Google reveals sophisticated Windows and Android hacking operation


Image: Google Project Zero

Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.

The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said.

Also: Best VPNs

“One server targeted Windows users, the other targeted Android,” Project Zero, one of Google’s security teams, said in the first of six blog posts.

Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user’s browsers, attackers deployed an OS-level exploit to gain more control of the victim’s devices.

The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that

Read More

WhatsApp says: No, we can’t see your private messages – and neither can Facebook

Facebook-owned WhatsApp has published a new FAQ that aims to clear up misunderstandings over a planned update to its privacy policy, which some people thought would force them to permit WhatsApp to share profile data, phone numbers and diagnostic data with Facebook.    

Chatter on social media about the policy change caused a mini exodus among WhatsApp’s two billion users to Signal — a messaging app that most security experts recommend. Signal also provided the end-to-end encryption protocol that WhatsApp uses. 

WhatsApp’s wording in the notification about its privacy update said users must accept the policy update after February 8 and suggested an alternative was to delete the WhatsApp account. WhatsApp’s previous policy let users opt-out of most sharing of user data with Facebook.   

The surge in new Signal signups was probably helped by Elon Musk tweeting “Use Signal” following reports of WhatsApp’s upcoming privacy policy changes by Ars Technica and

Read More