The report notes that, while it is still difficult to obtain access orders for this information, at least since 2018 Telegram has been adopting measures to comply with the legal provisions of some governments in the West, willing to share IP addresses and telephone numbers when required by a court.

These changes can even be seen in the application’s usage policies. In the section “WHO YOUR PERSONAL DATA MAY BE SHARED WITH”, Telegram shares some details about this possible scenario: “If Telegram receives a court order confirming that you are suspected of terrorism, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it happens, we will include it in a semi-annual transparency report published in https://t.me/transparency.”

Free interpretation

While this is a valid cause for the deployment of intelligence tasks, it is known that governments around the world have always used counterterrorism policies to validate the implementation of invasive measures.

The German government itself already carries out some surveillance tasks on opposition groups and civil interest groups. Recently, a German court had to order the state intelligence agency BfV to halt its investigations into the Alternative for Germany (AfD) party, a right-wing political group that opposes immigration, among other ultra-nationalist measures.

In addition, the governments of the United States and Canada have been deploying mass surveillance tasks for years under the pretext of combating terrorist activities.

Privacy structure

In this regard, Telegram published a message endorsing its commitment to protecting the confidential information and conversations of its users: “Secret chats on the platform use end-to-end encryption, so we do not have any data to reveal.”  Still, it’s important to mention that Telegram doesn’t use end-to-end encryption by default.

To safeguard unprotected data with end-to-end encryption, Telegram uses a distributed infrastructure; Cloud chat data is stored in various data centers around the world that are controlled by different legal entities across multiple jurisdictions. The relevant decryption keys are divided into parts and never stored in the same place as the data, so interested parties would require several court orders to force Telegram to share this information.

Telegram considers that this structure simply makes it impossible for government agencies to access the confidential records of their users, although it has always been specified that the platform may be forced to hand over data only in sufficiently serious and relevant cases at the multinational level. Still, there are no known examples of what Telegram considers important enough to pass the scrutiny of the legal systems that safeguard its privacy structure.

Is Telegram even a good choice?

Although the idea of the general public is that Telegram represents a safer option than platforms such as WhatsApp or Facebook Messenger, this is not an idea shared by many experts. Moxie Marlinspike, the developer of the encrypted messaging service Signal, has become one of Telegram’s harshest critics: “I’m surprised that the media refers to Telegram as an encrypted messaging service; Telegram has a lot of attractive features, but there’s no worse option in terms of privacy and data collection.”

According to Marlinspike, Telegram stores on its servers all contacts, groups, media, and plain text messages that users have sent: “Almost everything we can see in the app, Telegram can see it too,” adds the developer.

For the expert, this false perception of privacy comes from a misinterpretation of the “secret chat” function, conversations that are protected with end-to-end encryption although with technology at least questionable. Other platforms like Facebook Messenger or Instagram chat also have secret chat features or expired messages, and they don’t store users’ files on their servers.

In conclusion, Telegram is a good choice in the world of instant messaging, although users should not assume that no one can access their conversations, photos, videos, and documents sent through this platform.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>Telegram is providing Police with user information in several cases, contradicting the company’s privacy policy. Use it with a burner phone and VPN</strong> appeared first on Information Security Newspaper | Hacking News.

On Wednesday, Texas Gov. Greg Abbott confirmed that there were warnings about messages Salvador Ramos sent on Facebook before the shooting that left 19 people dead at an elementary school in Uvalde.

Shortly after, Facebook spokesman Andy Stone clarified that the posts described by Governor Abbott were part of a private conversation via Facebook Messenger discovered after this tragedy occurred. The spokesman also mentioned that Meta will be collaborating with local authorities in the investigation.

Although Stone’s statement seems to suggest that Meta cannot review the private conversations of its users, the truth is that its artificial intelligence systems can analyze the patterns in these messages, in addition to being able to verify the context, tone and other characteristics to determine if there is a real risk.

Therefore, the reason why Meta could not determine that the messages sent by Ramos were real threats is unknown. In addition, Meta is about to implement end-to-end encryption on its messaging platforms, which would definitively eliminate the ability to detect potential threats.

A recent article commissioned by Meta and picked up by ABC News focuses on the benefits that end-to-end encryption would bring to Messenger users, with enhanced privacy as a prime example. However, Meta has not commented on the possible negative impact on tasks such as combating online abuse or distributing child abuse material.

End-to-end encryption is a real concern for law enforcement agencies. A tragedy involving U.S. sailors occurred in 2019, and while authorities tried to access information contained in a suspect’s iPhone, Apple’s policies prevented this stage of the investigation.   

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Texas shooter sent death threats via Facebook Messenger prior the incident; Meta AI systems couldn’t detect them appeared first on Information Security Newspaper | Hacking News.

The update considers any system storing personally identifiable information (PII) as critical equipment, making them subject to regular reviews and testing processes. Technology implementations interacting with critical operating and maintenance systems are also considered critical.

Entities providing investment services shall also maintain an updated inventory of their systems, including hardware, software, storage units, network resources and data flows. System administrators should perform frequent security audits, performed only by entities previously approved by CERT-In.

If that were not enough, all organizations that provide these services must submit their security reports within ten days after receiving this notification.

As many readers may guess, ten days is a ridiculously short deadline to achieve such goals, so it is anticipated that many organizations will try to challenge this decision of the Indian government.

Online platforms think this is mission impossible, especially considering that the deadline granted by the authorities includes two weekends.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Indian companies listed in stock exchange to provide infosec audits and information system inventory to government. New SEBI guidelines appeared first on Information Security Newspaper | Hacking News.

Tracked as CVE-2022-1802, the vulnerability would allow threat actors to corrupt the methods of an array object in JavaScript through prototype contamination, leading to the execution of malicious code in the context of a privileged process.

Another flaw tracked as CVE-2022-1529 could allow malicious hackers to send messages to the primary process to index a JavaScript object twice, leading to prototype contamination and JavaScript code execution.

The developers of Tails have asked users not to start this browser while working with confidential information. The successful exploitation of the flaw would allow bypassing the security mechanisms in the distribution, leaving potentially critical information exposed.

“The vulnerability allows a malicious website to bypass some of the security built into Tor Browser and access information from other websites. For example, after visiting a malicious website, an attacker could access passwords and other sensitive records sent to other websites during the same Tails session,” the report said.  

Tails added that this flaw does not break the anonymity and encryption of Tor connections, which means that it remains safe to access websites from Tails as long as the user does not enter sensitive information. Other applications in the operating system are not affected, as JavaScript execution is disabled.

There are no patches available, although the developers have already confirmed the release of the corrected version, Tails 5.1, scheduled for May 31. Meanwhile, the Tails community will be able to use the browser-independent version on Windows, Linux, and macOS systems.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Zero-day vulnerability in Tails and TOR Browser exposes users’ identity. No patches available appeared first on Information Security Newspaper | Hacking News.

These reports come at a critical time for women’s health in the U.S., as the Supreme Court is expected to overturn the landmark 1971 Roe v. Wade ruling, which states that the U.S. Constitution’s Fourteenth Amendment protects abortion rights.

If this ruling is overturned, each state could set its legislation on reproductive health, which 13 states already have and where abortion is only allowed under certain conditions. Although legislators are already proposing measures to cut down this practice, women from these states would have to travel to another territory where abortion is legal.

The senators who signed this letter believe that, in the face of the imminent Supreme Court ruling, it is vital to take measures to protect the privacy of women who make decisions that should be between themselves, their families and doctors. As an example of these risks, senators mention the multiple reports on data brokers buying and selling data collected by mobile apps. These data could show the behaviors of women traveling to other states looking for reproductive health clinics, which could be of great interest to third parties.

Recently, Vice reported that companies could pay up to $160 million for databases containing location data of visitors to Planned Parenthood’s clinics across the U.S. over just one week.

The letter asks the FTC to establish an action plan to mitigate the potential harms related to this practice and define how the Commission is working with prosecutors and local governments to prevent companies of dubious reputation from accessing critical information of millions of women in the U.S.

In 2021, the estimated value of the location data market reached $14 billion, making it clear that these practices are profitable and use any loopholes in terms of service in applications for the extraction of sensitive data.

A representative for the FTC confirmed that the letter was received, although no further details were mentioned.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Data brokers are selling location details of women visiting abortion clinics appeared first on Information Security Newspaper | Hacking News.

This information would have been taken from other data breach incidents, specifically two data breaches detected a couple years ago. 10 million records posted on a hacking forum in 2020 and 142 million more exposed months later are now together available on the messaging platform.

The compromised records date back to 2017 and include sensitive details such as:

• Full names
• Addresses
• Email addresses
• Telephone numbers
• Dates of birth

As in any phishing incident, threat actors could use the compromised information for the deployment of phishing campaigns, SIM swap, identity fraud and other attack variants against the millions of affected customers. In addition, cybercriminals can easily identify older adults, who are especially vulnerable to these types of attacks.

However, because the exposed data does not appear to be up to date, the security risk is reduced. At the time of the original leaks, this data was on sale for at least $2,900 USD; that they are now available for free seems to confirm that the information is of no value or interest to hacking groups.

Although considered a low-security risk, MGM customers are advised to take steps to prevent an attempted attack; resetting passwords for your online platforms, enabling multi-factor authentication, and ignoring suspicious emails or phone calls are recommended measures.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Personal data of MGM Resorts customers leaked on Telegram for free. 142 million records exposed appeared first on Information Security Newspaper | Hacking News.

While it was already possible to make these requests in cases of doxing or leaking of bank details, the update will allow users to request the removal of other content that appears in search results, including personal contact information. Google will also allow the removal of additional information that may pose a risk of identity theft, such as access credentials to online platforms.

According to the report, the following records may be considered personal contact information:

• Government identification numbers, including social security numbers, tax identification keys and the like depending on the country in question
• Bank account numbers and credit cards
• Images of handwritten signatures
• Images of identity documents
• Medical records
• Physical addresses, phone numbers and email addresses

On the processes that are implemented when receiving one of these requests, Google ensures that they evaluate all the content of websites that may incur in the exposure of confidential data, trying not to limit the availability of other useful data for users. The company also looks at whether content users want to remove is part of public or government records; if so, the request is inadmissible.

Although this is undoubtedly good news, users should remember that removing this content from the results in Google Search, this will not remove the content from the Internet. To do this, it is necessary to communicate directly with the administrators of the website in question.

Google continues to implement changes to its policies in order to improve the privacy experience of its users. In recent days it was revealed the application of a new measure to allow users under the age of 18 to request the removal of any image of theirs from image search results. The parents and guardians of minors may also carry out this procedure.

Full information about these requests and other security and privacy measures implemented by Google is available on the company’s official communication channels.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Now you can ask Google to remove your phone number, email address, physical address and other personal contact data from Search Results. Learn how to do it appeared first on Information Security Newspaper | Hacking News.

These attacks have finally brought consequences for Zoom, which will have to pay $85 million USD as part of a settlement following the class action lawsuit filed by multiple users, including individuals and organizations. In addition to paying the compensation in cash, Zoom also pledged to implement some changes to its business practices.

According to a report, the plaintiffs claim that the company’s security practices and measures have allowed constant violations of its privacy and security. For example, in an incident reported two years ago, St. Paul’s Lutheran Church in San Francisco was hosting a Bible study class in which most of the participants were elderly; shortly after the video call started the platform would have allowed an intruder to take control of the session.

“The attackers hijacked computer screens and disabled control buttons while forcing users to watch pornographic videos,” the plaintiffs claim. The organizer was unable to regain control of the session, so he asked participants to leave and re-enter the call, although this did not restrict access to the intruder.

Zoom-bombing isn’t the only problem the platform faces. The plaintiffs also claim that Zoom has shared data with third parties such as Google, LinkedIn and Facebook illegally, intentionally manipulating their end-to-end encryption protocols.

Zoom agreed to implement dozens of changes to its business practices, hoping that these changes will have a significant impact on strengthening security in Zoom sessions, in addition to reviewing its data protection methods to prevent unwanted leaks.

Mark Molumphy, one of Zoom’s lawyers, considers this to be an innovative arrangement, adding that the platform will implement improved security practices in the future, ensuring that users are fully protected.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zoom is set to pay $85 million USD as part of a class-action settlement; users traumatized by hackers and pranksters irrupting in their meetings appeared first on Information Security Newspaper | Hacking News.

In 2017, LinkedIn demanded that hiQ stop collecting LinkedIn data, starting to block hiQ’s access and its ability to extract data from public profiles. At the time, LinkedIn argued that hiQ’s actions violated several laws, primarily the Computer Fraud and Abuse Act (CFAA) and LinkedIn’s own terms of use.

In this regard, the courts in the U.S. determined that LinkedIn could not block access to the public data of its users for HiQ; in her ruling, Circuit Judge Marsha Berzon said, “There is little evidence that LinkedIn users who choose to make their profiles public maintain an expectation of privacy with respect to the information they post.”

For LinkedIn, this decision was not enough to desist from their plans, so they took the case to the U.S. Supreme Court. However, in a previous case the Court had already decided not to penalize the extraction of publicly available information on Internet platforms, so the LinkedIn case was returned to the circuit court.

Upon receiving the case back, the Ninth Circuit ruled that the concept of access authorization will not apply to public websites. Not only can this prove useful for companies like hiQ, but it will also ensure access to relevant sources of information for journalists, researchers and companies for legitimate purposes.

Despite all the setbacks, LinkedIn doesn’t seem to have given up. In a statement, spokesman Greg Snapper said: “We are disappointed with the court’s decision. This is a preliminary decision and the case is far from over.” Snapper says LinkedIn will continue to fight to protect its users’ information.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post It’s now legal to scrap LinkedIn users’ data for marketing purposes without their permission appeared first on Information Security Newspaper | Hacking News.

End-to-end encryption in WhatsApp protects users’ messages from being read by intermediaries, although you can never have enough security, especially considering that things can change when users turn to the web version of the messaging app.

The extension was dubbed Code Verify and, according to Meta software engineer Richard Hansen, is based on a browser security feature called “subsource integrity,” which allows browsers to check if the files obtained have been altered in any way.

Code Verify analyzes the JavaScript code in WhatsApp Web, a process for which Cloudflare’s collaboration is required, since the high amount of resources required for a complete verification exceeds the capabilities of WhatsApp: “Cloudflare has a hash of the code that WhatsApp users should execute,” says the report on this extension.

When users run WhatsApp in their browser, WhatsApp’s code verification extension compares a hash of that code running in their browser to Cloudflare’s hash, allowing you to easily check if the code you’re running is the correct code.

At the moment, Code Verify is available for Google Chrome, Microsoft Edge, and Mozilla Firefox, with plans to expand to Safari in the short term. The tool runs immediately after installation to start validating WhatsApp JavaScript libraries. The green indicator confirms that everything is valid, orange if the page needs to be updated or another extension interferes with Code Verify, and red if a hash discrepancy has been detected, indicating a possible compromise.

This integrity verification extension could make users of WhatsApp and other services that implement Code Verity less likely to install extensions that alter social media functions and raise potential security issues, strengthening the user experience in terms of cybersecurity.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Check the integrity of the browser extension using this WhatsApp tool before running WhatsApp web appeared first on Information Security Newspaper | Hacking News.

The reports began in late 2021, so Zoom released an update to fix what they described as “an issue related to the microphone indicator light, which is activated when the user is not in a meeting.” However, reports of this unexpected behavior continue to pile up.

A forum for Zoom users on Apple PCs continues to publish reports about the persistence of the problem even after the installation is applied: “The most recent update has not made a difference; I just noticed the light activated again; when I left Zoom, Timing.app told me that he had been on a 2-hour video call,” says one of the users.

So far, the company has not issued any message about these new reports, although a new update is expected to be released. At the moment, users of Mac devices are recommended to disable the Zoom application if they do not use it assiduously as a temporary security measure, or to resort to some additional software to know if any intruder is spying on our computers.

Zoom has become a very popular platform, especially during the pandemic and the need to work remotely, so privacy reports have also increased. Previously, the firm installed a hidden web server on its customers’ Mac devices to enable automatic call handling. Apple had to issue a macOS update to remove the hidden program.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Why is the Zoom app on Apple devices listening to your microphone when not in a meeting? appeared first on Information Security Newspaper | Hacking News.

The good news is that, so far, the company has not identified indications of access to or compromise of its customers’ confidential information, although the investigation is still ongoing: “The in-depth investigation will continue indefinitely with the participation of the competent authorities,” the company notes.

This incident comes a month after the hacking of the websites of one of Portugal’s largest newspapers and a major broadcaster was confirmed; to date, both media organizations remain unable to access their websites.

Finally, Vodafone Portugal said its teams are determined to restore all affected services, as well as confirming that phone call systems were already in the process of recovery. The 4G network is still unavailable but customers in most parts of the country can still turn to the use of 3G technology.

The company did not add further details about the attackers and the possible hacking variants used during the attack.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Vodafone Portugal telecom services disrupted by a cyber attack appeared first on Information Security Newspaper | Hacking News.