera's Cryptojacking Protection, which safeguards users from having their device's resources hijacked for crypto mining. The free VPN service will now complete the package, affording users protection as they browse the internet.

Concurrent with the ongoing rollout of the free VPN service, Opera Browser for iOS is also receiving a pair of additional upgrades. A Bookmarks feature will allow users to better organize their lives online, and coupled with Speed Dial ensure immediate access to what's most important. And for football fans, a new Live Scores feature lands on the browser's homepage. A scoreboard that displays the day's matches – whether they are upcoming, in progress, or the final whistle has already gone – Live Scores will help users stay on top of the action worldwide.

To start using the free VPN, users just need to download the Opera Browser for iOS and turn the VPN on in the app. The full rollout will be completed within the coming weeks, so VPN will become available for all users shortly. More information is available on the official website.

**About Opera for iOS**

Fast, safe and private, Opera Browser is a beautifully designed web browser with a Red Dot Award for its stunning user interface. Enjoyed by millions of fans across the world, it's built for people on the go and features a lightning fast web search for instant results. With built-in security features such as Apple Intelligent Tracking Prevention and Cryptojacking Protection – plus a native Crypto Wallet – Opera Browser offers users the optimal iOS experience. Opera Browser has a 4.7 star rating in the App Store and has been reviewed by more than 600,000 people worldwide.

**About Opera**

Opera is a web innovator building on more than 25 years of innovation that started with the Opera web browser. While Opera is leveraging its brand and engaged user base in order to grow and develop new products and services for people who seek a better internet experience, Opera's PC and mobile web browsers, content discovery platform Opera News, and apps dedicated to gaming, and Web3 are already the trusted choices of hundreds of millions of active and engaged users. Opera is headquartered in Oslo, Norway, and listed on the NASDAQ Stock Exchange under the OPRA ticker symbol. Download and access Opera's products and services from www.opera.com.

SOURCE Opera Limited

Tag

#ios