About Us Contact us Kannada

New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.

This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.

When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.

Pegasus-like features

Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.

A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."

Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.

According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.

An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.

This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.

Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.

This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.

WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.

Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.

Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".

According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."

Courtesy: www.indiatoday.in

Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.

Comments

New Delhi (PTI): The Delhi High Court has directed the city authorities to pay Rs 30 lakh compensation each to the families of three sanitation workers who died during manual scavenging in 2017.

The HC allowed the petition by the family members seeking higher ex gratia in accordance with a Supreme Court order in 2023 which increased the compensation payable to the dependents of the victims who lost their lives in manual scavenging to Rs 30 lakh from the existing Rs 10 lakh.

The family members said in the petition that the three sanitation workers died in August 2017 while cleaning a drain in Lajpat Nagar. The plea said the deceased were engaged by a Delhi Jal Board sub-contractor.

The petitioners said that after they died, a compensation of Rs 10 lakh was awarded to the family members. However, they prayed that the amount be increased to Rs 30 lakh.

"It can be seen that the directions issued by the Supreme Court were expressly made applicable to all the statutory bodies including corporations, railways, cantonments as well as the agencies under its control.

"Moreover, the Union and State governments were directed to ensure that the rehabilitation measures were taken with respect to sewage workers, including the family of those who have lost their lives. Specifically, it was directed that the compensation of Rs 10 lakh that was given to the family members of the deceased workers be enhanced to Rs 30 lakh," Justice Sachin Datta said.

The high court said necessarily, the ameliorative directions, strictures and the embargo imposed by the Supreme Court are applicable to the Delhi Jal Board (DJB) as also to any agency that may be engaged by the board within any part of Delhi in connection with the work relating to the collection of sewage or carrying out connected works.

"Any disregard or violation thereto would invite strict consequences" as envisaged in the apex court verdict, it said.

Considering the reasoning given by the apex court, it would be a travesty if the entitlement of the family members of the deceased scavenging workers is confined to Rs 10 lakh, the high court said.

"The same would defeat the directions of the Supreme Court to enhance the compensation to Rs 30 lakh on the basis that the previously fixed compensation of Rs 10 lakh was fixed as far back as in the year 1993 and could not be considered to be an adequate compensation," it said, adding that the family members of the deceased sanitation workers are entitled to a compensation of Rs 30 lakh.

The high court said the remaining amount be paid to the family members within eight weeks.

Observing that manual scavengers have lived in bondage, systematically trapped in inhuman conditions for a long time, the Supreme Court had in October last year asked the Centre and state governments to completely eradicate manual scavenging across the country.

Passing a slew of directions for the benefit of people involved in manual scavenging, it had asked the central and state governments to pay Rs 30 lakh as compensation to the next of kin of those who die while cleaning sewers.

"The court hereby directs the Union and the States to ensure that the compensation for sewer deaths is increased (given that the previous amount fixed, that is, Rs 10 lakh) was made applicable from 1993. The current equivalent of that amount is Rs 30 lakh. This shall be the amount to be paid, by the concerned agency, that is, the Union, the Union Territory or the State as the case may be. In other words, compensation for sewer deaths shall be Rs 30 lakh," the Supreme Court had ordered.

It had also said that the authorities needed to take measures for the rehabilitation of the victims and their families.

All Stories

Another mix-up in surgery at Kerala govt hospital: Patient says wrong implant inserted in his hand
Another mix-up in surgery at Kerala govt hospital: Patient says wrong implant inserted in his hand

Allegations of medical negligence continued to haunt the Government Medical College Hospital here, with a man lodging a complaint with the police on Saturday alleging that an implant meant for another patient was wrongly inserted into his broken hand.

 
Airstrike kills 20 in central Gaza, fighting rages as Israel's leaders air wartime divisions
Airstrike kills 20 in central Gaza, fighting rages as Israel's leaders air wartime divisions

An Israeli airstrike killed 20 people in central Gaza, mostly women and children, and fighting raged across the north on Sunday as Israel's leaders aired divisions over who should govern Gaza after the war, now in its eighth month.
Goa police arrest man from Bengaluru for cyber bullying woman and extortion
Goa police arrest man from Bengaluru for cyber bullying woman and extortion

The Goa cyber crime police have arrested a man from Bengaluru on charges of cyber bullying a woman and extortion after posting a fake job advertisement online, an official said on Sunday.

 

Copyright © 2024. Vartha Bharati. All rights reserved