Whatsapp Bug Bounty

[Mohammed Huberty]

LinkedInand 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Listen up, travelers! The FBI just put out a warning about something called "juice jacking." Basically, Public USB charging outlets are targeted by hackers who use them to compromise devices and steal sensitive information. So, if you don't want to get hacked, don't use those public USB outlets!

To prevent juice jacking, avoid public USB outlets. Make sure you bring your own block to plug your phone into an outlet. Also, you might want to pick up a special cord that's made just for power. Cybersecurity experts say it's the best way to protect yourself.

? WhatsApp makes it harder for scammers to steal your account. WhatsApp has introduced new security features to protect against SIM jacking and malware, as well as an easier way to verify encrypted connections. (Engadget)

? OpenAI Will Pay People to Report Vulnerabilities in ChatGPT. In partnership with Bugcrowd, OpenAI has launched a bug bounty program to anyone who can find vulnerabilities in its AI products, including ChatGPT. Rewards range from $200 to $20,000 depending on the severity of the bug found. (Bloomberg)

Ross Haleliuk addresses questions about data gravity and cybersecurity: role of cloud providers, data gravity and software security, AI, multi-cloud, and making a case for emergence of a security data layer. Read it here!

Julien Vehent's latest blog post dives into the shift in detection and response towards data-driven detection engineering and how this requires a new skillset of security engineers with solid software engineering and data science backgrounds.

Join Panther on a journey through the galaxy as we transform the way you think about SIEM at RSA Conference. Stop by our booth #228 in the South Expo hall and experience our Mandalorian-inspired theme. Here is where you can find us:

A story of a dispute between a husband and wife turning into a nightmare for the husband has come to light. According to reports, a woman in Agra placed a bounty of Rs 50,000 on her WhatsApp status for the killing of her husband.

The incident pertains to the area under the Bah police station. After seeing his wife's WhatsApp status, the husband is terrified and has lodged a complaint with the police, alleging threats against him and also accusing his wife's friend.

According to the complaint filed by the husband with the police, he got married to a girl from a village in Bhind on July 9, 2022. After the marriage, disputes began to arise frequently, and five months later, in December 2022, his wife went to her parents' house and has been staying there since then.

According to the husband, when returning on December 21, 2023, his in-laws threatened to kill him, and now his wife has posted a status on her WhatsApp offering a reward of Rs 50,000 to whoever kills him.

"During a voice call through WhatsApp, the bug used to allow the caller to upgrade it to a video call without the authorisation and knowledge of the receiver. The caller was then able to see what the other person was doing, violating the privacy of the receiver," Sougaijam told PTI.

He said his report was acknowledged by the Facebook Security team the very next day and its technical department fixed the bug within 15-20 days. "After reviewing this issue, we have decided to award you a bounty of $5000," Facebook said in an e-mail sent to Sougaijam.

These guidelines are intended to set an average maximum payout for a particular bug category and describe what mitigating factors we consider in determining the bounty to help researchers prioritize their hunting. Ultimately, each report is evaluated on a case-by-case basis and could, in some cases, be awarded higher than the cap depending on the internally assessed impact.

To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookie Policy

"We take many steps to prevent people receiving unwanted messages, including expiring accounts after a period of sustained inactivity," a WhatsApp spokesperson told The Register. "If for some reason you no longer want to use WhatsApp tied to a particular phone number, then the best thing to do is transfer it to a new phone number or delete the account within the app."

"In all cases, we strongly encourage people to use two-step verification for added security," the spokesperson continued. "In the extremely rare circumstances where mobile operators quickly re-sell phone lines faster than usual, these additional layers help keep accounts safe."

It's not a widespread problem, at least not yet, but a data privacy issue nonetheless, and a cautionary tale for users of any messaging service that uses mobile phone numbers as a primary form of user identification. Oh, and the WhatsApp spokesperson is spot on about two-factor verification, which everyone should use anyway.

Ugo was a long-time WhatsApp user in Switzerland with his account tied to his Swiss phone number. In October, he moved to Paris for work, got a new French phone number and a new SIM card. All the while he was using WhatsApp, which continued sending and receiving messages per usual, unaware of the phone number change.

Eric disclosed the issue to WhatsApp and parent company Meta, and was told that it's a recycled phone number issue, not a WhatsApp-specific bug. "For example, if a number has a new owner and they use it to log into Facebook, it could trigger a Facebook password reset," the security team told him. "If that number is still associated with a user's Facebook account, the person who now has that number could then take over the account."

Meta admitted that "this is a concern," but told Eric that it didn't qualify as a bug for the bug bounty program. "Facebook doesn't have control over telecom providers who reissue phone numbers or with users having a phone number linked to their Facebook account that is no longer registered to them," the email said.

"At the very least when they see that someone is requesting a phone number change (from A to B) and they see that there is an active account on phone number B that does not seem to have anything to do with the also active account attached to phone number A, challenge the account on phone number B to prove that they still own phone number B or update their number," he said.

The maker of the popular secure Swiss messenger, Threema GmbH, is now partnering with GObugfree to secure its products, Threema and Threema Work. With the relaunch of its public bug bounty programme on GObugfree's SaaS platform, Threema invites trusted friendly hackers and experienced IT security experts to thoroughly test its open source products.

Threema GmbH and GObugfree AG today jointly announced the relaunch of Threema's public bug bounty programme on GObugfree's Swiss SaaS platform: Threema GmbH's goal is to further improve the security of its apps Threema and Threema Work by collaborating with the community of Friendly Hackers and experienced security experts through a public bug bounty programme. The Swiss messenger service, which previously operated its own bug bounty programme as one of the pioneering companies in Switzerland, is now entrusting Zurich-based IT security startup GObugfree with the implementation and execution of the programme. Relaunching the programme on the Swiss SaaS platform and working closely with the GObugfree community of trusted, ethical hackers and independent IT security experts around the open-source apps aims to uncover any vulnerabilities that are currently still hidden, increase security and strengthen the trust of its clientele - because security and privacy protection are Threema's top priorities.

The risk of cyberattacks has increased again during the last years of the pandemic. According to the Allianz Risk Barometer, cyber incidents are the No. 1 business risk, they are becoming more widespread and costly. A large proportion of companies see data fraud and ransomware attacks as the biggest threat, and a third of Swiss SMEs have already been the victim of an attack. With the increase in the risk of cyberattacks, the need for companies to have a secure communication channel is once again growing. Threema GmbH has recognised this need and offers its B2B customers and their employees a secure communication channel that ensures data security as well as business continuity even in times of crisis.Now the messenger service wants to further strengthen the trust of its customers and shows with the relaunch of its public bug bounty programme that it has nothing to hide when it comes to security and that the inclusion of the know-how of the GObugfree hacker community ideally complements the regular, systematically conducted security checks.

Running a bug bounty programme on your own is difficult and time-consuming for organisations. Hundreds of vulnerability reports need to be sifted through and responded to as needed, prioritising the impact and determining the value of the vulnerability. Then, the vulnerability fix must be secured and payment to researchers triggered. Companies hardly have the time or resources to sift through and review incoming vulnerability reports from external researchers. Threema GmbH has therefore decided to outsource its bug bounty programme and thus also the described triage and validation process to GObugfree's platform, because GObugfree has offered its customers comprehensive bug bounty support and service since day one.

We are delighted that Threema GmbH - a company whose focus is on security and privacy - has chosen our platform to make their services even more secure, says Christina Kistler, CCO of GObugfree. The fact that a security-focused company like Threema chooses our bug bounty platform shows the added value of not only providing a platform, but also offering comprehensive management, including technical review and escalation of valid vulnerability reports by experts. In addition, our team facilitates communication with the friendly hacker community.

3a8082e126