Podcast Episode 12: Major WhatsApp Vulnerability and Other News

This week in our news-focused episode we cover the WhatsApp zero-day vulnerability that allegedly was used to infect phones with malware by simply calling a phone with the app. We also announced a new update to the Wordfence plugin, making an updated two-factor authentication feature available to all Wordfence users. We cover a story about SIM hijacking and discuss why we need to move away from SMS 2-factor authentication. We also cover an ongoing supply-chain attack affecting thousands of sites, three antivirus companies that have been compromised, a malvertiser indictment and other stories.

Here are approximate timestamps in case you want to jump around:
0:30 WhatsApp voice calls used to inject malware
7:07 New Wordfence login security features
12:30 Ongoing supply-chain attack
18:58 SIM card hijacking campaign
22:05 Three US Antivirus companies compromised
23:55 Malvertiser compromised
30:12 Opting out of facial recognition at airports
32:48 Microsoft Word gets politically correct
37:38 Binance intrusion
41:25 Federal agencies spending millions to hack into phones

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

• WhatsApp releases a patch to protect against a vulnerability used to inject spyware on phones.
• We announce an update to Wordfence, bringing a powerful new two-factor authentication feature to free and premium installations.
• Hackers are compromising numerous scripts that are infecting thousands of websites through a supply-chain attack. These attacks are ongoing.
• A hacking ring known as “The Community” has allegedly netted $2.4 million in cryptocurrency through SIM hijacking attack.
• Three US antivirus companies have been breached, though details about which companies were compromised is not yet available.
• A malvertiser behind over 100 million malicious advertisements is indicted.
• A follow up on a previous story, Americans can opt out of facial recognition technology when traveling.
• Microsoft Word will be launching “Ideas in Word” that will use artificial intelligence to suggest more politically palatable ways of communicating ideas.
• The Binance cryptocurrency exchange has confirmed a large scale data breach.
• Federal agencies are spending millions to hack into locked phones.

You can find me on Twitter as @mmaunder and Kathy as @kathyzant. Please don’t hesitate to post your feedback in the comments below.