Data Security News Headlines 17th May 2018

  1. Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

Using Signal, you can communicate instantly while avoiding SMS fees, create groups so that you can chat in real time with all your friends at once, and share media or attachments all with complete privacy. According to the latest news published by hacker news, another vulnerability Discovered on Monday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing remote attackers to inject malicious code on the recipients’ Signal desktop app just by sending them a message without requiring any user interaction. To exploit this newly patched bug, an attacker needs to send a malicious HTML/javascript code as a message to the victim, and then quote/reply to that same message with any random text. If the victim receives this quoted message containing the malicious payload on its vulnerable Signal desktop app, it will automatically execute the payload, without requiring any user interaction. Successful exploitation could allowing remote attackers to easily get the hold on users’ plain-text conversations without breaking the encryption.

Cyber Security Tips: Users are strongly recommended that you should immediately update your Signal for desktop as soon as possible.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: