Weekly Comments
25 September - 2 October 2018
Popular messaging applications like Telegram and WhatsApp are not void of security risks.

Popular messaging applications like Telegram and WhatsApp are not void of security risks. This week, a researcher found that Telegram leaks a user’s IP address when making phone calls over P2P using its default configuration. When using P2P to make Telegram calls, the IP address of the other person will appear in the Telegram console logs. Users can hide their IP address by changing the privacy settings under Peer-To-Peer to ‘Never’ or ‘Nobody’. Telegram has also fixed its desktop client to set Peer-To-Peer to Nobody, to hide a user’s IP address.
In addition, the OwnMe Android spyware, which appears to be still in development, has been found capable of compromising WhatsApp messages, capturing screenshots, pilfering browsing history and contact lists. OwnMe also maintains persistence in an infected device by starting up whenever the device finishes booting.
We advise users to secure their messaging applications like Telegram and WhatsApp by staying vigilant of the latest threats and configure their privacy settings to secure their messages and calls. To avoid falling prey to Android malware, we advise users to avoid downloading applications from untrusted sources as they could be malicious. We also advise users to refrain from clicking and opening links and attachments in unsolicited emails as they could be deceived into downloading malware.
References:
[1] Telegram Leaks IP Addresses by Default When Initiating Calls
[2] Telegram fixes IP address leak in desktop client
[3] Android Trojan reads Whatsapp-Messages
In addition, the OwnMe Android spyware, which appears to be still in development, has been found capable of compromising WhatsApp messages, capturing screenshots, pilfering browsing history and contact lists. OwnMe also maintains persistence in an infected device by starting up whenever the device finishes booting.
We advise users to secure their messaging applications like Telegram and WhatsApp by staying vigilant of the latest threats and configure their privacy settings to secure their messages and calls. To avoid falling prey to Android malware, we advise users to avoid downloading applications from untrusted sources as they could be malicious. We also advise users to refrain from clicking and opening links and attachments in unsolicited emails as they could be deceived into downloading malware.
References:
[1] Telegram Leaks IP Addresses by Default When Initiating Calls
[2] Telegram fixes IP address leak in desktop client
[3] Android Trojan reads Whatsapp-Messages
More Weekly Cyber Newsanalysis and insights

SingHealth COI Hearing Reveals Management Inaction On Security Loophole Discovered In 2014
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack.

Brighton Secondary School Students Hack School’s Computer Systems
A small number of students from Brighton Secondary School in Adelaide, Australia, hacked the school’s computer systems last Friday using stolen staff login details.

Hackers Stole Access Tokens for 50 Million Facebook Accounts
ABS-CBN, one of the largest media and entertainment groups in the Philippines, took down two of its online shopping sites last week after they were found infected by the MageCart skimmer.

Port Of San Diego Suffers Ransomware Attack
The Port of San Diego suffered a ransomware attack that disrupted the port’s information technology systems and public services related to park permits, public records requests, as well as business services.

Flawed UK Conservative Party Conference App Allows Public Login As Ministers, Sednit APT Group Delivers UEFI Rootkit In The Wild
A flawed phone app for the Conservative Party (UK) Conference had allowed members of the public to login as anyone attending the party conference and view and modify their personal information after entering an email address.

Cobalt Gang Uses New Hacking Tool Against Financial Institutions
The financially motivated Cobalt Gang has been targeting financial institutions with a new hacking tool dubbed SpicyOmelette, which is typically delivered through a phishing email with a shortened link that downloads the tool.
Weekly Comments
25 September - 2 October 2018
Popular messaging applications like Telegram and WhatsApp are not void of security risks.

Popular messaging applications like Telegram and WhatsApp are not void of security risks. This week, a researcher found that Telegram leaks a user’s IP address when making phone calls over P2P using its default configuration. When using P2P to make Telegram calls, the IP address of the other person will appear in the Telegram console logs. Users can hide their IP address by changing the privacy settings under Peer-To-Peer to ‘Never’ or ‘Nobody’. Telegram has also fixed its desktop client to set Peer-To-Peer to Nobody, to hide a user’s IP address.
In addition, the OwnMe Android spyware, which appears to be still in development, has been found capable of compromising WhatsApp messages, capturing screenshots, pilfering browsing history and contact lists. OwnMe also maintains persistence in an infected device by starting up whenever the device finishes booting.
We advise users to secure their messaging applications like Telegram and WhatsApp by staying vigilant of the latest threats and configure their privacy settings to secure their messages and calls. To avoid falling prey to Android malware, we advise users to avoid downloading applications from untrusted sources as they could be malicious. We also advise users to refrain from clicking and opening links and attachments in unsolicited emails as they could be deceived into downloading malware.
References:
[1] Telegram Leaks IP Addresses by Default When Initiating Calls
[2] Telegram fixes IP address leak in desktop client
[3] Android Trojan reads Whatsapp-Messages
In addition, the OwnMe Android spyware, which appears to be still in development, has been found capable of compromising WhatsApp messages, capturing screenshots, pilfering browsing history and contact lists. OwnMe also maintains persistence in an infected device by starting up whenever the device finishes booting.
We advise users to secure their messaging applications like Telegram and WhatsApp by staying vigilant of the latest threats and configure their privacy settings to secure their messages and calls. To avoid falling prey to Android malware, we advise users to avoid downloading applications from untrusted sources as they could be malicious. We also advise users to refrain from clicking and opening links and attachments in unsolicited emails as they could be deceived into downloading malware.
References:
[1] Telegram Leaks IP Addresses by Default When Initiating Calls
[2] Telegram fixes IP address leak in desktop client
[3] Android Trojan reads Whatsapp-Messages
More Weekly Cyber Newsanalysis and insights

SingHealth COI Hearing Reveals Management Inaction On Security Loophole Discovered In 2014
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack.

Brighton Secondary School Students Hack School’s Computer Systems
A small number of students from Brighton Secondary School in Adelaide, Australia, hacked the school’s computer systems last Friday using stolen staff login details.

Hackers Stole Access Tokens for 50 Million Facebook Accounts
ABS-CBN, one of the largest media and entertainment groups in the Philippines, took down two of its online shopping sites last week after they were found infected by the MageCart skimmer.

Port Of San Diego Suffers Ransomware Attack
The Port of San Diego suffered a ransomware attack that disrupted the port’s information technology systems and public services related to park permits, public records requests, as well as business services.

Flawed UK Conservative Party Conference App Allows Public Login As Ministers, Sednit APT Group Delivers UEFI Rootkit In The Wild
A flawed phone app for the Conservative Party (UK) Conference had allowed members of the public to login as anyone attending the party conference and view and modify their personal information after entering an email address.

Cobalt Gang Uses New Hacking Tool Against Financial Institutions
The financially motivated Cobalt Gang has been targeting financial institutions with a new hacking tool dubbed SpicyOmelette, which is typically delivered through a phishing email with a shortened link that downloads the tool.