#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Messaging app | Breaking Cybersecurity News | The Hacker News

Category — Messaging app
Telegram Agrees to Share User Data With Authorities for Criminal Investigations

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

Sep 24, 2024 Data Privacy / Cybercrime
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests," Telegram CEO Pavel Durov said in a post. To that end, the company now explicitly states - "If Telegram receives a valid order from the relevant judicial authorities that confirms you're a suspect in a case involving criminal activities that violate the Telegram Terms of Service, we will perform a legal analysis of the request and may disclose your IP address and phone number to the relevant authorities." Such data disclosures, it said, will be included in its periodic transparency reports . It further noted that the service may collect metadata...
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Sep 06, 2024 Privacy / Data Security
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed by third-parties on the platform he manages is a misguided approach." Durov was charged late last month for enabling various forms of criminal activity on Telegram, including drug trafficking and money laundering, following a probe into an unnamed person's distribution of child sexual abuse material on the messaging service. He also highlighted the struggles to balance both privacy and security, noting that Telegram is ready to exit markets that aren't compatible with its mission to "protect our users in authoritarian regimes." Durov also blamed ...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

Aug 29, 2024 Online Crime / Privacy
French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime, illicit transactions, drug trafficking, and fraud. Durov has also been charged with a "refusal to communicate, at the request of competent authorities, information or documents necessary for carrying out and operating interceptions allowed by law," according to an English translation of the press release. The 39-year-old was detained at Le Bourget airport north of Paris at 8 p.m. local time on Saturday after disembarking from a private jet. To avoid pretrial detention, Durov has been ordered to pay a €5 million bail, but he is barred from leaving the country and must rep...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Aug 27, 2024 Cyber Espionage / Malware
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT . The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said . HZ RAT was first documented by German cybersecurity company DCSO in November 2022, with the malware distributed via self-extracting zip archives or malicious RTF documents presumably built using the Royal Road RTF weaponizer . The attack chains involving RTF documents are engineered to deploy the Windows version of the malware that's executed on the compromised host by exploiting a years-old Microsoft Office flaw in the Equation Editor ( CVE-2017-11882 ). The second distribution method, on the other hand, masquerades as an installer for legitimate software such as OpenVPN, PuTTYgen, or E...
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Dec 01, 2023 Privacy / Data Protection
Meta-owned WhatsApp has launched a new  Secret Code  feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been  described  as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature called  Chat Lock  that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics. By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted. "You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added. The development comes weeks after What...
Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Feb 17, 2021
A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot. California-based Agora is a video, voice, and live interactive streaming platform, allowing developers to embed voice and video chat, real-time recording, interactive live streaming, and real-time messaging into their apps. The company's SDKs are estimated to be embedded into mobile, web, and desktop applications across more than 1.7 billion devices globally. McAfee disclosed the flaw (CVE-2020-25605) to Agora.io on April 20...
Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Oct 26, 2020
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. "Links shared in chats may contain private information intended only for the recipients," researchers Talal Haj Bakry and Tommy Mysk  said . "This could be bills, contracts, medical records, or anything that may be confidential." "Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers." Generating Link Previews at the Sender/Receiver Side Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link. Although apps like  Signal  and  Wire  give users the option to turn on/off l...
Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

Apr 25, 2017
Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs. What Happened? According to a security notice published on the company's website today, a vulnerability in a "popular third-party" software library used by its HipChat.com service allowed hackers to break into its server and access customer account information. However, HipChat did not say exactly which programming blunder the hackers exploited to get into the HipChat cloud server. What type of Information? Data accessed by the hackers include user account information such as customers' names, email addresses and hashed password information. Besides information, attackers may have obtained metadata from HipChat "rooms" or groups, including room name and room topic. While metadata is not as critical as d...
Iran orders all Messaging Apps to store its citizens' data within Country

Iran orders all Messaging Apps to store its citizens' data within Country

May 31, 2016
Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens. Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people. All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported . In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers. However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp , Apple iMessage , and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even Whats...
Why Facebook is buying WhatsApp for $19 Billion?

Why Facebook is buying WhatsApp for $19 Billion?

Feb 21, 2014
Popular Smartphone Messaging app  WhatsApp 's $19 billion acquisition by Social Network giant Facebook  made Headlines this week. While Some are applauding the move, and many other users are worried about WhatsApp's future and their privacy after this acquisition. Why So Serious? WhatsApp currently having 450 million active users and processes 50 billion messages a day. Service charges a nominal service fee of $1/year, that means Facebook is buying at $42.22 per user. $19 Billion / 450 million users  = $42.22 per user These figures show ,  obviously future revenue from WhatsApp can't cover the acquisition cost in the short or mid-term. " You can still count on absolutely no ads interrupting your communication. There would have been no partnership between our two companies if we had to compromise on the core principles that will always define our company, our vision and our product. " WhatsApp founder said in a  blo...
Expert Insights / Articles Videos
Cybersecurity Resources