Jiyeon Kong

Hamburger News - Oct


Haven’t had time to read up everything that happened this month? Don’t worry, we have prepared a quick bite of Hamburger News, just for you!


Never Take Video Calls From a Stranger on WhatsApp!

Image result for whatsapp video call hacker

(Image source: https://thehackernews.com/2018/10/hack-whatsapp-account-chats.html)

Do you use WhatsApp? Did you know that your phone can get hacked just by the act of accepting a video call on WhatsApp?


According to Google Project Zero’s security researcher, Natalie Silvanovich, a critical vulnerability has been found on WhatsApp that allows malicious users to control your smartphone once you accept the call. This issue is related to memory heap overflow. When a victim receives a video call from an attacker, malformed RTP packets are transformed, generating errors in Android and iOS apps without affecting WhatsApp web.


This vulnerability has been patched on 28th September and 3rd October in the Android and iPhone application respectively. If you missed the latest updates, please update your app before you open it again!



Singapore Gets the Crown of Shame in Having the Worst Cyber Hygiene

(source: http://www3.asiainsurancereview.com/News/View-NewsLetter-Article/id/44153/Type/ARM/Singapore-MAS-consults-on-cyber-hygiene-practices-for-financial-institutions )


On the 3rd of October, VMware published a survey about the state of cyber hygiene in Asia. This survey showed that Singaporean users have not been fully aware of their security habits. The results showed that a majority of Singaporeans store their bank account credentials in one to six mobile applications, and only an estimated 14 percent of them use different passwords for the accounts they use, which is a significantly lower when compared to the global average of 24 percent. Moreover, 45 percent of Singaporeans use the same passwords across web or mobile applications, storing credentials of payment data. Although it may be convenient to use the same password, keeping your credentials safe should be top priority. A minor mistake or leak of your password could potentially lead to critical financial loss.

Check out our post to see how you can prevent such a data leak! [link]



Big Data Breach on Facebook?!

Image result for facebook data breach

(source: https://www.consumerreports.org/digital-security/facebook-data-breach-exposed-personal-data-of-millions-of-users/)

Every month, more than 2.2 billion users log onto Facebook. The international social media platform recently got hacked and the credentials of 50 million accounts were leaked. The bug was discovered in the “view as” feature, which allowed hackers to gain the digital code, such as browser cookie. With this, hackers were able to sign in with other users’ accounts and it allowed them to gain the credentials of victims. Earlier this year, there was already a huge issue regarding Cambridge Analytica’s access to 87 million users’ data for political reasons. Since then, data privacy legislation has not been fully formed yet. This latest Facebook incident has pressurised the United States Congress to provide more structure in the privacy protection regulations.


French Dark-Web Drug Dealer Sentenced for 20 Years

The dark-web dealer who was arrested in the World Beard and Mustache Championships last year has finally been sentenced to 20 years in prison. Gal Vallerius, aka Oxymonster, was accused of crimes such as being an administrator of Dream Market, and trading OxyContin and Ritalin drugs.

Investigators suspected that the user, ‘Oxymonster’, could be the person named Vallerius. They narrowed down the scope through tracking the bitcoin transaction, as well as the Instagram and Twitter accounts of Vallerius, to match the writing style of Oxymonster. Common words were discovered, including the frequent use of ‘cheers’, quotation marks, and intermittent French posts. Because of the similarities in his writing style, the drug trader was captured.


Hard to believe, but it works!


Posted by Jiyeon Kong

Customer Success Manager | Horangi


Cyber Security information security phishing data protection data breach cyber security strategy cyber hygiene


Horangi Cyber Security Blog

Also tagged Cyber Security, Risk Management, Horangi Storifier, Horangi Warden, Slack

Storyfier Now Integrated With Slack — Release Notes: June 2019
Everything You Need To Know About Web Server Pentesting

Also tagged Vulnerability Assessment, Risk Assessment, Cyber Strategy, Risk Management

The Cost of Cyber Attacks to Businesses