Search results for Messenger | Breaking Cybersecurity News | The Hacker News

If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts' credentials. Dubbed FacexWorm , the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month. New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker's referral link for cryptocurrency-related referral programs. It is not the first malware to abuse Facebook Messenger

If you receive a video file ( packed in zip archive ) sent by someone ( or your friends ) on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices. Dubbed Digmine , the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name "video_xxxx.zip" (as shown in the screenshot), but is actually contains an AutoIt executable script. Once clicked, the malware infects victim's computer and downloads its components and related configuration files from a remote command-and-control (C&C) server. Digimine primarily installs a cryptocurrency miner, i.e.  miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for h

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis,  said  in a post published in The Telegraph over the weekend. The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously  outlined  plans to be "fully end-to-en

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated by the European Commission (EC) as being required to independently provide interoperability to third-party messaging services," Meta's Dick Brouwer  said . DMA, which officially  became enforceable  on March 7, 2024, requires companies in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to meet certain obligations as part of the European Commission's efforts to clamp down on anti-competitive practices from tech players, level the playing field, as well as compel them to open some of their services to competitors. As part of its efforts to comply with the lan

Meta has once again reaffirmed its plans to roll out support for end-to-end encryption ( E2EE ) by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22, 2023, exactly seven months after it  started gradually expanding the feature  to more users in January 2023. The changes are part of CEO Mark Zuckerberg's "privacy-focused vision for social networking" that was announced in 2019, although it has since encountered significant technical challenges, causing it to  delay its plans  by a year. "Like many messaging services, Messenger and Instagram DMs were originally designed to function via servers," Timothy Buck, product manager for Messenger,  said . "Meta's servers act as the gateway between the message sender and receiver, what we call the clients." However, the addition of an

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to create a stealthy Internet Messenger (IM) and file transfer client, which is especially designed for whistleblowers. Dubbed as " ‪invisible.im " is an anonymous Instant Messenger (IM) that leaves no trace‬. The team behind the project called itself " The Infosec A-Team " which includes Metasploit Founder HD Moore , noted infosec and opsec experts The Grugq , an Australian security analyst Patrick Gray , and Richo . Invisible.im aims to serve the rigid anonymity needs of whistleblowers. The project website states: invisible.im was established to develop an instant messenger and file transfer tool that leaves virtually no evidence of conversations or transfers having occurred. Th

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by  Natalie Silvanovich  of Google's Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android. In a nutshell, the vulnerability could have granted an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser. "It would then trigger a scenario where, while the device is ringing, the caller would begin receiving audio either until the person being called answers or the call times out," Facebook's Security Engineering Manager Dan Gurfinkel  said . According t

WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubling both for the social media giant and its millions of users, guess who benefits the most out of the incident? TELEGRAM. Pavel Durov, the founder of the popular secure messaging platform Telegram, claims to have had a surge in sign-ups within the last 24 hours, at the time duration when its rival messaging services were facing downtime. "I see 3 million new users signed up for Telegram within the last 24 hours," Durov wrote on his Telegram channel. "Good. We have true privacy and unlimited space for everyone." Telegram is an excellent alternative to Facebook's Messenger and WhatsApp services, offering users an optional end-to-end encrypted messaging feature,

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called  GREF . "Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko  said  in a new report shared with The Hacker News. Victims have been primarily detected in Germany, Poland, and the U.S., followed by Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen. BadBazaar was  first documented  by Lookout in November 2022 as targeting the  U

Microsoft censors The Pirate Bay links on Windows Live Messenger Microsoft has decided to block access to The Pirate Bay from Windows Live Messenger. When users try to send an instant message to a friend with a link from The Pirate Bay, Windows Live Messenger displays a warning, saying that the link is " blocked because it was reported as unsafe ." " We block instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these and were consequently blocked ," Redmond told The Register in an emailed statement. The Pirate Bay has been a lightning rod of controversy for years now, as copyright holders take aim at the organisation for giving users access to their content. Much of the focus of last year's ill-fated Stop Online Piracy Act (SOPA) centered on stopping The Pirate Bay and other sites that provide a similar service. Still, The Pirate

In January 2019, a  critical flaw  was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other sta

Nir Goldshlager , Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for  sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger. Stored Cross-site Scripting ( XSS ) is the most dangerous type of Cross Site Scripting. Web applications where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc 1.) Stored XSS In Facebook Chat: This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user's browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user's browser etc. When a user starts a new message within Facebook that has a link inside, a preview GUI shows up for that post. The GUI is used for presenting the link post using a parameter i.e  attachment[params][title],attac

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automatically encrypts the connections between users and its email service. November last year, Yahoo revealed plans to encrypt all information that moves between its data centers and finally from 31st March Yahoo has taken another leap in user-data protection through the deployment of new encryption technologies. NSA TARGET LIST -  GMAIL, YAHOO, ... many more. Last year, It was revealed by  Edward Snowden  that under MUSCULAR program , the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers. After finding themselves in the NSA's target list, Yahoo! and Google forced to think hard about the security and privacy of its users. Google had replied back

Facebook on Friday said it's extending end-to-end encryption (E2EE) for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli  said  in a post. "This means that nobody else, including Facebook, can see or listen to what's sent or said. Keep in mind, you can report an end-to-end encrypted message to us if something's wrong." The social media behemoth said E2EE is becoming the industry standard for improved privacy and security. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a " secret conversation " option to its app, while communications on its sister platform What

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger —promoted as one of the most secure messengers in the world—isn't any exception. Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver's end without requiring his/her interaction. In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user's device and listen to all surrounding conversations. However, the Signal vulnerability can only be exploited if the receiver fails to answer an audio call over Signal, eventually forcing the incoming call to be automatically answered on the receiver's device

Is Facebook planning to integrate WhatsApp Messenger into its ' Facebook for Android ' app? Yes, this might be possible soon. According to latest rumours, Facebook is reportedly working on it. The social network giant, Facebook has begun testing a new feature in its Facebook app for Android that includes the first integration of WhatsApp Messenger, according to a blogger. WHATSAPP INTEGRATION INTO FACEBOOK APP According to this update, a year after of acquiring WhatsApp Messenger, Facebook has only added a 'Send' button with the WhatsApp icon. This WhatsApp ' send ' will work as part of the status actions options that appear under each status update. It means that Facebook for Android users soon may have this particular version of Facebook app with a dedicated WhatsApp button that would allow an Android user to share posts, status and anything else directly through WhatsApp by just clicking the Share button. If rumours are true, th

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet. Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users' IP addresses by default during voice calls due to its peer-to-peer (P2P) framework. To improve voice quality, Telegram by default uses a P2P framework for establishing a direct connection between the two users while initiating a voice call, exposing the IP addresses of the two participants. Telegram Calls Could Leak Your

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption ( E2EE ) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda  said . The social media behemoth said it intends to notify users in select individual chat threads as the security feature is enabled, while emphasizing that the process of choosing and upgrading the conversations to support E2EE is random. "It's designed to be random so that there isn't a negative impact on our infrastructure and people's chat experience," Miranda further explained. Along with flipping the switch on E2EE, Meta has also added more features into its encrypted chat experience, including support for themes, custom emojis and reactions, group profile photos, link previews, and active status. T

Sometimes I receive emails from our readers who wanted to know how to hack Facebook account , but just to delete some of their messages they have sent to their friends or colleagues mistakenly or under wrong circumstances like aggression. How to hack a Facebook account? It is probably the biggest "n00b" question you will see on the Internet. The solution for this query is hard to find — but recently researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger. According to the researcher  Roman Zaikin  from cyber security firm Check Point , a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app, potentially allowing anyone to modify or delete any of his/her sent message, photo, file, and link. Though the bug is simple, it could be exploited by malicious users to send a legitimate link in a Facebook chat or group chat, and later change it to a malicious link t