#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for Messenger | Breaking Cybersecurity News | The Hacker News

UK to ban WhatsApp, iMessage and Snapchat Under New Laws

UK to ban WhatsApp, iMessage and Snapchat Under New Laws

Jul 11, 2015
If you rely on messaging apps to remain in contact with your family members and friends, then you may have to switch back to old-fashioned text messaging service in matter of weeks due to a new law currently going through Parliament. WhatsApp and Facebook Messenger to Ban in UK The popular messaging applications, including WhatsApp, Snapchat, iMessage and Facebook Messenger, could all potentially be banned in the UK under the controversial ' Snoopers Charter '. The Investigatory Powers Bill -- the so-called Snoopers Charter -- mentioned in the 2015 Queen's Speech , would allow UK government to eradicate instant messaging apps that refuse to switch off end-to-end encryption from their services. Earlier this year in light of the Charlie Hebdo shootings in Paris, Prime Minister David Cameron hinted at the crackdown when he claimed that he would ban encrypted messaging apps like Snapchat, WhatsApp and Messenger unless they didn't comply with new surve
Persistent XSS vulnerability in eBuddy Web Messenger

Persistent XSS vulnerability in eBuddy Web Messenger

Sep 02, 2011
Persistent XSS vulnerability in eBuddy Web Messenger A team member from Virtual Luminous Security , Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code. In-depth detail eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger). Exploit example Plain XSS (Not going to store, nor execute) <script>alert('eBuddy Persistent XSS');</script> Encoded text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E [*] The attacker sends the encoded embedded code in an IM message. [*] The victim receives the message with the encoded embedded code and it executes on the victims browser.
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware

Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware

Jan 04, 2022
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by [antivirus] engines, with the final stage leading to Purple Fox rootkit infection," researcher Natalie Zargarov  said . First discovered in 2018, Purple Fox comes with rootkit capabilities that allow the malware to be planted beyond the reach of security solutions and evade detection. A March 2021 report from Guardicore  detailed  its worm-like propagation feature, enabling the backdoor to spread more rapidly. Then in October 2021, Trend Micro researche
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Signal is Most Secure Messenger, 'Useless Data' Obtained by FBI Proves It All

Signal is Most Secure Messenger, 'Useless Data' Obtained by FBI Proves It All

Oct 04, 2016
Do you trust your messaging app even though it uses end-to-end encryption? As I previously said end-to-end encryption doesn't mean that your messages are secure enough to hide your trace. It's because most of the messaging apps still record and store a lot of metadata on your calls and messages that could reveal some of your personal information including dates and durations of communication, as well as the participants' phone numbers. Apple's iMessage app is the most recent and best example of this scenario. Just recently it was reported that the company stores a lot of information about its end-to-end encrypted iMessage, that could reveal your contacts and location, and even share this data with law enforcement via court orders. But if you are using open source end-to-end encrypted Signal   app, you are on the safer side. Trust me! As we previously reported that the Signal app, which is widely considered the most secure of all other encrypted messaging a
Researcher Found TextSecure Messenger App Vulnerable to Unknown Key-Share Attack

Researcher Found TextSecure Messenger App Vulnerable to Unknown Key-Share Attack

Nov 03, 2014
Do you use  TextSecure Private Messenger  for your private conversations? If yes, then Are you sure you are actually using a Secure messaging app? TextSecure , an Android app developed by Open WhisperSystems , is completely open-source and claims to support end-to-end encryption of text messages. The app is free and designed by keeping privacy in mind. However, while conducting the first audit of the software, security researchers from Ruhr University Bochum found that the most popular mobile messaging app is open to an Unknown Key-Share attack . After Edward Snowden revealed state surveillance programs conducted by the National Security Agency, and meanwhile when Facebook acquired WhatsApp , TextSecure came into limelight and became one of the best alternatives for users who want a secure communication. " Since Facebook bought WhatsApp , instant messaging apps with security guarantees became more and more popular ," the team wrote in the paper titled,
Skype Finally Adds End-to-End Encryption for Private Conversations

Skype Finally Adds End-to-End Encryption for Private Conversations

Jan 12, 2018
Good news for Skype users who are concerned about their privacy. Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger. End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages. Signal Protocol is an open source cryptographic protocol that has become an industry-wide standard—which is used in  Facebook Messenger , Whatsapp , and Google Allo for secure messaging. Dubbed Private Conversations , the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files. "Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family," the company announced .  "Private Conversations can only be betwe
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Mar 17, 2023 Cryptocurrency / Mobile Security
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware . "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of clipper malware on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps. "Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware," the Slovak cybersecurity firm added. The attack chain begins with unsuspecting users clicking on fraudulent ads on Google search results that lead to hundreds of sketchy YouTube channels, which then direct them
Complete IRC chat of PlayStation Network hacker !

Complete IRC chat of PlayStation Network hacker !

Apr 27, 2011
IRC chat of PlayStation Network hacker and How PSN hacked ! Now known that the PlayStation Network has been compromised, there are more details out. First came the log of the hacker who penetrated inside the PlayStation Network and we just had information from Sony itself that the burglary had been working over the PSN taken offline. Now we have for you a chat log between hackers who talk about security and encrypting the PlayStation Network. They say that the known credit card information easily available to hackers that they can not even enter their data via the PSN. The Credit Card encrypted data simply were not enough, so everything is easy to read. Watch the full chat was held on February 16 between hackers. [user1] xxx: I don't think there are many people involved in circumventing PSN access in /this/ channel [ "application/x-i-5-ticket" reason=40 > PSN error 80710101 ] [user2] talk about network stuff? [user2] nice [user2] i just finished decrypting 100
Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

Oct 04, 2023 Mobile Security / Spyware
New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy . DragonEgg , alongside WyrmSpy (aka AndroidControl), was  first disclosed  by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed to the Chinese nation-state group APT41. On the other hand, details about LightSpy came to light in March 2020 as part of a campaign dubbed  Operation Poisoned News  in which Apple iPhone users in Hong Kong were targeted with watering hole attacks to install the spyware. Now, according to Dutch mobile security firm ThreatFabric, DragonEgg attack chains involve the use of a trojanized Telegram app that's designed to download a second-stage payload (smallmload.jar), which, in turn, is configured to download a third component codenamed Core. Further analysis of the artifacts has revealed that the Android variant of the implan
Facebook Helps FBI to shuts down Butterfly botnet theft $850 millions

Facebook Helps FBI to shuts down Butterfly botnet theft $850 millions

Dec 12, 2012
The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security sy
RCSAndroid — Advanced Android Hacking Tool Leaked Online

RCSAndroid — Advanced Android Hacking Tool Leaked Online

Jul 24, 2015
As digging deeper and deeper into the huge Hacking Team data dump , security researchers are finding more and more source code, including an advanced Android Hacking Tool. Yes, this time researchers have found a source code to a new piece of weaponized android malware that had the capability to infect millions of Android devices even when users are running latest versions of the android mobile operating system. Trend Micro researchers found that the Italian spyware company was selling RCSAndroid (Remote Control System Android) , which they says, is one of the "most professionally developed and sophisticated" pieces of Android malware a.k.a Android hacking tool they have ever seen. RCSAndroid is a sophisticated, real-world surveillance and hacking tool that provides even unskilled hackers to deploy one of the world's more advanced surveillance suites for Google's mobile operating system Android. List of Creepy Features of Android Hacking Tool
New Variant of Emotet Banking Malware targets German Users

New Variant of Emotet Banking Malware targets German Users

Jan 07, 2015
A new Spam email campaign making the rounds in Germany are delivering a new variant of a powerful banking malware , a financial threat designed to steal users' online banking credentials, according to security researchers from Microsoft. The malware, identified as Emotet , was first spotted last June by security vendors at Trend Micro. The most standout features of Emotet is its network sniffing ability , which enables it to capture data sent over secured HTTPS connections by hooking into eight network APIs, according to Trend Micro. Microsoft has been monitoring a new variant of Emotet banking malware , Trojan:Win32/Emotet.C , since November last year. This new variant was sent out as part of a spam email campaign that peaked in November. Emotet has been distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware. HeungSoo Kang of Microsoft's Malware Protection Center identifi
Cybersecurity Resources