- Android Malware written in Kotlin found in Play Store stealing data
Cyber Security Tips: The malware has already removed from Google, users are strongly recommended that uninstall Swift Cleaner if present on your smartphone, reset your all credentials, and update your mobile antivirus.
- WhatsApp Vulnerability Lets Anyone Spy on Group Chats
Two years back mobile messaging app WhatsApp was equipped with end-to-end encryption in order to provide its users comprehensive security from government spying, hackers’ scams and WhatsApp itself. According to the latest report, a critical vulnerability in WhatsApp has been discovered that lets anyone join the chat and spy on conversations without admin’s permission. According to the team of researchers, group chat encryption in WhatsApp and other messaging apps including Signal and Threema is flawed that makes infiltrating the chats much easier for cybercriminals without seeking permission from group admin. Researchers revealed that they identified a series of flaws in encryption process for group chats in the abovementioned apps and the flaws greatly undermine the security claims of each of these app’s multi-person group communications to various degrees.
Cyber security Tips: Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the “signed” group management messages come from the group administrator only. This attack is not easy to execute, so users should not be worried about it.
- [Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password
A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all. The impact of this vulnerability is nowhere as serious as the previously disclosed root login bug in Apple’s desktop OS that enabled access to the root superuser account simply by entering a blank password on macOS High Sierra 10.13.1. The vulnerability impacts macOS version 10.13.2 and require the attacker to be logged in with an administrator-level account for this vulnerability to work. The vulnerability impacts macOS version 10.13.2 and require the attacker to be logged in with an administrator-level account for this vulnerability to work.
Cyber Security Tips: Apple already knows about this issue and you’ll likely get a fix in this upcoming software update, users are recommended to keep monitoring their system.