Another Pegasus-like spyware found targeting WhatsApp with MP4 files
New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.
This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.
When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.
Pegasus-like features
Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.
A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."
Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.
According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.
An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.
This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.
This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.
WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.
Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.
Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".
According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."
Courtesy: www.indiatoday.in
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
UN report says 282 million people faced acute hunger in 2023, with the worst famine in Gaza
United Nations (AP): Nearly 282 million people in 59 countries suffered from acute hunger in 2023, with war-torn Gaza as the territory with the largest number of people facing famine, according to the Global Report on Food Crises released on Wednesday.
The UN report said 24 million more people faced an acute lack of food than in 2022, due to the sharp deterioration in food security, especially in the Gaza Strip and Sudan. The number of nations with food crises that are monitored has also been expanded.
Máximo Torero, chief economist for the UN's Food and Agriculture Organisation, said 705,000 people in five countries are at Phase 5, the highest level, on a scale of hunger determined by international experts — the highest number since the global report began in 2016 and quadruple the number that year.
Over 80 per cent of those facing imminent famine — 577,000 people — were in Gaza, he said.
South Sudan, Burkina Faso, Somalia and Mali each host many thousands also facing catastrophic hunger.
According to the report's future outlook, around 1.1 million people in Gaza, where the Israel-Hamas war is now in its seventh month, and 79,000 in South Sudan are projected to be in Phase 5 and facing famine by July.
It said conflict will also continue to drive food insecurity in Haiti, where gangs control large portions of the capital.
Additionally, while the El Nino phenomenon peaked in early 2024, “its full impact on food security – including flooding and poor rain in parts of east Africa and drought in southern Africa, especially Malawi, Zambia and Zimbabwe – are like to manifest throughout the year.”
UN Secretary-General Antonio Guterres called the report “a roll call of human failings,” and that “in a world of plenty, children are starving to death.”
“The conflicts erupting over the past 12 months compound a dire global situation,” he wrote in the report's foreword.
Guterres highlighted the conflict in the Gaza Strip, as the enclave holds the highest number of people facing catastrophic hunger. There is also the year-old conflict in Sudan, which has created the world's largest internal displacement crisis “with atrocious impacts on hunger and nutrition,” he added.
According to the report, over 36 million people in 39 countries and territories are facing an acute hunger emergency, a step below the famine level in Phase 4, with more than a third in Sudan and Afghanistan. It's an increase of a million people from 2022, the report said.
Arif Husain, the UN World Food Program's chief economist, said every year since 2016 the numbers of people acutely food insecure have gone up, and they are now more than double the numbers before the COVID-19 pandemic.
While the report looks at 59 countries, he said the target is to get data from 73 countries where there are people who are acutely food insecure.
Secretary-General Guterres called for an urgent response to the report's findings that addresses the underlying causes of acute hunger and malnutrition while transforming the systems that supply food. Funding is also not keeping pace with the needs, he stressed.
“We must have the funding, and we also must have the access,” WFP's Husain said, stressing that both “go hand-in-hand” and are essential to tackle acute food insecurity.
The report is the flagship publication of the Food Security Information Network and is based on a collaboration of 16 partners including UN agencies, regional and multinational bodies, the European Union, the US Agency for International Development, technical organisations and others.
