Category Archives: encrypted messaging

The FBI Director thinks this company found an answer to ‘Going Dark’

Posted on by

FBI Director Christopher Wray did something Wednesday few of his recent predecessors have done: He finally provided what the bureau believes is a model for how private U.S. technology companies can comply with law enforcement requests to access encrypted data. Wray, who spoke Wednesday at a FBI conference in Boston, claimed that it’s still possible to develop a workaround for law enforcement to collect evidence on encrypted systems that is “consistent with both the rule of law and strong cybersecurity.” In prepared remarks, the FBI director specifically named Palo Alto, Calif.-based Symphony, the creator of an encrypted messaging platform that’s popular in the banking industry, as an example for how other technology companies could one day work with the FBI. “Some of you may know about the chat and messaging platform called Symphony,” Wray said Wednesday. “This was used by a group of major banks, and marketed as offering something called ‘guaranteed […]

The post The FBI Director thinks this company found an answer to ‘Going Dark’ appeared first on Cyberscoop.

Continue reading The FBI Director thinks this company found an answer to ‘Going Dark’

Telegram zero day used to spread cryptomining malware

Posted on by

A zero-day vulnerability in the popular encrypted messaging app Telegram has subjected affected users to remote cryptomining for months, according to research released Tuesday by Kaspersky Lab. The vulnerability is in the chat app’s Windows client, Kaspersky researcher Alexey Firsh writes. The weakness specifically is in the way Telegram deals with a Unicode character that reverses the direction of text in the app. A hacker sends a victim what appears to be a .png image attachment. As a result of trickery with the Unicode character, it is actually a JavaScript file that installs malware on their system. Kaspersky found that the vulnerability has been exploited to mine cryptocurrency such as Monero, Zcash and Fantomcoin on a victim’s computer. In some cases, the zero day was used to deploy spyware or remote control malware. Firsh writes that Kaspersky doesn’t know exactly which versions of Telegram have been affected in the past, […]

The post Telegram zero day used to spread cryptomining malware appeared first on Cyberscoop.

Continue reading Telegram zero day used to spread cryptomining malware

Threatpost News Wrap, September 29, 2017

Posted on by

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed. Continue reading Threatpost News Wrap, September 29, 2017

Facebook Messenger upgrades encrypted chat feature

Posted on by

Chatting on Facebook is quietly getting more secure. The social media company’s Messenger, used by more than 900 million people around the world, just launched a significant usability upgrade to its “Secret Conversations” feature that enables encrypted communications between two people on multiple devices. Previously, encrypted communications were available to one device per person, severely limiting their attractiveness in a world where people rapidly switch between mobile, tablets and desktop devices. NEW! Facebook #Messenger “Secret Conversations” End-to-End Encryption is rolling out multi-device E2E chats! pic.twitter.com/awy4URXYcH — Alec Muffett (@AlecMuffett) May 18, 2017 Messenger’s adoption of strong encryption and this latest feature upgrade has won plaudits in the privacy community. The change, however, was practically whispered in a small update to a year-old blog post that had first announced the encryption features — and Facebook only added the information after users actually noticed the existence of the new feature.  For a company with the ability to […]

The post Facebook Messenger upgrades encrypted chat feature appeared first on Cyberscoop.

Continue reading Facebook Messenger upgrades encrypted chat feature

Why Jabber reigns across the Russian cybercrime underground

Posted on by

Much of the Russian cybercrime underworld is an enigma, but one technology serves as a crucial common link across all of it: Jabber. In a space of cutting-edge tech, creativity and crime, the 18-year-old instant messenger is the most popular communication tool among Russian-speaking cybercriminals, according to new research from the security firm Flashpoint. It’s how hackers make deals, share intelligence and offer tech support on their malware products. While it already reigns in Russian communities, Jabber is simultaneously rising in popularity for cybercriminals around the world. It’s a testament not only to the quality of the technology, but also to the influence of hacking trends set in Russia. “In the cybercriminal economy, Jabber is seen as the gold standard for communication,” Leroy Terrelonge III, a senior researcher at the security firm Flashpoint, told CyberScoop. Jabber (also known as XMPP or Extensible Messaging and Presence Protocol) is an open-source, federated instant messenger with thousands of independent servers and […]

The post Why Jabber reigns across the Russian cybercrime underground appeared first on Cyberscoop.

Continue reading Why Jabber reigns across the Russian cybercrime underground