#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Signal Messenger | Breaking Cybersecurity News | The Hacker News

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
Aug 16, 2022
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company  said . "All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private and secure and were not affected." Signal, which uses Twilio to send SMS verification codes to users registering with the app, said it's in the process of alerting the affected users directly and prompting them to re-register the service on their devices. The development comes less than a week after Twilio  revealed  that data associated with about 125 customer accounts were accessed by malicious actors through a phishing attack that duped the comp

Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Twitter's New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal
Apr 28, 2022
Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages ( DM ) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk  said  in a tweet. The statement comes days after the microblogging service  announced  it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash.  The deal, which is expected to be closed over the next six months, will see it becoming a privately held company. "Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated," Musk said in a statement. "I also want to make Twitter better than ever by enhancing the product with new features, making t

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps
Jan 20, 2021
In January 2019, a  critical flaw  was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other sta

Guide: Secure Your Privileged Access with Our Expert-Approved Template

cyber security
websiteDelineaIT Security / Access Control Security
Transform your Privileged Access Management with our Policy Template—over 40 expertly crafted statements to elevate compliance and streamline your security.

A SaaS Security Challenge: Getting Permissions All in One Place 

A SaaS Security Challenge: Getting Permissions All in One Place
May 08, 2024Attack Surface / SaaS Security
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have a single screen within these applications th
Expert Insights
Cybersecurity Resources