Security News
Google Project Zero researcher Natalie Silvanovich outlined what she believes is a common theme when it comes to serious vulnerabilities impacting leading chat platforms. The research, published Tuesday, identifies a common denominator within chat platforms, called "Calling state machine", which acts as a type of dial tone for messenger applications.
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls. The logic bugs were found by Google Project Zero security researcher Natalie Silvanovich in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.
The Federal Bureau of Investigation has issued a Private Industry Notification to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.
Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service. Those technical difficulties come as at least 30 million people joined the non-profit end-to-end encrypted communications platform in a matter of days this week.
Latest episode - listen now!
How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Join us for a fascinating interview with Rachel about her journey, why you should always be "Politely paranoid", and the people who inspired her along the way.
GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago.
Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages. The plan, first reported by Austrian public broadcaster FM4, reflects concern among European countries that police and intelligence services can't easily monitor online chats that use end-to-end encryption, such as Signal or WhatsApp.
An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn. Link previews provide users with information on what a link received in chat would lead them to, regardless of whether it is a file or a web page.
A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it. Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.