Tuesday, November 19, 2019

WhatsApp? Eavesdropping. That's WhatsApp.

WhatsApp parent company Facebook has issued a warning about a new vulnerability on its hugely-popular chat app, which could let hackers take control of their device remotely and eavesdrop on your every conversation.

Facebook has warned users about a potential vulnerability within its WhatsApp chat app that allows cyber-criminals to take control of your device remotely. The security flaw could also allow them to eavesdrop on your conversations.

And if that wasn’t worrying enough, all you’d have to do to let the hackers access your handset is watch a single video... This security flaw affects all versions of WhatsApp, from Windows Phone to iOS. It even includes the enterprise-focused WhatsApp Business. That suggests the issue was found in the underlying code that powers all versions of the chat app...

WhatsApp has closed the loophole with the latest updates to WhatsApp. If you haven’t already got automatic app updates set on your smartphone, you should head to your respective app store and download the latest software to make sure you’re sa

According to Facebook, the potential issue only impacts the following versions of WhatsApp:
fe from attack.
  • Android versions of WhatsApp before 2.19.274
  • iOS versions of WhatsApp before 2.19.100
  • Enterprise Client versions of WhatsApp before 2.25.3
  • Windows Phone versions of WhatsApp before and including 2.18.368
  • Business for Android versions of WhatsApp before 2.19.104
  • Business for iOS versions of WhatsApp before 2.19.100

Beginner's Guide to Small Business Cyber Security

Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...

Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more

Eavesdropping Vulnerability: Cisco SPA100 - Update Firmware

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more

Monday, November 18, 2019

Hot Wheels - Part I

A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . .
And His $9 Million WhatsApp Hacking Van

On a wildflower-lined gravel track off a quiet thoroughfare in Larnaca, Cyprus, Tal Dillian is ensconced in a blacked-out truck. It’s a converted GMC ambulance, pimped out with millions of dollars of surveillance kit, antennas on top reaching out to learn what it can from any smartphone within a 1-kilometer radius and, at the click of a button, empty them of all the content within.

WhatsApp messages, Facebook chats, texts, calls, contacts?

“Exactly,” says Dilian, a 24-year Israeli intelligence veteran and multimillionaire spy-tech dealer, though he doesn’t look it; imagine a shabbier, more hirsute George Clooney...

He’s dialing up the charm offensive over the two days he gives Forbes unprecedented access to the normally hidden, clandestine spy-tech industry, estimated to be worth $12 billion and rising. more

Hot Wheels - Part II

Cypriot police have confiscated a van reportedly loaded with sophisticated surveillance equipment and have questioned its Israeli owner following media reports that the vehicle was being hired out to spy on people...

The police probe was initiated after local media highlighted an earlier Forbes report on the Israeli it identified as a former intelligence officer who showed off the $9 million van’s spying capabilities. more

The Invisible Man - 122 Years in the Making

“Quantum Stealth” (Light Bending material) non-powered adaptive camouflage which portrays what is behind the user in-front of the user bending the light around the target. The cost is inexpensive, very lightweight and there are no power requirements.

It even blocks thermal imaging! more

Sunday, November 17, 2019

Venezuela's Ex-spy Chief Disappears on Eve of Extradition to U.S. (shocking, just shocking)

Hugo Carvajal, nicknamed "El Pollo," or "The Chicken," was the military-intelligence chief for Presidents Hugo Chavez and Nicholas Maduro, and some experts have said he could be a source of incriminating intelligence on Maduro and his regime...

In written answers to questions by The Associated Press, Carvajal said he wanted to share secret information on drug trafficking and corruption. more | sing-a-long

More Pirates of The Caribbean

Russia’s underwater spy ship recently traveled across the Atlantic Ocean and is currently sailing in America’s backyard. 

Yantar, allegedly a ship meant to research the deep ocean, has an odd habit of skulking around sunken military equipment—and undersea telecommunications cables. 

The ship has suddenly popped up in the Caribbean, prompting military watchers to wonder what the strange ship is up to. 

Yantar is a Russian Navy vessel, but one that lacks a single weapon. The ship was commissioned in 2015 and officially is known as a "special purpose ship" or "oceanographic vessel." It is operated by the Russian Navy's Main Directorate of Underwater Research, which Russian military watchers believe controls Russia’s undersea spying efforts. more

69 Cops Get Body-Cam'ed - Clerk Gets Slammer

A former police records clerk in Southern California was sentenced to six years in jail Friday after he was charged with secretly recording dozens of coworkers as they used the bathroom. 

The sentencing for 29-year-old Sergio Nieto came after he pleaded no contest to dozens of invasion of privacy charges in October for spying on 69 coworkers (stop snickering) during his time working at the Long Beach Police Department’s downtown headquarters, the Long Beach Post reports. more

The New York Times Reports: "Bugging Epidemic"

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea...

A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.” more

Spybuster Tip #621: Conduct your own sweeps for covert spycams. Learn how.

Thursday, November 14, 2019

Espionage Concerns Change Hiring Policy

The recent resignation of a compliance director at GitLab Inc. illustrates anxiety in the tech industry about foreign espionage...

GitLab’s vice president of engineering, Eric Johnson, said in GitLab’s public discussion forum in October that the firm would no longer hire people living in Russia and China—countries that U.S. authorities have linked to major data security breaches—for some roles where they would be handling sensitive customer data...

The decision was prompted by “the expressed concern of several enterprise customers,” Mr. Johnson wrote on the forum... more

Thursday, November 7, 2019

How People Turn iPhones into Bluetooth Bugs

With iOS 12, Apple added a feature, called Live Listen, which essentially turns your AirPods into on-demand hearing aids. 

There's a bit of setup you'll need to do, but once it's done, you can place your phone on a table closer to the person you're talking to and it will send audio to your AirPods.

On your iPhone go to Settings > Control Center > Customize Controls and tap on the green "+" symbol next to the Hearing option. Then, when you need to use the feature put in your AirPods and open Control Center on your iPhone and select the Hearing icon followed by Live Listen. Turn off the feature by repeating those final steps in Control Center. more

Corporate Espionage Alert: If a person excuses themselves from a business meeting to go to the restroom (or other excuse)... NEVER continue the discussion thinking they won't know. They may be using this trick to listen in to what you are saying. More sage corporate counterespionage advice here.

Tuesday, November 5, 2019

With a Laser, Researchers Say They Can Hack Alexa and Other Assistants

Since voice-controlled digital assistants were introduced a few years ago, security experts have fretted that systems like Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked.

But the risk presented by a cleverly pointed light was probably not on anyone’s radar.

Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones
. more

Thursday, October 31, 2019

This Week's News About Spies

 Busy, as always...

Drones: An Increasing Business Espionage Concern Worldwide

South Africa - The increased use of unmanned aerial vehicles, or drones, in SA over the last few years has opened local organisations to a significant and evolving scope of threat in areas such as cyber espionage, illegal surveillance, electronic snooping and reconnaissance.

Security experts warn that while drone technology is increasingly being harnessed to carry out a host of commercial tasks faster, safer and more efficiently across industries including agriculture, media, health and defence, it is also increasingly being exploited by criminals as a tool to usher in a new era of physical and IT security threats. more

• Our other Security Scrapbook drone coverage.
• Researching anti-drone technology for your corporate security department? Contact us for our free Anti-Drone Research Paper.