Another Pegasus-like spyware found targeting WhatsApp with MP4 files
New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.
This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.
When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.
Pegasus-like features
Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.
A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."
Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.
According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.
An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.
This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.
This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.
WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.
Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.
Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".
According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."
Courtesy: www.indiatoday.in
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
8 children between ages of 1 and 14 dead after mass shooting in Louisiana, police say
Shreveport(US) (AP): A gunman in Louisiana killed eight children in shootings at two different homes early Sunday in the nation's deadliest mass shooting in more than two years, police in Shreveport said.
The victims ranged in age from one to about 14 years old, said Shreveport police spokesperson Chris Bordelon. A total of 10 were shot and some of the children were related to the suspect, Bordelon said.
The gunman later died after a chase with officers who fired at the suspect, Bordelon said. The suspect stole a car while leaving the scene of the shootings and was followed by police, according to Bordelon.
Police did not release the name of the suspect but did say he was an adult male. The shootings were the result of a “domestic disturbance,” Bordelon said.
Officials said they were still gathering details at the crime scenes south of downtown Shreveport — the two homes and a third location.
“This is an extensive scene unlike anything most of us have ever seen,” he said.
It was the deadliest mass shooting in the US since eight people were killed in a Chicago suburb in January 2024, according to a database maintained by The Associated Press and USA Today in partnership with Northeastern University.
At a news conference outside the residence where one of the shootings occurred, officials appeared stunned, requesting patience and prayers from the community as they sorted through multiple crime scenes.
“I just don't know what to say, my heart is just taken aback,” Shreveport Police Chief Wayne Smith said. “I cannot begin to imagine how such an event could occur.”
“This is a tragic situation — maybe the worst tragic situation we've ever had,” said Tom Arceneaux, mayor of the city in northwestern Louisiana with about 180,000 residents. “It's a terrible morning.”
Louisiana State Police say their detectives have been asked by Shreveport police to investigate. In a statement, state police say no officers were harmed in the shooting that involved an officer after a police pursuit into Bossier City on Sunday morning.
State police are asking anyone with pictures, video or information to share it with state police detectives.
Louisiana Gov Jeff Landry said in a statement that he and his wife were heartbroken. “We're deeply grateful to the law enforcement officers and first responders working tirelessly on the scene,” he added.
