Signal Did NOT Get Hacked
Summary
TLDRThis week's hacking news update covers several concerning topics. Firstly, rumors of a critical vulnerability in Signal that could allow hackers to take over a phone by sending a malicious link were debunked by the Signal team, who found no evidence of the exploit's existence. Secondly, spyware disguised as a rocket alert app targeted Israel, exploiting the open-source nature of a legitimate app to steal data. Thirdly, a claim of a new hack on the Colonial Pipeline by the group 'Ransomed.vc' turned out to be exaggerated, with the group only stealing data rather than taking control of the pipeline systems. Lastly, state-backed hackers from Russia and China were discovered exploiting a patched WinRAR vulnerability for cyber espionage, with one group, SANDWORM, launching a phishing campaign targeting a Ukrainian drone warfare training school, and another group, ISLANDDREAMS, targeting an organization in Papua New Guinea with a fake invoice.
Takeaways
- ⚠️ A critical vulnerability in Signal was rumored, but the Signal team found no evidence to support the claims.
- 🔍 The .webp image vulnerability, which was speculated to be linked to the Signal exploit, was patched weeks prior.
- 💸 Russian exploit broker 'opzero' is offering a $1.5 million bounty for a remote code execution vulnerability in Signal.
- 🚀 Spyware disguised as a rocket alert app has targeted Israel, with the app secretly uploading data to an attacker-controlled server.
- 🇮🇱 The malicious rocket alert app is a clone of a legitimate, open-source app used by millions of Israelis.
- 🛰️ Cybercriminals claimed to have hacked Colonial Pipeline, but it turned out to be an exaggeration; they only stole some data.
- 📁 The stolen data from the alleged Colonial Pipeline hack did not contain credentials that could immediately threaten operations.
- 📋 Russian and Chinese state-backed hackers have been exploiting a patched WinRAR vulnerability for cyber espionage.
- 🔗 The WinRAR exploit involves a bug that allows malicious scripts to run when opening files with a trailing space in their name.
- 🐞 Google discovered multiple instances of government hackers misusing the WinRAR vulnerability, including the Russian group SANDWORM.
- 📧 In a phishing campaign, SANDWORM used a booby-trapped PDF to download and run an infostealer called 'RHADAMANTHYS'.
Q & A
What is the critical vulnerability in Signal that was rumored to allow hackers to take over a phone?
-The vulnerability was rumored to be related to the 'Generate link previews' feature in Signal, which could be exploited by a maliciously crafted image in a link preview, potentially leading to a device hack.
How did the Signal team respond to the rumors of the vulnerability?
-The Signal team quickly investigated the claims and stated that they found no evidence suggesting the vulnerability was real. They also checked with US Government sources, who were unaware of the exploit.
What is the current status of the .webp image vulnerability mentioned in the script?
-The .webp image vulnerability was patched weeks prior to the rumors about the Signal vulnerability, casting doubt on its involvement in the alleged exploit.
Why is Signal a lucrative target for blackhats?
-Signal is used by privacy enthusiasts, journalists, and activists, making it an attractive target for those looking to exploit its user base. Additionally, the Russian exploit broker 'opzero' is offering a large bounty for finding vulnerabilities in the app.
What was the nature of the spyware disguised as a rocket alert app targeting Israel?
-The spyware, disguised as a legitimate rocket alert app, was designed to provide genuine alerts while secretly collecting the user's data, including call logs, SMS, contacts, and device information, and uploading it to a remote server.
How did the Colonial Pipeline hack in 2021 affect the United States?
-The 2021 hack led to the shutdown of the Colonial Pipeline for five days, causing fuel shortages at gas stations and disruptions to airline schedules, making it one of the most consequential cyber attacks in history.
What was the response to the recent claim of a new hack on the Colonial Pipeline?
-The claim was initially met with skepticism due to the exaggeration history of the group 'Ransomed.vc'. The Pipeline company issued a statement denying the claims, but later Ransomed.vc provided a link to stolen files, which were from a consultancy firm, not the Pipeline company itself.
What vulnerability were Russian and Chinese state-backed hackers exploiting in WinRAR?
-The vulnerability exploited by the hackers was related to WinRAR's handling of files with a trailing space in their name, which could be used to execute malicious scripts when opening seemingly innocent files.
How does the exploit involving WinRAR work?
-If WinRAR opens a file with a trailing space in its name and there is a folder with the same name in the archive, it may execute the first file in that folder if it matches the original filename before the space and has an executable extension.
What is the name of the infostealer used in the Russian phishing campaign mentioned in the script?
-The infostealer used in the Russian phishing campaign is called 'RHADAMANTHYS', also known as 'The everything bagel infostealer' due to its extensive capabilities.
What was the nature of the exploit used by the Chinese hacker group ISLANDDREAMS in their campaign?
-ISLANDDREAMS used a phishing campaign with a booby-trapped archive disguised as a fake invoice. When opened, it triggered a PowerShell script that downloaded and side-loaded a malicious DLL, resulting in the execution of a backdoor called BOXRAT.
What is the advice for users regarding the WinRAR vulnerability?
-Users are advised to update their WinRAR software to the latest version to patch the vulnerability, as the software does not have an auto-update feature and requires manual updates.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
Mañanera 360 | Lunes 29 Enero 2024
The Best GPU News In A Long Time
Ahrefs Cancels Study After Disavowing Disaster
BREAKING: WWE Fired Him…WWE Furious About Leak…Women's Rumble Spoiler Returns…Wrestling News
This Uncensored Chatbot is WILD & More AI Use Cases
БЫТЬ ПУТИНЫМ! Конфискация жилья у малоимущих, коммунальный коллапс 2.0 Киркоров должен. Ницца НАША!
5.0 / 5 (0 votes)
