Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security …
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …
Signal takes a quantum leap with E2EE protocol upgrade
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum …
Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store
ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the …
Researchers publish post-quantum upgrade to the Signal protocol
PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal …
0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in …
1,900 Signal users exposed following Twilio breach
The attacker behind the recent Twilio data breach may have accessed phone numbers and SMS registration codes for 1,900 users of the popular secure messaging app Signal. …
Bugs in Signal, other video chat apps allowed attackers to listen in on users
Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users’s surroundings. The vulnerabilities – in Signal, Google Duo, Facebook …
Mobile messengers expose billions of users to privacy attacks
Popular mobile messengers expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book, according to …
Cybercriminals are using IM platforms as marketplaces
Cybercriminals are increasingly using IM platforms like Telegram, Discord, Jabber, WhatsApp, IRC and others to advertise and sell their goods and services, IntSight …
Signal fixes location-revealing flaw, introduces Signal PINs
Signal has fixed a vulnerability affecting its popular eponymous secure communications app that allowed bad actors to discover and track a user’s location. The non …
Amazon to kill off censorship-foiling domain fronting option
Secure messaging services and other privacy-oriented tools that rely on domain fronting to foil censorship efforts by various countries have been dealt a severe blow in the …