Security News

S3 Ep13: A chat with hacker Keren Elazari [Podcast]
2020-12-31 17:13

Latest episode - listen now!

S3 Ep12: A chat with social engineering hacker Rachel Tobac [Podcast]
2020-12-24 12:25

How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Join us for a fascinating interview with Rachel about her journey, why you should always be "Politely paranoid", and the people who inspired her along the way.

Android chat app with 100 million installs exposes private messages
2020-11-19 10:12

GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users. By abusing a flaw in the app, unauthenticated attackers can gain access to private voice messages, videos, and photos shared by GO SMS Pro users as Trustwave security researchers discovered three months ago.

Rights Activists Slam EU Plan for Access to Encrypted Chats
2020-11-09 15:59

Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages. The plan, first reported by Austrian public broadcaster FM4, reflects concern among European countries that police and intelligence services can't easily monitor online chats that use end-to-end encryption, such as Signal or WhatsApp.

Link Previews in Chat Apps Pose Privacy, Security Issues: Researchers
2020-10-27 04:42

An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn. Link previews provide users with information on what a link received in chat would lead them to, regardless of whether it is a file or a web page.

Infosec researchers pwned Comcast's voice-activated remote control so it could snoop on household chit-chat
2020-10-07 13:02

A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it. Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network
2020-07-03 04:56

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security.

Zoom will offer proper end-to-end encryption to free vid-chat accounts – not just paid-up bods – once you verify your phone number...
2020-06-17 20:58

Zoom today said it will make end-to-end encryption available to all of its users, regardless of whether they pay for it or not. We note that Google Meet and other rival services do not offer E2EE. "Today, Zoom released an updated E2EE design on GitHub," Zoom CEO Eric Yuan said.

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
2020-06-03 08:53

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
2020-06-03 08:53

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.