Vendors are reacting Vulnerability-related.DiscoverVulnerability swiftly to a vulnerability that lets attackers eavesdrop on your network traffic . Monday morning was not a great time to be an IT admin , with the public release Vulnerability-related.DiscoverVulnerability of a bug that effectively broke WPA2 wireless security . As reported Vulnerability-related.DiscoverVulnerability previously by ZDNet , the bug , dubbed `` KRACK '' -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II ( WPA2 ) operates . The security protocol , an upgrade from WEP , is used to protect and secure communications between everything from our routers , mobile devices , and Internet of Things ( IoT ) devices , but there is an issue in the system 's four-way handshake that permits devices with a pre-shared password to join a network . According to security researcher and academic Mathy Vanhoef , who discovered Vulnerability-related.DiscoverVulnerability the flaw , threat actors can leverage the vulnerability to decrypt traffic , hijack connections , perform man-in-the-middle attacks , and eavesdrop on communication sent from a WPA2-enabled device . US-CERT has known Vulnerability-related.DiscoverVulnerability of the bug for some months and informed Vulnerability-related.DiscoverVulnerability vendors ahead of the public disclosure Vulnerability-related.DiscoverVulnerability to give them time to prepare Vulnerability-related.PatchVulnerability patches and prevent Vulnerability-related.PatchVulnerability the vulnerability from being exploited Vulnerability-related.DiscoverVulnerability in the wild -- of which there are no current reports Vulnerability-related.DiscoverVulnerability of this bug being harnessed by cyberattackers . The bug is present in Vulnerability-related.DiscoverVulnerability WPA2 's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use . While the nonce is meant to prevent replay attacks , in this case , attackers are then given the opportunity to replay , decrypt , or forge packets . In general , Windows and newer versions of iOS are unaffected Vulnerability-related.DiscoverVulnerability , but the bug can have a serious impact on Vulnerability-related.DiscoverVulnerability Android 6.0 Marshmallow and newer . The attack could also be devastating for IoT devices , as vendors often fail to implement acceptable security standards or update systems in the supply chain , which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets . The vulnerability does not mean the world of WPA2 has come crumbling down , but it is up to vendors to mitigate Vulnerability-related.PatchVulnerability the issues this may cause . In total , ten CVE numbers have been preserved to describe Vulnerability-related.DiscoverVulnerability the vulnerability and its impact Vulnerability-related.DiscoverVulnerability , and according to the US Department of Homeland Security ( DHS ) , the main affected vendors are Aruba , Cisco , Espressif Systems , Fortinet , the FreeBSD Project , HostAP , Intel , Juniper Networks , Microchip Technology , Red Hat , Samsung , various units of Toshiba and Ubiquiti Networks .

A WhatsApp security vulnerability could allow attackers to crash the iOS app as soon as you answer a call , and could potentially be used to hack your iPhone … The Register reports Vulnerability-related.DiscoverVulnerability that the flaw was reported Vulnerability-related.DiscoverVulnerability to WhatsApp in August , and has been patched Vulnerability-related.PatchVulnerability in the latest version – so you ’ ll want to check for an update . Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported Vulnerability-related.DiscoverVulnerability the flaw , a memory heap overflow issue , directly to WhatsApp in August . Now that a fix is out Vulnerability-related.PatchVulnerability , Silvanovich can go public Vulnerability-related.DiscoverVulnerability with details on the potentially serious flaw . According to Silvanovich’s report Vulnerability-related.DiscoverVulnerability , the bug is triggered when a user receives a malformed RTP packet , triggering the corruption error and crashing the application . In practice , the malformed packet that triggers the crash could be sent via a simple call request . “ This issue can occur when a WhatsApp user accepts a call from a malicious peer , ” Silvanovich explained . It ’ s not clear whether the WhatsApp security flaw could be exploited Vulnerability-related.DiscoverVulnerability for remote code execution , but this is a possibility , and a sufficient risk for a fellow Google researcher to describe Vulnerability-related.DiscoverVulnerability it as ‘ a big deal. ’ “ This is a big deal , ” tweeted Travis Ormandy . “ Just answering a call from an attacker could completely compromise WhatsApp. ” The same vulnerability was present in Vulnerability-related.DiscoverVulnerability the Android app , which has also been patched Vulnerability-related.PatchVulnerability . The Register says it is still waiting to hear from Google on more details , for example whether the desktop app is similarly affected Vulnerability-related.DiscoverVulnerability . It ’ s not the first time of late that a WhatsApp security issue has been identified Vulnerability-related.DiscoverVulnerability . Back in August , it was discovered Vulnerability-related.DiscoverVulnerability that it was possible for an attacker to change both the content and the sender of a WhatsApp message after you ’ ve received it .

One of the biggest and most popular social networking platforms , Snapchat , has once again become the center of attention . But this time , it is for all the wrong reasons with tweets and hashtags ( # Uninstall_Snapchat and # BoycottSnapchat ) urging people to get rid of the app . Apparently , the outrage started in India , after one of Snapchat ’ s former employees said that the CEO of the company had no intention to expand the business to India since the Snapchat platform is meant for “ rich people ” and not for “ poor countries ” like India and or Spain . Enraged India first reacted on Twitter , and after that , the hacktivist group Anonymous India claimed that they were responsible for 1.7 million Snapchat users ’ data leak Attack.Databreach . The hacking group has supposedly found Vulnerability-related.DiscoverVulnerability vulnerabilities in Snapchat ’ s systems and managed to steal Attack.Databreach 1.7 million user data and leaked Attack.Databreach them on the dark web . It seems that the hackers belong to one of the many bug bounty hunting groups that are finding Vulnerability-related.DiscoverVulnerability flaws in systems of big companies in exchange for money . It appears that the flaw in Snapchat ’ s security was discovered Vulnerability-related.DiscoverVulnerability last year , but never reported Vulnerability-related.DiscoverVulnerability to the authorities . Now , the same flaw was used to steal Snapchat users data , reports Vulnerability-related.DiscoverVulnerability DailyMail . The hackers are also demanding that the CEO apologize or an intensive strike against Snapchat will be launched . So far , Snapchat itself hasn ’ t confirmed any data leaks Attack.Databreach and we ’ re still waiting for an official comment from the social media giant . So far , the company has claimed that the allegations are ridiculous and that the app is available worldwide for everyone who wishes to use it . A spokesperson for the company has denied everything that Snapchat is being accused of . Despite this , the outrage on the social media continues , and many are still persuading others to boycott the application , or better yet – to completely uninstall it . The ratings of the company have dropped down fast , and the app is currently rated with only one star on the Apple ’ s App Store , while before this ‘ incident ’ it had a full five-star rating . And when it comes to Google Play Store , the app has a four-star rating at the time of writing . It ’ s unknown what will happen with the company now that their reputation has dropped down so dramatically , but whatever they decide to do to fix Vulnerability-related.PatchVulnerability this , they better do it fast .

IP cameras manufactured by Chinese vendor Fosscam are riddled Vulnerability-related.DiscoverVulnerability with security flaws that allow an attacker to take over the device and penetrate your network . The issues came to light yesterday when Finnish cyber-security firm F-Secure published Vulnerability-related.DiscoverVulnerability its findings after Fosscam failed to answer bug reports Vulnerability-related.DiscoverVulnerability and patch Vulnerability-related.PatchVulnerability its firmware . Below is a list of 18 vulnerabilities researchers discovered Vulnerability-related.DiscoverVulnerability in Fosscam IP cameras : The variety of issues F-Secure researchers discovered Vulnerability-related.DiscoverVulnerability means there are multiple ways an attacker can hack one of these devices and use it for various operations . `` For example , an attacker can view the video feed , control the camera operation , and upload and download files from the built-in FTP server , '' F-Secure says. `` They can stop or freeze the video feed , and use the compromised device for further actions such as DDoS or other malicious activity . '' `` If the device is in a corporate local area network , and the attacker gains access to the network , they can compromise the device and infect it with a persistent remote access malware . The malware would then allow the attacker unfettered access to the corporate network and the associated resources , '' researchers added . F-Secure researchers say Vulnerability-related.DiscoverVulnerability all these vulnerabilities have been confirmed Vulnerability-related.DiscoverVulnerability in Fosscam C2 models , but also in Opticam i5 , an IP camera sold by another vendor , but based on a white-label Fosscam device . In fact , researchers suspect that Fosscam has sold the vulnerable IP camera model as a white-label product , which other companies bought , plastered their logo on top , and resold as their own devices . F-Secure says it identified 14 other vendors that sell Fosscam made cameras , but they have not tested their products as of yet . F-Secure recommends that network administrators remove any Fosscam made IP camera from their network until the Chinese company patches Vulnerability-related.PatchVulnerability its firmware .

Remember that giant poster that Apple put up in Las Vegas during the recent Consumer Electronics Show that stated what happens on your iPhone , stays on your iPhone ? I 'm willing to bet many at Apple are trying hard to forget it right now as news breaks Vulnerability-related.DiscoverVulnerability of a vulnerability in the group functionality of its FaceTime application that allows users to eavesdrop on the people being called , even if they did n't pick up the call ! The shockingly simple exploit works with any pair of iOS devices running iOS 12.1 or later . `` The bug lets you call anyone with FaceTime , and immediately hear the audio coming from their phone - before the person on the other end has accepted or rejected the incoming call '' according to Benjamin Mayo at 9to5Mac who first broke the story and adds `` there 's a second part to this which can expose video too ... '' The exploit really is stupidly easy to pull off , essentially just requiring the caller to add their own number while a call is dialing in order to start a group chat that includes themselves and the audio of the person being called . It does n't matter if the recipient has accepted the call or not , all audio captured while the iPhone is ringing can be heard by the caller . If the recipient presses the power button from the lockscreen , used to accept or reject the incoming FaceTime chat , then video is also sent to the caller . One user , @ Jessassin , tweeted that if you join the call using your invitation on another iPhone then you also get the video stream despite the call not being answered on the destination device . What 's more , the bug is n't limited to iPhone users and if the recipient is using a Mac then , as it rings for a longer default than a handset , the eavesdropping Attack.Databreach can potentially continue for a longer period . This is particularly worrying as a Mac user may well be away from the device for a long , certainly more so than we are from our smartphones , and during that time anyone could be listening in on whatever was happening in that house or office . So , what do you need to do now ? The good news is that Apple has responded by temporarily suspending the Group FaceTime functionality until a permanent fix can be rolled out Vulnerability-related.PatchVulnerability . An Apple spokesperson told BuzzFeed that a fix `` will be released Vulnerability-related.PatchVulnerability in a software update later this week . '' However , there have been reports Vulnerability-related.DiscoverVulnerability of some users still able to exploit the eavesdropping vulnerability even after Apple made this announcement , 9to5Mac being among them .

It lets users send out text messages as well as audio messages , videos and pictures . It is also possible to personalize the messages sent via iMessage with a variety of animations using other Apple apps . This particular app is compatible with iOS , watchOS and macOS . Basically , it is a very widely used app by iPhone users . So when there is a bug in the app that is so severe that it can crash the phone easily , then users are bound to get concerned . According to reports Vulnerability-related.DiscoverVulnerability , there is a nefarious text message that is being sent to iPhone users even on those phones that run on the latest iOS 10 . This message is quite troublesome for users because it has the power to crash their phones within minutes . The new iMessage hack lets the attackers disable the Message app through sending an extensive contact record . This record file is pretty huge so as soon as the user taps on the recorded message , it immediately over-burdens the OS and terminates the app . The problem is that iPad and iPhone users who use iOS8 to iOS10.2.1 versions can not do anything to prevent this assault . The most disturbing part of the hack is that it is very difficult to prevent or avoid unless the recipient of the message is aware of what is to be done . Generally , users reboot their device or restart the iMessage app , which certainly doesn ’ t resolve the issue . Another aspect to be noted is that this hack can be distributed by the victim himself to other contacts . Here is how it can be done : Download the contact file , upload the contacts in dropbox or iCloud Drive , share this file using iMessage to the person you want to get hacked , wait until the victim taps on it and the app will instantly freeze . This time , the attackers have tried a different strategy to hack iMessage app ; previously they used to send infected links or weird text messages but this time they just send a huge contact file to disable the app

The list of tested apps includes MyPasswords , Informaticore , LastPass , Keeper , F-Secure Key , Dashlane , Hide Pictures Keep Safe Vault , Avast Passwords , and 1Password . All tested apps were installed on at least 500,000 devices , with some apps having millions of users . The research team says Vulnerability-related.DiscoverVulnerability these apps featured Vulnerability-related.DiscoverVulnerability different kinds of security flaws , listed below : `` The overall results were extremely worrying and revealed Vulnerability-related.DiscoverVulnerability that password manager applications , despite their claims , do not provide enough protection mechanisms for the stored passwords and credentials , '' the research team concluded Vulnerability-related.DiscoverVulnerability . `` Instead , they abuse the users ' confidence and expose them to high risks . '' In total , security researchers found Vulnerability-related.DiscoverVulnerability 26 security bugs , ranging from low to critical-level issues . The research team went public with their findings at the start of the week . Initially , app makers fixed Vulnerability-related.PatchVulnerability 23 of the 26 flaws , with Avast still lagging behind on three issues . Nevertheless , by March 1 , Avast had also patched Vulnerability-related.PatchVulnerability its product , and now users can update Vulnerability-related.PatchVulnerability to the applications ' latest versions to mitigate Vulnerability-related.PatchVulnerability all issues discovered Vulnerability-related.DiscoverVulnerability during the research . The research team 's name is TeamSIK ( Security Is Key ) , made up of several security professionals from the Fraunhofer Institute for Secure Information Technology in Darmstadt , Germany . Vulnerability reports Vulnerability-related.DiscoverVulnerability for most of the found issues are available on TeamSIK 's project homepage