#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Search results for Messenger | Breaking Cybersecurity News | The Hacker News

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

Telegram Calling Feature Leaks Your IP Addresses—Patch Released

Oct 01, 2018
The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet. Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users' IP addresses by default during voice calls due to its peer-to-peer (P2P) framework. To improve voice quality, Telegram by default uses a P2P framework for establishing a direct connection between the two users while initiating a voice call, exposing the IP addresses of the two participants. Telegram Calls Could Leak Your
Researcher finds a way to Delete and Modify Facebook Messages Sent to Other Users

Researcher finds a way to Delete and Modify Facebook Messages Sent to Other Users

Jun 07, 2016
Sometimes I receive emails from our readers who wanted to know how to hack Facebook account , but just to delete some of their messages they have sent to their friends or colleagues mistakenly or under wrong circumstances like aggression. How to hack a Facebook account? It is probably the biggest "n00b" question you will see on the Internet. The solution for this query is hard to find — but recently researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger. According to the researcher  Roman Zaikin  from cyber security firm Check Point , a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app, potentially allowing anyone to modify or delete any of his/her sent message, photo, file, and link. Though the bug is simple, it could be exploited by malicious users to send a legitimate link in a Facebook chat or group chat, and later change it to a malicious link t
8 Best Android Apps To Improve Privacy and Security

8 Best Android Apps To Improve Privacy and Security

Apr 30, 2015
Just to have a good anti-virus protection app in your smartphone doesn't mean a complete Security. As Mobile Device Security is comprised of security of different features, such as: Data privacy and security features Permission restrictions for snoopy apps A blacklist for undesired calls An excellent backup capability, in case your smartphone gets deteriorated. As well as encryption functionality. Google's Android is a very flexible mobile operating system that can fulfill all these mobile device security challenges if you select the right security applications from Google Play Store. No doubt, Google Play Store has an abundance of suitable options, and it's quite difficult for you to select the ones that meet all your expectations. So, I decided to help you by making a short list of the best mobile device security applications that I always carry in my Android smartphone. Here are the best security apps you must have in your Android smartphone; have a look
Facebook Fired An Intern After He Exposes How to Track Users' Location

Facebook Fired An Intern After He Exposes How to Track Users' Location

Aug 14, 2015
Previously, we posted about a privacy issue in Facebook messenger ; Aran Khanna , a Harvard University student, discovered ' A Marauder's Map ' that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook… …But destiny had planned something else for him, as after publicly stating the risk associated with the app; Facebook withdrew his candidature as a summer intern. Why Facebook Fired Him? Khanna himself confessed to be an avid user of the Facebook Messenger app , as it is an integral part of his social life. However, one day, while going through his chat history he found that a location is attached to each message he has sent and received from his device. Also, the location is shared with the ' power of default ' even if you choose to turn the location sharing option off. This made him look for the complete inside story, which brought him to a strange thing while writing the
WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users

WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users

Sep 16, 2019
Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature on which millions of people today rely to escape the awkwardness of mistakenly sending messages / pictures / videos to the wrong person. As the name indicates, the ' Delete for Everyone ' feature is intended to unsend mistakenly sent inappropriate messages—including text, photos and videos—from the recipient's phone, or from the phones of all members of a group. In the case of WhatsApp, the feature is only available within 1 hour, 8 minutes, and 16 seconds of sending a message you want to delete, which is fine and a fair use case. However, it tur
How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

Feb 05, 2016
What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for "Bishop" R for "Rook" Q for "Queen" K for "King" N for "Knight" P for "Pawn" Pawns could be moved by issuing the simple commands
Ricochet — Most Secure Peer-to-Peer Encrypted Messenger that Sends No Metadata

Ricochet — Most Secure Peer-to-Peer Encrypted Messenger that Sends No Metadata

Feb 23, 2016
There are several encrypted messaging apps for mobile and desktop platforms that shipped with "The Most Secure" tagline but ends up in de-anonymizing the real identity of its users in some or the other way. In fact, very few encrypted messaging apps available today deal with the core problem of Metadata .  The majority of apps offer end-to-end encryption that kept the content of your messages away from prying eyes, but your metadata will still be accessible to them, which is enough to know who you really are, and who you're talking to. But, one messenger app stands out of the crowd by providing superb anonymity to its users, and it is dubbed as " Ricochet ." Ricochet is a peer-to-peer instant messaging system available for Windows, Mac, and Linux and you can trust it as the app has already cleared its first professional security audit carried out by cyber security company NCC Group . What's so Promising about Ricochet? Unlike
Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Oct 26, 2020
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. "Links shared in chats may contain private information intended only for the recipients," researchers Talal Haj Bakry and Tommy Mysk  said . "This could be bills, contracts, medical records, or anything that may be confidential." "Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers." Generating Link Previews at the Sender/Receiver Side Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link. Although apps like  Signal  and  Wire  give users the option to turn on/off l
WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

Jan 06, 2021
"Respect for your privacy is coded into our DNA," opens WhatsApp's  privacy policy . "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its  terms of service  and  privacy policy  that's expected to go into effect next month. The "key updates" concern how it processes user data, "how businesses can use Facebook hosted services to store and manage their WhatsApp chats," and "how we partner with Facebook to offer integrations across the Facebook Company Products." The mandatory changes allow WhatsApp to  share  more user data with other Facebook companies, including account registration information, phone numbers, transaction data, service-related information, interactions on the platform,
Beware! Malicious JPG Images on Facebook Messenger Spreading Locky Ransomware

Beware! Malicious JPG Images on Facebook Messenger Spreading Locky Ransomware

Nov 26, 2016
If you receive an image file sent by someone, even your friend, on your Facebook Messenger, LinkedIn or any other social media platform, just DO NOT CLICK ON IT. Even JPG image file could eventually infect your computer with the infamous Locky Ransomware . Earlier this week, we reported a new attack campaign that used Facebook Messenger to spread Locky Ransomware via .SVG image files, although Facebook denied this was the case. Now, researchers have discovered that the ongoing spam campaign is also using boobytrapped .JPG image files in order to download and infect users with the Locky Ransomware via Facebook, LinkedIn, and other social networking platforms. Security researchers from Israeli security firm Check Point have reportedly discovered how cyber criminals are hiding malware in image files, and how they are executing the malware code within these images to infect social media users with Locky variants. According to researchers, malware authors have discovered secu
Rodpicom Botnet spreading via Skype and MSN Messenger

Rodpicom Botnet spreading via Skype and MSN Messenger

Feb 10, 2013
Malwares are getting updated during the age of social networking. FortiGuard Labs researchers have discovered a new malware called ' Rodpicom Botnet ' that spreads via messaging applications such as Skype and MSN Messenger. Dubbed W32/Rodpicom.A - Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot . Once the target machine is infected, it checks to see if the victim is using any messaging applications such as Skype or MSN Messenger.  It is revealed that, the malware employs new stealth tactics, including an exception handling technique that generates its own error to dodge analysis and relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times. The malware is enough smart to checks the language of the installed operating
7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

May 11, 2018
Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users worldwide. Dubbed Nigelthorn, the malware is rapidly spreading through socially engineered links on Facebook and infecting victims' systems with malicious browser extensions that steal their social media credentials, install cryptocurrency miners, and engage them in click fraud. The malware was pushed through at least seven different Chrome browser extensions—all were hosted on Google's official Chrome Web Store. These malicious Chrome browser extensions were first discovered by researchers at cybersecurity firm Radware, after a "well-protected network" of one of its custo
BitTorrent Unveiled New Decentralized "Bleep" Instant Messenger

BitTorrent Unveiled New Decentralized "Bleep" Instant Messenger

Jul 31, 2014
Pretty good news for privacy-oriented people! BitTorrent unwraps its new instant messaging program that doesn't store your metadata and helps you with encrypted communication to keep your online conversations private, whether its voice or text communications. BitTorrent named its Online chat service as " Bleep ", a decentralised peer-to-peer voice and text communications platform that offers end-to-end encryption, therefore is completely safe from the prying eyes. In order to spread users' voice and text conversations, Bleep make use of the BitTorrent distributed network rather than a centralised server. Unlike Skype or Google Hangouts, Bleep comes with with a completely decentralized design, giving you extremely strong anonymity. WHY BLEEP? " We never see your messages or metadata, " said Jaehee Lee, the senior product manager for Bleep, in a blog post announcing the new app on Wednesday. " As far as we're concerned, anything you say is 'bleep'
UK to ban WhatsApp, iMessage and Snapchat Under New Laws

UK to ban WhatsApp, iMessage and Snapchat Under New Laws

Jul 11, 2015
If you rely on messaging apps to remain in contact with your family members and friends, then you may have to switch back to old-fashioned text messaging service in matter of weeks due to a new law currently going through Parliament. WhatsApp and Facebook Messenger to Ban in UK The popular messaging applications, including WhatsApp, Snapchat, iMessage and Facebook Messenger, could all potentially be banned in the UK under the controversial ' Snoopers Charter '. The Investigatory Powers Bill -- the so-called Snoopers Charter -- mentioned in the 2015 Queen's Speech , would allow UK government to eradicate instant messaging apps that refuse to switch off end-to-end encryption from their services. Earlier this year in light of the Charlie Hebdo shootings in Paris, Prime Minister David Cameron hinted at the crackdown when he claimed that he would ban encrypted messaging apps like Snapchat, WhatsApp and Messenger unless they didn't comply with new surve
Persistent XSS vulnerability in eBuddy Web Messenger

Persistent XSS vulnerability in eBuddy Web Messenger

Sep 02, 2011
Persistent XSS vulnerability in eBuddy Web Messenger A team member from Virtual Luminous Security , Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code. In-depth detail eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger). Exploit example Plain XSS (Not going to store, nor execute) <script>alert('eBuddy Persistent XSS');</script> Encoded text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E [*] The attacker sends the encoded embedded code in an IM message. [*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.