Security News

"We have now reached the point where SMS support no longer makes sense. In order to enable a more streamlined Signal experience, we are starting to phase out SMS support from the Android app," the company said in a blog post published today. Signal will start notifying them to export their SMS messages and switch to a new default app to manage their SMS messages.

Signal is urging its global community to help people in Iran stay connected with each other and the rest of the world by volunteering proxies to bypass the aggressive restrictions imposed by the Iranian regime. On Monday, the Iranian regime severely restricted internet connectivity in the country, imposing broad blocks on all ISPs, sometimes leaving internet users entirely offline for several hours.

Apple strengthens security and privacy in iOS 16Apple announced additional security and privacy updates for its newest mobile operating system. Government guide for supply chain security: The good, the bad and the uglyJust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.'s most prestigious security agencies dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography can be added to the Signal secure messaging protocol to protect it from quantum attacks. The company is offering to license its end-to-end encrypted messaging IP to the Signal Foundation pro bono - if/when they plan to upgrade their system - to support the non-profit behind the free encrypted messaging app, Signal, in its mission to make secure communication accessible to everyone.

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards. "Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away."

All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected. For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal.

Apple fixes exploited zero-days: Update your devices!Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild. 1,900 Signal users exposed following Twilio breachThe attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal.

Signal - considered one of the better secured of all the encrypted messaging apps - claims the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts. According to Signal's security note, when Twilio was hit by a phishing attack earlier this month, this may potentially have led to the phone number of 1,900 Signal users being revealed as registered to a specific Signal account.

The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal. "Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we've received a report from one of those three users that their account was re-registered," the Signal team shared on Monday.

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said.