Finding the Location of Telegram Users

Security researcher Ahmed Hassan has shown that spoofing the Android’s “People Nearby” feature allows him to pinpoint the physical location of Telegram users:

Using readily available software and a rooted Android device, he’s able to spoof the location his device reports to Telegram servers. By using just three different locations and measuring the corresponding distance reported by People Nearby, he is able to pinpoint a user’s precise location.

[…]

A proof-of-concept video the researcher sent to Telegram showed how he could discern the address of a People Nearby user when he used a free GPS spoofing app to make his phone report just three different locations. He then drew a circle around each of the three locations with a radius of the distance reported by Telegram. The user’s precise location was where all three intersected…

Continue reading Finding the Location of Telegram Users

What is STRIDE and How Does It Anticipate Cyberattacks?

STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […]

The post What is STRIDE and How Does It Anticipate Cyberattacks? appeared first on Security Intelligence.

Continue reading What is STRIDE and How Does It Anticipate Cyberattacks?

Spoof texting a regiatered number to yourself and relying….having a conversation [closed]

I feel like I am going crazy. A friend was at my house and received text messages from a number from a person i know. She had a conversation with this number for basically a week. She is now saying that she set it up to make it look like i… Continue reading Spoof texting a regiatered number to yourself and relying….having a conversation [closed]

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft. On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primar… Continue reading New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure. Continue reading Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

HackRF PortaPack Firmware Spoofs All the Things

The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and …read more

Continue reading HackRF PortaPack Firmware Spoofs All the Things