Are you one of the 1.5 billion users using Whatsapp? Is it safe? Find out in this episode of Cyber Sentinel.

So, are you one of the 1.5 billion users of the WhatsApp application on your cell phone? If you are, is it safe? Find out today on Cyber Sentinel. Hello, I'm Alan Adcock, CEO of ASC Group. We're an IT consulting company based here in Atlanta, Georgia. In this week on Cyber Sentinel, we're gonna talk about some applications that've got some breaches going on that need to get updated.

Is WhatsApp a safe messaging platform?

WhatsApp is a communication tool that's used globally. It's very popular overseas. It allows you to do fairly inexpensive or free communications with folks. And it's wildly distributed. About 1.5 billion installs worldwide. So, it's a well-known application. It's been revealed this week that they have what's called a buffer overflow vulnerability. So, there's some places where you enter data into there that does not quarantine that data, doesn't block out extra data flow. So, people can inject code into the application there. So, what's happened is it's been found out, there are actors on the internet who have tried to exploit this by using this buffer overflow vulnerability to load malware onto cell phones. This affects both iOS, Apple devices and Android devices. So, if you are a WhatsApp user, you need to make sure that you upgrade WhatsApp as soon as possible to the latest code to make sure that you are not open to this vulnerability. If you have that, you probably need to get some kind of a scanner to make sure that no malicious applications were loaded onto your phone. There's a lot of companies that make scanners for phones if you can find them in the app store. I think Sophos has a good one. So, do some searching around. See if you can't find one. Most of them are free for those platforms. So, again, WhatsApp, 1.5 billion users. Upgrade that right away to avoid this vulnerability. -

What is RDP?

RDP is Remote Desktop Protocol. It's a Microsoft product. Lots of companies use RDP for remote access into their networks. Back in the day, we used to stand up RDP connections through firewalls all the time, and companies would just go to a URL, go to an IP address, you put your username and password in, and your employees were able to work remotely through that. For several years now, the best practice has been to close those holes and make sure that you have a VPN, a virtual private network in place, to access the network. So, you're gonna log into your VPN first. Once you're on the VPN, then you go into your Remote Desktop Protocol, and log into your servers remotely. It's great, it's really efficient. It's fast because all of the processes are being done on the corporate network side. You're passing a little bit of data back and forth over that connection. For companies that are still publishing RDP through their firewalls for direct access, you really need to shut those holes. Over the last couple years, there's been a lot of widely publicized breaches of that protocol. The most recent one is here in the 79 vulnerabilities that came out in patches from Microsoft this week. So, you gotta make sure you close that up. You're gonna get hacked through that. We see it quite frequently. So, make sure you're going through and reviewing those firewalls. Ask your IT team. If that's closed, if you need help with that, reach out to us and we can help you get all those things closed up.

I've seen a lot online about a group known as Fxmp. Who are they?

There is a-- Well, previously it was a little-known group called Fxmp. This is a Russian and English-speaking hacker group who is advertising on the dark web that they have penetrated the top three antivirus manufacturers in the United States. So, these guys have infiltrated these three companies. They say they have extracted data out of those companies. They've got source code for the antivirus applications. They've got a bunch of other data on the users. They are offering this data for sale on the dark web for a mere $300,000. So, they have so far released bits and pieces of this that makes it look like this is legit, that they really did get in there. So, look for updates to your antivirus platform. The three compromised companies have not been named as of this report, but you can guess who they are. Definitely, want to make sure that you're looking out for updates to your AV package. Make sure that that's fully patched. I expect that once that source code is released, those AV vendors are going to be implementing security fixes to their security software. So, yet again, as with everything, if you install it, you gotta patch it, you gotta own it, and the AV software is no different in that respect. So, again, we'll hopefully have an update on this one in the future with what those three products are. And whether anybody actually paid the 300 grand to get that data and try to weaponize it. So, that's all we've got for this episode of Cyber Sentinel. If you've got questions that you want us to address on a future episode, reach out to us at #cybersentinel, and we'll get those on a future episode. In the meantime, just stay safe online.