Telegram zero day used to spread cryptomining malware

A zero-day vulnerability in the popular encrypted messaging app Telegram has subjected affected users to remote cryptomining for months, according to research released Tuesday by Kaspersky Lab. The vulnerability is in the chat app’s Windows client, Kaspersky researcher Alexey Firsh writes. The weakness specifically is in the way Telegram deals with a Unicode character that reverses the direction of text in the app. A hacker sends a victim what appears to be a .png image attachment. As a result of trickery with the Unicode character, it is actually a JavaScript file that installs malware on their system. Kaspersky found that the vulnerability has been exploited to mine cryptocurrency such as Monero, Zcash and Fantomcoin on a victim’s computer. In some cases, the zero day was used to deploy spyware or remote control malware. Firsh writes that Kaspersky doesn’t know exactly which versions of Telegram have been affected in the past, […]

The post Telegram zero day used to spread cryptomining malware appeared first on Cyberscoop.

Continue reading Telegram zero day used to spread cryptomining malware

Threatpost News Wrap, August 25, 2017

The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities. Continue reading Threatpost News Wrap, August 25, 2017

Facebook Messenger upgrades encrypted chat feature

Chatting on Facebook is quietly getting more secure. The social media company’s Messenger, used by more than 900 million people around the world, just launched a significant usability upgrade to its “Secret Conversations” feature that enables encrypted communications between two people on multiple devices. Previously, encrypted communications were available to one device per person, severely limiting their attractiveness in a world where people rapidly switch between mobile, tablets and desktop devices. NEW! Facebook #Messenger “Secret Conversations” End-to-End Encryption is rolling out multi-device E2E chats! pic.twitter.com/awy4URXYcH — Alec Muffett (@AlecMuffett) May 18, 2017 Messenger’s adoption of strong encryption and this latest feature upgrade has won plaudits in the privacy community. The change, however, was practically whispered in a small update to a year-old blog post that had first announced the encryption features — and Facebook only added the information after users actually noticed the existence of the new feature.  For a company with the ability to […]

The post Facebook Messenger upgrades encrypted chat feature appeared first on Cyberscoop.

Continue reading Facebook Messenger upgrades encrypted chat feature

Symphony, a messaging app backed by Wall St, gets $63M at a $1B+ valuation

 Symphony, a secure messaging app that counts 15 of the world’s biggest banks among its investors and 200,000 paying customers, has raised a new tranche of funding to fuel its expansion into new markets. Symphony has closed in on $63 million; and according to sources close to the company, the startup is now valued at over $1 billion — confirming our reporting from December. This… Read More Continue reading Symphony, a messaging app backed by Wall St, gets $63M at a $1B+ valuation

Why Jabber reigns across the Russian cybercrime underground

Much of the Russian cybercrime underworld is an enigma, but one technology serves as a crucial common link across all of it: Jabber. In a space of cutting-edge tech, creativity and crime, the 18-year-old instant messenger is the most popular communication tool among Russian-speaking cybercriminals, according to new research from the security firm Flashpoint. It’s how hackers make deals, share intelligence and offer tech support on their malware products. While it already reigns in Russian communities, Jabber is simultaneously rising in popularity for cybercriminals around the world. It’s a testament not only to the quality of the technology, but also to the influence of hacking trends set in Russia. “In the cybercriminal economy, Jabber is seen as the gold standard for communication,” Leroy Terrelonge III, a senior researcher at the security firm Flashpoint, told CyberScoop. Jabber (also known as XMPP or Extensible Messaging and Presence Protocol) is an open-source, federated instant messenger with thousands of independent servers and […]

The post Why Jabber reigns across the Russian cybercrime underground appeared first on Cyberscoop.

Continue reading Why Jabber reigns across the Russian cybercrime underground

As White House puts pressure on leakers, Cloakroom app sees business opportunity

A hazardous political landscape in Washington — underlined by a White House desperate to plug leaks — has spurred the use of encrypted messaging apps by federal employees. For software developers, this nervousness and anxiety translates into a very real opportunity. In light of media reports noting the growing use of WhatsApp, Confide and Signal […]

The post As White House puts pressure on leakers, Cloakroom app sees business opportunity appeared first on Cyberscoop.

Continue reading As White House puts pressure on leakers, Cloakroom app sees business opportunity