Telegram | Breaking Cybersecurity News | The Hacker News

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet. Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users' IP addresses by default during voice calls due to its peer-to-peer (P2P) framework. To improve voice quality, Telegram by default uses a P2P framework for establishing a direct connection between the two users while initiating a voice call, exposing the IP addresses of the two participants. Telegram Calls Could Leak Your

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash. The Telegram vulnerability was uncovered by security researcher Alexey Firsh from Kaspersky Lab last October and affects only the Windows client of Telegram messaging software. The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine, according to a blogpost on Securelist. Here's How Telegram Vulnerability Works The vulnerability resides in the way Telegram Windows client handles the RLO (right-to-left override) Unicode character (U+202E), which is used for coding languages that are written from right to left, li

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers

Russia has threatened to ban Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country's new data protection laws. Russian intelligence service, the FSB, said on Monday that the terrorists that killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot their attacks. According to the new Russian Data Protection Laws, as of January 1, all foreign tech companies have been required to store the past six months' of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog). "And to officially send it to Roskomnadzor to include this data in the registry of organizers of d

Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling . And what's interesting? Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence. No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls. Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes. However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way

Next time when someone sends you a photo of a cute cat or a hot chick on WhatsApp or Telegram then be careful before you click on the image to view — it might hack your account within seconds. A new security vulnerability has recently been patched by two popular end-to-end encrypted messaging services — WhatsApp and Telegram — that could have allowed hackers to completely take over user account just by having a user simply click on a picture. The hack only affected the browser-based versions of WhatsApp and Telegram, so users relying on the mobile apps are not vulnerable to the attack. According to Checkpoint security researchers, the vulnerability resided in the way both messaging services process images and multimedia files without verifying that they might have hidden malicious code inside. For exploiting the flaw, all an attacker needed to do was sending the malicious code hidden within an innocent-looking image. Once the victim clicked on the picture, the attacker coul

We have heard a lot about data breaches nowadays. And if you think that switching to an encrypted messaging service may secure you and your data, then you may be wrong. No good deed today can help you protect yourself completely. Reuters and several media outlets are reporting that the phone numbers of 15 Million users in Iran and more than a dozen accounts on the Telegram instant messaging service have been compromised by Iranian hackers exploiting an SMS text message flaw. Telegram is a messaging app " with a focus on security " that promotes itself as an ultra secure instant messaging system as all data is end-to-end encrypted. The service claims to have 100 Million active subscribers. According to research conducted by two security researchers, Collin Anderson and Claudio Guarnieri, this attack has threatened the communications of activists, journalists and other people in Iran, where around 20 Million people use Telegram. The incident is even said to be the

Last year, Iran blocked Telegram and many other social networks after their founders refused to help Iranian authorities to spy on their citizens. Now it looks like Iranian government wants tighter controls on all foreign messaging and social media apps operating in the country that will give the authorities a wider ability to monitor and censor its people. All foreign messaging and social media apps operating in Iran have one year to move 'data and activity' associated with Iranian citizens onto servers in Iran, Reuters reported . In order to comply with the new regulations, the companies would need to set up data centers in Iran within one year, but apps may lose a larger number of users by moving data onto Iranian servers. However, transferring data to Iran servers might not be enough, as some of the most popular messaging services like WhatsApp , Apple iMessage , and Telegram are offering end-to-end encrypted communication i.e. nobody in between, not even Whats

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop's web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [ Watch Video Demo ] "Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says. However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account's settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client. " I sent [bug report] it to them [Telegram team]

The terrorist groups affiliated with the Islamic State have an extensive presence not only on social media accounts but also on the popular end-to-end encrypted messaging app Telegram through which they communicate with their followers and spread terror propaganda materials. Telegram has always been terrorist's favorite, but ISIS had been using the app since October, when Telegram introduced an end-to-end encrypted Secret Chat feature that lets users broadcast messages to an unlimited number of subscribers. Moreover, Telegram also provides self-destructing message feature that allows users to set their messages to self-destruct itself after a certain period of time. But, the Good News is: The nonprofit organization that runs Telegram has blocked around 78 ISIS-affiliated channels that the terrorists used to: Communicate with their members Spread propaganda Recruit foreign supporters Plan operations Radicalize young people "We were disturbed to learn that Telegram

In spite of all the things smartphones can do, messaging remains one of the most popular activities. Popular messaging apps like WhatsApp , Viber, WeChat  support text messages, voice calls, photo & video sharing features, but there is no provision for sharing every file types on these amazing messengers. But, some or the other day, we all got struck into an awkward situation where we have to share PDF, apk or zip files with our friends while chatting. However using any other 3rd-party file sharing services, we can share image, video, audio, zip files or any other file type with our friends, but it would be a lengthy process and sometimes require to use computer. Gone are the days when you relied on your computer to get all of your work done. Telegram Messenger , the most popular and ultra secure messaging application, is now offering file sharing feature that allows its users to share large files and documents (up to 1.5GB) securely . Telegram is a messaging a

WhatsApp acquisition may have had a negative impact on the reputation of the company, it seems many users are planning to switch the service and a few of them have already done it. In our previous article, we have mentioned that why you should switch from WhatsApp to an encrypted Chat messaging service . Mobile messaging apps often used to deliver sensitive data or used for personal and corporate communications, so the data stored by the service provider should be encrypted end-to-end, which is not yet in the case of WhatsApp. There are many mobile messaging applications like Japan-based  Line , China's  WeChat , Korea-based  KakaoTalk , and Canada's  Kik , India-based  Hike  and many more, but they are not end-to-end encrypted messengers. Time is loudly announcing the need to shift to some alternates which provides end-to-end encryption for communication between two devices and respect your Privacy. There are a number of solutions available includes -  Telegram,  Surespot