Jump to content

Search the Community

Showing results for tags 'telegram'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Growing network of hackers sharing data leaks on encrypted messaging app. Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web. An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation. In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymizing software. “We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint. “Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data... as it is more convenient to use than the dark web.” The rise in nefarious activity comes as users flocked to the encrypted chat app earlier this year after changes to the privacy policy of Facebook-owned rival WhatsApp prompted many to seek out alternatives. Launched in 2013, Telegram allows users to broadcast messages to a following via “channels” or create public and private groups that are simple for others to access. Users can also send and receive large data files, including text and zip files, directly via the app. The platform said it has more than 500 million active users and topped 1 billion downloads in August, according to data from SensorTower. But its use by the cyber criminal underworld could increase pressure on the Dubai-headquartered platform to bolster its content moderation as it plans a future initial public offering and explores introducing advertising to its service. According to Cyberint, the number of mentions in Telegram of “Email:pass” and “Combo”—hacker parlance used to indicate that stolen email and passwords lists are being shared—rose fourfold over the past year, to nearly 3,400. In one public Telegram channel called “combolist,” which had more than 47,000 subscribers, hackers sell or simply circulate large data dumps of hundreds of thousands of leaked usernames and passwords. Enlarge / Ad for data posted on Telegram. A post titled “Combo List Gaming HQ” offered 300,000 emails and passwords that it claimed were useful for hacking video game platforms such as Minecraft, Origin, or Uplay. Another purported to have 600,000 logins for users of the services of Russian Internet group Yandex, others for Google and Yahoo. Telegram removed the channel on Thursday after it was contacted by the Financial Times for comment. Yet email password leaks account for only a fraction of the worrisome activity on the Telegram marketplace. Other types of data traded include financial data such as credit card information, copies of passports and credentials for bank accounts and sites such as Netflix, the research found. Online criminals also share malicious software, exploits and hacking guides via the app, Cyberint said. Meanwhile, links to Telegram groups or channels shared inside forums on the dark web jumped to more than 1 million in 2021, from 172,035 the previous year, as hackers increasingly direct users to the platform as an easier-to-use alternative or parallel information center. The research follows a separate report earlier this year by vpnMentor, which found data dumps circulating on Telegram from previous hacks and data leaks of companies including Facebook, marketing software provider Click.org, and dating site Meet Mindful, among others. “In general, it appears that most data leaks and hacks are only shared on Telegram after being sold on the dark web—or the hacker failed to find a buyer and decided to share the information publicly and move on,” vpnMentor said. Still, it dubbed the trend “a serious escalation in the ongoing surge of cyber crime,” noting that some users in these groups appeared less tech savvy than a typical dark web user. Telegram said it was unable to verify the vpnMentor findings because the researchers had not shared details identifying which channels these alleged leaks were in. Samra said the transition for cybercriminals from the dark web to Telegram was taking place in part because of the anonymity afforded by encryption—but noted that many of these groups were also public. Enlarge / Post from a Telegram channel called "combolist." Telegram is also more accessible, provides better functionality, and is generally less likely to be tracked by law enforcement when compared to dark web forums, he added. “In some cases, it’s easier to find buyers on Telegram rather than a forum because everything is smoother and quicker. Access is easier... and data can be shared much more openly.” Hackers are less inclined to use WhatsApp both for privacy reasons and because it displays users’ numbers in group chats, unlike Telegram, Cyberint said. Encrypted app Signal remains smaller and tends to be used for more general messaging among people who know each other rather than forum-style groups, it added. Telegram has long taken a more lax approach to content moderation than larger social media apps such as Facebook and Twitter, attracting scrutiny for allowing hate groups and conspiracy theories to flourish. In January, it began shutting down public extremist and white supremacist groups—for the first time—in the wake of the Capitol riots amid concerns it was being used to promote violence. The Cyberint research—particularly the uncovering of public, searchable groups for cybercriminals—raises further questions about Telegram’s content moderation policies and enforcement at a time when chief executive Pavel Durov has said the company is preparing to sell advertisements in public Telegram channels. It also comes as the company prepares to head for public markets after raising more than $1 billion through bond sales in March to investors including to Mubadala Investment Company, the Gulf emirate’s large sovereign wealth fund, and Abu Dhabi Catalyst Partners, a joint venture between Mubadala and the $4 billion New York hedge fund Falcon Edge Capital. Telegram said in a statement that it “has a policy for removing personal data shared without consent.” It added that each day, its “ever growing force of professional moderators” removes more than 10,000 public communities for terms of service violations following user reports. Telegram emerges as new dark web for cyber criminals
  2. Russia's largest publisher has filed copyright infringement lawsuits against Telegram for allowing pirated copies of Stephen King and Dmitry Glukhovsky books to be distributed via the platform. The cited aim is to have Telegram blocked in Russia but according to the anti-piracy group involved in the action, the introduction of fingerprinting technology is preferred. With in excess of 500 million monthly active users, messenging platform Telegram is a true internet giant. According to co-founder Pavel Durov, it was the world’s most downloaded app in January 2021 and is supported by a userbase that’s grown by 40% every year since its launch in 2013. Alongside millions of regular users, Telegram is also utilized by some as a way to access pirated content. As a result, the company has been criticized by the RIAA and MPAA, made an appearance on the EU’s ‘piracy watch list‘, and been told to block pirated content or even face blocking itself. Lawsuits Target Telegram For Facilitating Book Piracy As Russia’s largest publisher, Eksmo-AST is well-known for its anti-piracy work, including its part in the permanent ISP block placed on giant torrent site RuTracker. The company has also targeted YouTube and Google, the latter for allegedly hosting piracy apps. It now has Telegram in its crosshairs. On July 20, publishing companies AST and Eksmo, both part of the Eksmo-AST group, filed a pair of lawsuits against Telegram claiming that the messenger platform failed to delete infringing content. According to Kommersant, which recently discovered the complaints, the Moscow City Court was happy to hand down a preliminary injunction, meaning that books including 11/22/63 by Stephen King and Metro 2033 by Dmitry Glukhovsky can be blocked by consumer ISPs under the orders of telecoms watchdog Roscomnadzor. Anti-Piracy Group AZAPI Represents Eksmo-AST Maxim Ryabyko of AZAPI says that Telegram has been removing content in response to publishers’ complaints since 2019, including 52,000 pirated books and 31 channels available in the web version of Telegram. The company has also blocked 346 channels in its iOS app according to Kommersant, plus 69 channels in Google Play’s version. Despite these efforts, AZAPI says that not all complaints receive a positive response from Telegram so Eksmo-AST is hoping that its lawsuits will nudge the company into action. The aim is to reach a “critical mass” of court decisions against Telegram so that it falls foul of Russia’s repeat infringer laws. This could mean that Telegram finds itself completely blocked by ISPs in the country. Interestingly, blocking is not the main goal of the Eksmo-AST/AZAPI legal action. Instead, it’s hoped that like vKontakte (Russia’s Facebook equivalent), Telegram will install fingerprinting technology that will allow the publishers to delete infringing content automatically. Telegram was previously asked to implement such a system but that proposal never got off the ground. Can Telegram Be Blocked? In 2018, Telegram was famously targeted for failing to hand over encryption keys to the authorities but the blocking measures failed to bring the platform down. That raises the question of whether the platform could be blocked now, should it refuse to comply with the wishes of Eksmo-AST/AZAPI. Russia recently hinted that it has the ability to restrict access to content it deems illegal or offensive on problematic services. “Much has changed since the story with Telegram” said Alexander Khinshtein, Chairman of the State Duma Committee on Information Policy, Information Technology and Communications. Since it appears that Telegram mostly complies with Eksmo-AST/AZAPI takedown demands a compromise may yet be reached. Whether that will result in a fingerprinting system being implemented is currently unknown but it’s clear that rightsholders want access to more powerful tools. Telegram Copyright Lawsuits Pressure Messenger To Install Anti-Piracy System
  3. Telegram adds voice chat scheduling, new web apps, and direct downloads for Android Telegram has announced another big update for its messaging app, adding new features, animations, and some adjustments that should make things a bit more convenient. Before we dive into the new features though, there are two other big announcements. First, Telegram has published new versions of its web app. Yes, you get to choose. Both of the new apps promise to be very lightweight, requiring just a 400KB download, and they work on mobile and desktop devices alike. They come with support for features like dark mode, animated stickers, chat folders, and more. One version is called Telegram Web K and the other is Telegram Web Z, and they're identical in many ways, though there are some differences in visual elements like the font and spacing between elements. Presumably, only one will live on eventually, but there's no indication of that happening yet. For Android users, it's also now possible to download the Telegram app officially from the website, rather than depending on the Play Store. Both versions will continue to be available, but the direct download version should update faster since it doesn't have to wait for each update to be reviewed by Google. In fact, today's update may take a bit longer to arrive on the Play Store due to the review process. As for what's actually new in today's update, there's payments 2.0, which is an improved iteration on payment bots first introduced in 2017. Starting with this update, merchants can use any of eight integrated payment providers, including Stripe, to sell goods and services on Telegram. Payment information used to buy goods on Telegram are never sent to Telegram itself, and the app takes no commission from sales on the platform. Should you want to see how the feature works, there's a demo channel where you can test-drive the experience without spending any money. Voice chats have also been updated with the ability to schedule them in advance. If you're planning a meeting of some kind, scheduling voice chats may make it easier to get everyone in a group involved. When a voice chat is scheduled, a countdown will appear at the top of the chat, so everyone can see when it's planned for. Once participating in a voice chat, Telegram is also introducing a mini profile viewer, so you can look more closely at the people participating in the chat without having to leave the voice chat screen. Other improvements include the ability to pinch to zoom into pictures directly from the chat, without having to tap the image first to go into the media viewer. As for videos, the media player now supports pressing and holding either side of the screen to fast-forward or rewind, as well as a double-tap to skip 10 seconds in either direction. On iOS, users can press and hold the +15s or -15s buttons instead. Finally, the Android app has some new animations, specifically when opening and closing the side menu on the home screen, or when swiping left-to-right from a chat to go back to the home screen. If you haven't yet, you can download Telegram for your preferred platform from the app's official website. Source: Telegram adds voice chat scheduling, new web apps, and direct downloads for Android
  4. Telegram takes on Clubhouse with Voice Chat 2.0 The latest Telegram update brings major improvements to the Voice Chat feature that rolled out to users late last year. The new version, which Telegram is calling Voice Chats 2.0, extends Voice Chat support to Channels and introduces a couple of new features to improve the Voice Chat experience. The new Telegram Voice Chat features were first spotted in a beta update earlier this month. Now, the features are finally rolling out with the latest stable release. Following the latest update, Channel admins will get the ability to host voice chats. To do so, admins will have to open the profile of any group or channel, tap on the three-dot menu icon, and then select the new “Start Voice Chat” option. The update also brings a new Recorded Chats feature that will let Group and Channel admins record audio from voice chats and publish them in the group/channel for members who missed the live event. The Recorded Chats will be available within Saved Messages. Furthermore, Telegram’s Voice Chats are getting a new Raise Hand feature to help muted participants easily indicate that they want to speak. Admins will see a new animation whenever a participant uses the Raise Hand option. Tapping on it will open a pop-up window with an option to allow the participant to speak, open chat, or remove the participant. The update also brings an option to help admins share invite links to Voice Chats. The setting will let admins create separate links for speakers and listeners. Admins will also get an option to add titles to Voice Chats to help members see the topic of the conversation before joining. Finally, the latest Telegram update also includes an option to help users choose their personal account or channel account while joining voice chats. Along with these Voice Chat improvements, Telegram is getting a couple of additional features with the latest update. You can read all about them by following this link. Telegram Developer: Telegram FZ-LLC Price: Free Source: Telegram takes on Clubhouse with Voice Chat 2.0
  5. Telegram gets auto-deleting messages, expiring invite links and more in latest update End-to-end encryption is still limited to secret chats In a nutshell: A sudden influx of privacy-conscious users on Telegram meant the platform had to quickly increase server capacity as well as its feature-set to keep up with rival apps. To that end, the company has rolled out a new update that adds auto-delete, expiring invite links, new animated emojis, home screen widgets, and an improved chat import and reporting system. WhatApp's recent privacy policy controversy has resulted in millions of users flocking to alternative platforms, who've since felt the need to up their game in providing useful features and support in the hope of retaining and growing their userbases. Telegram looks to achieve that with its latest feature update, which now makes self-destructing messages available across all chats in the app. The functionality had previously been limited to secret chats only, but now users will be able to set a timer -- 24 hours or 7 days -- for any Telegram chat to automatically erase it after sending. It's also worth mentioning that the timer for these chats begins to countdown after the message is sent, unlike secret chats where it's activated once the recipient reads the message. Get Telegram's latest version (v7.5) from TechSpot Downloads iOS and Android versions of the app get a Shortcut and Chat widget for the home screen. The former just displays the name and profile picture with a notification badge, while the latter adds a preview of recent messages alongside. Telegram notes that these widgets can be expanded and will always show up-to-date info on Android, while their iOS version won't allow resizing and will refresh its content occasionally due to platform constraints. The update also adds invite links that users can set to expire after 1 hour/week/day or keep indefinitely. They can generate QR codes as well, and discover the most effective invite method for a group by finding out which link type its members clicked to join. Meanwhile, regular groups crossing the 200,000 user limit can now be converted to broadcast groups that can house unlimited members, but will only allow admins to send messages. Expressive users will appreciate the addition of dozens of new animated emojis, while those utilizing Telegram's chat import feature will now see their messages sorted by the original date as long as the chat where they are being imported is new or has fewer than 1,000 messages. Lastly, there's an improved reporting mechanism that lets users choose a specific category (spam, fake account, violence, child abuse, etc.) while reporting an issue, alongside a new comment field for describing the incident in detail. Source: Telegram gets auto-deleting messages, expiring invite links and more in latest update
  6. Fraudsters Using Telegram API to Harvest Credentials Phishing Campaign Bypasses Secure Email Gateway Credentials are posted to the Telegram API and the user is redirected. (Source: Cofense) A recently discovered phishing campaign attempted to steal victims' credentials by abusing the Telegram messaging app's API to create malicious domains that help bypass security tools such as secure email gateways, according to researchers at security firm Cofense. This particular phishing attack appeared active in mid-December 2020 and has since stopped. The targets of these malicious emails mainly worked in the U.K. financial services sector, Cofense notes. While the Telegram application offers secure, encrypted communication channels for its users, the Cofense report notes that the service also offers API options that can allow users to create programs that use the app's messages for an interface. In this case, the fraudsters used the APIs to create realistic-looking phishing domains that bypassed security tools. "For this particular campaign, they spoofed an email account that appeared to an internal user as legitimate," says Jake Longden, a threat analyst at Cofense. "Then they used a domain as the site for the URL redirection that most likely at the time wasn't a known bad site, but which is now classified as malicious." Telegram is an encrypted messaging app that has more than 500 million monthly active consumer and business users. Normal messages are not fully encrypted, but Telegram has an advanced service with end-to-end encryption. How Phishing Attacks Worked The targets of this particular campaign were sent phishing emails that appeared to come from an internal source, with addresses such as "[email protected]," but which actually originated with a source outside the organization, according to the report. The phishing emails typically come with an urgent message alert in the subject line, such as "Review All Pending Messages," which is designed to get the potential victim to open the message, Cofense notes. "The user is presented with a notice advising that they have messages to review. The bold and large title attracts attention, and is followed by further information to clarify the purpose of the email, according to the report. "Then there’s a button for the user to click to 'Release All' the blocked emails to their inbox." If the targeted victim clicks the link to inspect the messages, they are led to a malicious domain that is created from the Telegram API and designed to look like a webmail login page that asks for credentials, according to the report. The webpage also pulls in the user's email address from the URL to give it another layer of legitimacy. After the user's password and other credentials are harvested, the information is then sent to the Telegram API created by the fraudsters, while the victim receives a message that the account has been updated, Cofense notes. "Once the malicious domain has been identified, it can be blocked. However, by utilizing the Telegram API, the threat actor is working to circumvent interference," according to the report. "They're complicating methods for removing stored credentials that have been harvested, and can view and access these credentials at their convenience on a page they control." Telegram Abuse Other security researchers have found cases in which fraudsters and cybercriminals are abusing other features found in Telegram for their own purposes. In September 2020, security firm Malwarebytes found that some fraudsters had started using Telegram as a way to sweep up payment card data from victims using Base64 encoding strings in conjunction with a bot (see: Fraudsters Use Telegram App to Steal Payment Card Data). Researchers with Juniper Threat Labs found hackers targeting victims by using a Trojan, which then created a secure Telegram channel to send data back to the attackers' command-and-control server, according to a September 2019 report. Source: Fraudsters Using Telegram API to Harvest Credentials
  7. The “P” in Telegram stands for Privacy Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users’ data. Summary: While understanding the implementation of various security and privacy measures in Telegram, I identified that telegram fails again in terms of handling the users data. My initial study started with understanding how self-destructing messages work in the secret chats option, telegram says that “The clock starts ticking the moment the message is displayed on the recipient’s screen (gets two check marks). As soon as the time runs out, the message disappears from both devices.” The popular instant messaging app has 500 million active users suffers from a logical bug exists in telegram for macOS (7.3 (211334) Stable) which stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat. Technical analysis: Open telegram for macOS, send a recorded audio/video message in normal chat, the application leaks the sandbox path where the recorded message is stored in “.mp4” file. In my case the path was (/var/folders/x7/khjtxvbn0lzgjyy9xzc18z100000gn/T/). While performing the same task under secret chat option the MediaResourceData(path://) URI was not leaked but the recorded audio/video message still gets stored on the above path. In the video proof-of-concept the user receives a self-destructed message in the secret chat option, which gets stored even after the message is self-destructed. Bonus: The above mentioned version of telegram for macOS stores local passcode in plain text, below is the video proof-of-concept. ttps://www.youtube.com/embed/zEt-_5b4OaA Both the vulnerabilities was patched in version 7.4 (212543) Stable and 3000 EURO bounty was awarded. In past I’ve identified multiple vulnerabilities in Telegram you can read them here. Later today Fri 12 Feb 12:15 PM, CVE-2021-27204 & CVE-2021-27205 was assigned. What next? Use Signal — Elon Musk (@elonmusk) January 7, 2021 About the Author: Security Researcher Dhiraj Mishra (@mishradhiraj) Original post at: https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html Source: The “P” in Telegram stands for Privacy
  8. Covid-19 Vaccine Scams Spread Under Facebook and Telegram's Watch Don’t use an iTunes gift card to purchase doses of the vaccine online. A health worker prepares a Covid-19 vaccine injection.Photograph: ALAIN JOCARD/Getty Images Scammers have flooded Facebook and other social media platforms with Covid-19 scams for almost as long as the disease has had a name. Now, as desperation builds for access to a limited vaccine supply, internet charlatans have escalated in kind, offering shipments of doses in Facebook groups and Telegram chats. According to a new report from internet safety nonprofits Digital Citizens Alliance and the Coalition for a Safer Web, researchers had no trouble finding vendors with claims of vaccines ready to ship. The offers ranged from Facebook page operators willing to ship Sinovac Covid-19 vaccine—which is not authorized for use in the United States—from China, to apparent scammers on Telegram claiming to have access to Moderna, Pfizer, and AstraZeneca’s vaccines. The researchers say they looked for but did not find comparable activity on Twitter, Instagram, and YouTube. While similar scams had previously surged on the dark web, their presence on mainstream social networks with billions of users exposes a much wider population to potential harm. “What you find is that these questionable masks, PPE, treatments, tests are being sold on these Facebook group pages that actually act as marketplaces for the sale and buying of questionable Covid-19 products,” says Eric Feinberg, vice president for content moderation at CSW. “Early in January I started noticing on these pages that posts by what I would call questionable Facebook accounts were appearing, pushing these questionable vaccines from China.” The researchers observed several posts in coronavirus-related Facebook groups that referenced Covid-19 vaccines without explicitly offering them for sale. Many of those posts did, however, include international phone numbers for more information. A page identifying itself as Hongyu Medical made contact even easier by including a Facebook Messenger link in a post on January 12. The researchers reached out and asked if Hongyu was selling the vaccine. The answer was yes. The Hongyu representative sent a picture of a Sinovac vaccine box as proof. The conversation eventually moved to email, where the rep provided documentation about the vaccine’s efficacy. At one point, the seller searched on LinkedIn for the researcher, whose profile clearly states that they live in the United States. The deal only collapsed when the researcher conceded that they had no prior experience importing drugs. “You’d better contact with someone who imported medical products before, or though we send to you, the package would be held by your custom, and you will face high penalty,” the vaccine peddler wrote. The Hongyu Medical page is no longer up on Facebook. Nor is Zhejiang Hongwan Biotech, another entity that openly advertised that the Sinovac vaccine was “coming soon and available soon” in a January 11 post. It's unclear how widespread the problem has been, but Feinberg says he saw multiple vendors beyond those mentioned in the report. “We removed the Pages flagged in this report because we prohibit anyone from selling Covid-19 vaccines on our platform and are always working to stop efforts to circumvent our rules,” a Facebook spokesperson said in a statement. “We have expanded our efforts to remove more vaccine misinformation, including false claims about the Covid-19 vaccine.” But Feinberg says those efforts have not ramped up nearly enough. “The only time they do take ownership is when it’s reported, when someone like us takes the time and money and research to do this,” he says. He points to Facebook groups, in particular, as a breeding ground for this sort of activity, and the platform’s recommendation engine as compounding factor. The researchers were unable to confirm whether Hongyu Medical had a supply of legitimate vaccine or planned to ship a counterfeit. Either scenario would be alarming in its own way. But what they found on Telegram seems much more clearly to have been pure scam. One seller found in a Telegram channel called Corona Virus Vaccines claimed to be based in Richmond, Virginia, and offered the Pfizer vaccine for $150 a vial. They charged $180 for Moderna. Overnight shipping within the US tacked on another $25, with a guarantee that the doses would be “ice packed.” (Both vaccines require ultra-cold storage for long periods, which has complicated distribution even for health authorities.) More damningly, the seller requested payment in the form of an iTunes gift card—a hallmark of scam deals—before finally agreeing to PayPal. The researchers went through with a purchase of alleged Pfizer vaccine on January 25, and immediately ran into more signs of fraud. The seller said that the vial would be shipped via “Delta Express,” with a link to a supposed airline website. While there is a Delta Express freight shipping company, and while Delta did operate a subsidiary of that name from 1996 to 2003, the “Delta Express” used by the vaccine sellers appears to be a fabricated entity. According to a WhoIs records search, the site was registered on December 16 of last year. It contains multiple misspellings and capitalization errors. And WIRED found that large chunks of its “About Us” page are copy and pasted from the sites of other, legitimate logistics businesses. A call to the Delta Express phone number redirected to a Google Voice mailbox, and an email to its listed contact address went unanswered. “It’s never a surprise to find scammers or black marketeers try to take advantage of a crisis. We see it every time. We see it in fundraising after a hurricane. We saw it early on in the Covid-19 crisis with the fraudulent sale of masks and other equipment,” says Tom Galvin, executive director of the Digital Citizens Alliance. “A typical person could be fooled by seeing this website, even with the mistakes it has on it, into thinking it’s legitimate.” Within a few days, the researchers received an email from Delta Express claiming that the shipment had cleared customs. More than a week later, they received a follow-up from the same address claiming that they needed to pay an additional $150 for insurance. The preferred method of payment: an iTunes gift card. While the process should set off multiple alarms, scammers have always specifically targeted desperate people who may be more inclined to ignore those warnings. At a time when vaccine availability and distribution is still far lagging demand, there’s no shortage of potential marks. The Telegram channel from which the researchers made their purchase is still active, with well over 4,000 members. Another Telegram channel that openly advertises vaccines for sale has nearly 100 members. Telegram was the most-downloaded app in the world in January, according to data from analytics company Sensor Tower; it surpassed 500 million active users that month as well. Telegram did not respond to a request for comment. “What we want to do is public awareness so that people realize that trying to look online—we get that they’re desperate—but trying to look online for a vaccine probably will not have a good outcome,“ says Galvin. “Any situation where you have someone trying to scam people only does more to undermine trust in the vaccine itself.” Covid-19 Vaccine Scams Spread Under Facebook and Telegram's Watch
  9. Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it. Just use Signal instead.Photograph: Yulia Reznikov/Getty Images Last weekend, Raphael Mimoun hosted a digital security training workshop via videoconference with a dozen activists. They belonged to one Southeast Asian country's pro-democracy coalition, a group at direct risk of surveillance and repression by their government. Mimoun, the founder of the digital security nonprofit Horizontal, asked the participants to list messaging platforms that they'd heard of or used, and they quickly rattled off Facebook Messenger, WhatsApp, Signal, and Telegram. When Mimoun then asked them to name the security advantages of each of those options, several pointed to Telegram's encryption as a plus. It had been used by Islamic extremists, one noted, so it must be secure. Mimoun explained that yes, Telegram encrypts messages. But by default it encrypts data only between your device and Telegram's server; you have to turn on end-to-end encryption to prevent the server itself from seeing the messages. In fact, the group messaging feature that the Southeast Asian activists used most often offers no end-to-end encryption at all. They'd have to trust Telegram not to cooperate with any government that tries to compel it to cooperate in surveilling users. One of them asked where Telegram is located. The company, Mimoun explained, is based in the United Arab Emirates. First laughter, then a more serious feeling of "awkward realization" spread through the call, says Mimoun. After a pause, one of the participants spoke: "We're going to have to regroup and think about what we want to do about this." In a followup session, another member of the group told Mimoun the moment was a "rude awakening." Earlier this month, Telegram announced that it had hit a milestone of 500 million active monthly users, and pointed to a single 72-hour period when 25 million people had joined the service. That surge of adoption seems to have had two simultaneous sources: First, rightwing Americans have sought less moderated communications platforms after many were banned from Twitter or Facebook for hate speech and disinformation, and after Amazon dropped hosting for their preferred social media service Parler, taking it offline. Telegram's founder Pavel Durov, however, has attributed the boost more to WhatsApp's clarification of a privacy policy that includes sharing certain data—though not the content of messages—with its corporate parent, Facebook. Tens of millions of WhatsApp's users responded to that restatement of its (years-old) info-sharing practices by fleeing the service, and many went to Telegram, no doubt attracted in part by its claims of "heavily encrypted" messaging. "We've had surges of downloads before, throughout our 7-year history of protecting user privacy," Durov wrote from his Telegram account. "But this time is different. People no longer want to exchange their privacy for free services." But ask Raphael Mimoun—or other security professionals who have analyzed Telegram and who spoke to WIRED about its security and privacy shortcomings—and it's clear that Telegram is far from the best-in-class privacy haven that Durov describes, and that many at-risk users believe it to be. "People turn to Telegram because they think it's going to keep them safe," says Mimoun, who last week published a blog post about Telegram's flaws that he says was based on "five years of bottled up frustration" about the misperceptions of its security. "There is just a really big gap between what people feel and believe and the reality of the privacy and security of the app." “It's like if everyone else in the world has agreed that we're going to use drywall to do the walls in a house, and then you've got somebody who's using toothpaste.” Matthew Green, Johns Hopkins University Telegram's privacy protections aren't necessarily faulty or broken on a fundamental level, says Nadim Kobeissi, a cryptographer and founder of Paris-based cryptography consultancy Symbolic Software. But when it comes to encrypting users' communications so that they can't be surveilled, it simply doesn't measure up to WhatsApp—not to mention the nonprofit secure messaging app Signal, which Kobeissi and most other security professionals recommend. That's because WhatsApp and Signal end-to-end encrypt every message and call by default, so that their own servers never access the content of conversations. Telegram by default only uses "transport layer" encryption that protects the connection from the user to the server, rather than from one user to another. "In terms of encryption, Telegram is just not as good as WhatsApp," says Kobeissi. "The fact that encryption is not enabled by default already puts it way behind WhatsApp." Telegram does offer end-to-end encryption for one-to-one chats, but requires users to enable a "secret chats" feature, which must be switched on for every contact individually. Starting that secret chat requires four menu taps that aren't particularly intuitive. (Tap the contact's name, then "more," then "start secret chat," and then confirm when a prompt asks if you're sure.) Conversation history from the default chat doesn't carry over to the “secret” one, and the you have to initiate that encryption option every time you pick a conversation back up with a contact. "Would you rather go for the car where airbags work any time you get into a crash?" asks Kobeissi. "Or are you going to go for the car where, every time you turn it on you have to type in a PIN to enable airbags? Why not have them on by default? There's going to be a time where you're going to forget to type that PIN and you're going to get into a crash." Worse still, Telegram doesn't offer its secret chats feature at all for group chats, where many of its most at-risk users congregate. It also stores all default chat histories on its servers. That adds a measure of convenience; threads conveniently reappear whenever you install the app on a new device. But the approach leaves them vulnerable to being read by everyone from Telegram itself to hackers who manage to breach the company's network to legal authorities who compel it to share user data. That threat of government coercion became more concrete when Telegram moved its development team—and the official headquarters of one company in the Telegram Group—from Berlin to Dubai three years ago. Though Telegram keeps its servers spread elsewhere around the world, that location nonetheless leaves the company particularly vulnerable to pressure from the United Arab Emirates, a country known for its record of aggressively hacking and surveilling human rights activists and dissidents. When WIRED reached out to Telegram for comment on these criticisms, its head of marketing Mike Ravdonikas responded in a Telegram message that the company doesn't store data in the UAE and has never received a data request from the UAE government. He added that its "lean Dubai-based team is ready to move to a different location if it ever faces pressure." As for its lack of end-to-end encryption by default, Ravdonikas writes that Telegram's non-secret chats have features that "are not possible to implement in an end-to-end encrypted environment," such as persistent chat histories across devices, very large user groups, and sending large documents and video. "We are not going to cripple Telegram by throwing away dozens of its great features because some folks are misled by marketing tricks from our competitors or are too lazy to start Secret Chats when they think they need them," Telegram founder Durov wrote on his public Telegram channel earlier this month. But many cryptographers remain wary of Telegram's encryption scheme even in secret chats. The company uses its own, unique encryption protocol known as MTProto. That preference for homebrewed encryption is widely considered deeply unwise by cryptographers who have long held that it's far safer to implement standard, well-tested protocols. After all, sussing out the vulnerabilities in any new protocol takes years of work and careful auditing, no matter how clever a company's in-house cryptographers may be. Telegram's MTProto protocol isn't obviously broken in a practical way, concedes Matt Green, a cryptographer at Johns Hopkins University who has consulted for Facebook on encrypted messaging systems. But it's uniquely "weird," he says, in a way that suggests its inventors don't understand tried-and-true cryptography practices, and raises his suspicions that it may yet have undiscovered vulnerabilities. "It's like if everyone else in the world has agreed that we're going to use drywall to do the walls in a house, and then you've got somebody who's using toothpaste," says Green. "Even if the toothpaste works and makes a nice wall, that's weird. How do you know they're not doing other weird, nonstandard things when they put the electrical wiring into the house? And that's what scares me." Telegram's head of marketing Ravdonikas argues that "Telegram encryption relies on classical algorithms, because we consider some approaches promoted by US-based cryptographers after 9-11/The Patriot Act (which your sources refer to as “state of the art cryptography“) questionable." That rebuttal elicited an eyeroll emoji from Johns Hopkins' Green. "We use these standard approaches because they have public and verifiable mathematical proofs of security," Green says. The standard protocols that Telegram avoids have had plenty of scrutiny outside of the US, he adds in response to the allegation that the Patriot Act biases US cryptographers who have examined them. And Telegram itself uses standard crypto algorithms developed and certified by US government agencies, just in non-standard ways. But Green emphasizes that any criticism of Telegram's encryption protocol is almost academic. The real, overarching problem with Telegram's security protections is that it doesn't actually offer end-to-end encryption by default. "If you're not using secret chats, then Telegram and anyone who hacks into Telegram's servers sees all of your communications. And that's really the biggest problem," Green says. "Signal has default end-to-end encryption. WhatsApp has default end-to-end encryption. Telegram does not." Raphael Mimoun, the digital security trainer, says he's resorted to sending every friend, relative, or even journalist or activist acquaintance who appears in his Telegram contacts a warning message. "Welcome to Telegram," it reads. "Telegram isn't particularly secure or private (or trustworthy)." Lately, as more WhatsApp refugees join the service than ever, he's having a hard time keeping up. Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram
  10. Telegram 6.2 adds an improved video editor, animated stickers in photos The privacy-oriented Telegram messenger has consistently been expanding its feature set over time, most recently delivering a few improvements to quizzes to make them more educational. Just before that, the team had released version 6.0, which brought chat folders and much more to the table. Today, Telegram version 6.2 is available, and it brings a few new capabilities to the photo and video editors. The focus is on video, though, with a slew of updates that make it a pretty capable editor for a messaging app. You can now enhance videos before sending them, or customize specific parameters such as exposure, saturation, warmth, and more, all within the Telegram app. Additionally, you can zoom in on videos to draw on them more accurately, add stickers, and more. Basically, almost all the editing tools that were available for photos can now be used in videos. Additionally, the photo editor itself is getting some improvements which also apply to the new video editor. It's now possible to add animated stickers to any area of a video or photo to add a little extra flair. On photos, that means they will be sent as GIFs. On that note, the GIF panel now has a Trending tab, plus a number of tabs based on emoji, so you can find GIFs that represent a certain emotion more easily. Additionally, GIFs in the GIF panel should now load faster. Finally, there's a handful of smaller improvements. After the addition of folders in version 6.0, it's now possible to press and hold on a chat to send it to a specific folder, or to remove it from one. On Android specifically, the app now features new animations for sending, editing, and deleting messages, a new video player that hides the controls and captions more quickly, and voice messages play with new animations as well. The storage usage page in the app's settings has also seen a facelift on Android. Telegram 6.2 adds an improved video editor, animated stickers in photos
  11. Telegram messages are a focus in newly uncovered hack campaign from Iran Active since 2014, “Rampant Kitten” uses Windows and Android infostealers. Enlarge / Rampant Kitty has been targeting Telegram like a feline to twine. Check Point 0 with 0 posters participating Researchers said they have uncovered an ongoing surveillance campaign that for years has been stealing a wide range of data on Windows and Android devices used by Iranian expatriates and dissidents. The campaign, which security firm Check Point has named Rampant Kitten, comprises two main components, one for Windows and the other for Android. Rampant Kitten’s objective is to steal Telegram messages, passwords, and two-factor authentication codes sent by SMS and then also take screenshots and record sounds within earshot of an infected phone, the researchers said in a post published on Friday. The Windows infostealer is installed through a Microsoft Office document with a title that roughly translates to “The Regime Fears the Spread of the Revolutionary Cannons.docx.” Once opened, it urges readers to enable macros. If a user complies, a malicious macro downloads and installs the malware. The Android infostealer is installed through an app that masquerades as a service to help Persian-language speakers in Sweden get their driver’s license. “According to the evidence we gathered, the threat actors, who appear to be operating from Iran, take advantage of multiple attack vectors to spy on their victims, attacking victims’ personal computers and mobile devices,” Check Point researchers wrote in a longer report also published on Friday. “Since most of the targets we identified are Iranians, it appears that similarly to other attacks attributed to the Islamic Republic, this might be yet another case in which Iranian threat actors are collecting intelligence on potential opponents to the regiment.” The Windows infostealer takes a particular interest in Telegram. Fake Telegram service accounts push phishing pages that purport to be official Telegram login sites. The malware also seeks out messages stored in Telegram for Windows when it’s installed on infected computers. To survive reboots, Check Point said, the infostealer hijacks the Telegram for Windows update process by replacing the official Updater.exe file with a malicious one. (I attempted to ask Telegram officials if the service uses code signing to prevent such tampering but didn’t succeed in reaching anyone.) Passwords, messages, and conversations are all ours Check Point said other features of the Windows malware included: Uploads relevant Telegram files from victim’s computer. These files allow the attackers to make full usage of the victim’s Telegram account Steals information from KeePass password manager application Uploads any file it can find which ends with pre-defined extensions Logs clipboard data and takes desktop screenshots As noted earlier, the Android backdoor targets SMS-sent one-time passwords and records nearby conversations. Check Point said evidence from passive DNS records—which log other domains that have used the same IP address used in Rampant Kitten—suggested that the attackers have been active since at least 2014. A separate report published by the Miaan Group, a human rights organization that focuses on digital security in the Middle East, echoed the research and added details, including the exfiltration of the malware of data from the WhatsApp messenger. “Since early 2018, Miaan researchers have been tracking malware used in a series of cyberattacks on Iranian dissidents and activists,” organization researchers wrote. “The research has uncovered hundreds of victims of malware and phishing attacks that stole data, passwords, personal information, and more.” It wasn’t clear if that malware included the infostealers detailed by Check Point. Readers should remember that the ability to extract Telegram, KeePass, or WhatsApp data from an infected computer isn’t automatically an indication of especially sophisticated malware or a flaw in the targeted applications. To be useful, all three applications have to decrypt contents when a user needs it. That moment presents an opportunity for malware already installed to obtain the information. People should remember there are rarely good reasons to enable macros in Office documents and that messages to allow them is a red flag. Both reports provide extensive indicators of compromise that people can use to determine if they’ve been targeted. Telegram messages are a focus in newly uncovered hack campaign from Iran
  12. Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business. In what is believed to be a targeted attack, the hackers were after two-factor authentication (2FA) login codes delivered over the short messaging system of the victim’s mobile phone provider. Well-prepared hackers Hackers pulling an SS7 attack can intercept text messages and calls of a legitimate recipient by updating the location of their device as if it registered to a different network (roaming scenario). The attack occurred in September and targeted at least 20 subscribers of the Partner Communications Company (formerly known as Orange Israel), all of them involved at a higher level in cryptocurrency projects. Tsachi Ganot, the co-founder of Pandora Security in Tel-Aviv, who investigated the incident and assisted victims with regaining access to their accounts, told BleepingComputer that all clues point to an SS7 attack. Pandora Security specializes in building secure digital environments and provides cyber technology and services for high-profile individuals such as prominent business figures and celebrities. According to Ganot, customers include some of the wealthiest people in the world. Ganot told us that the hackers likely spoofed the short message service center (SMSC) of a mobile network operator (unidentified at the time of writing) to send an update location request for the targeted phone numbers to Partner (other providers may still be vulnerable to this type of attack). The update request essentially asked Partner to send to the fake MSC all the voice calls and SMS messages intended for the victims. source: Cellusys Ganot says that the attackers had good knowledge about their victims' various accounts and leaked passwords. They knew unique international subscriber numbers (MSISDN - Mobile Station International Subscriber Directory Number) and International Mobile Subscriber Identity (IMSI) numbers. SS7 attacks, while more frequent in the past years, are not easy to pull and require good knowledge of home mobile networks interact and route communication at a global level. In this case, the goal of the hackers was to obtain cryptocurrency. Ganot believes that some of the inboxes compromised this way acted as a backup method for other email accounts with richer data, allowing the threat actor to achieve their goal. “In some cases, the hackers posed as the victims in their [Telegram] IM accounts and wrote to some of their acquaintances, asking to exchange BTC for ETC and the like” - Tsachi Ganot This method is well known in the cryptocurrency community, and users are typically wary about such requests. Ganot says that “as far as we're aware no one fell for the bait.” Although sending verification codes over SMS is widely regarded as insecure in the infosec community, and for good reason, many services still rely on this practice, putting users at risk. Better authentication methods exist today than SMS or call-based 2FA authentication. Apps specifically created for this purpose or physical keys are among the solutions, Ganot says, also adding that telecom standards need move away from legacy protocols like SS7 (developed in 1975), which cannot address modern issues. Israeli newspaper Haaretz published details about this attack earlier this month, saying that Israel's national intelligence agency (Mossad) and the country's National Cyber Security Authority were involved in the investigation. The publication also notes that Ganot and his partner (founders of Pandora Security) worked for the NSO for a few years. Source
  13. Apple is requesting that Telegram shut down three channels used in Belarus to expose the identities of individuals belonging to the Belarusian authoritarian regime that may be oppressing civilians. Apple’s concern is that revealing the identities of law enforcement individuals may give rise to further violence. Telegram, however, would prefer to keep the channels open, but the company said that it feels it has no choice in the matter. These channels are a tool for Belarus’ citizens protesting the recently rigged presidential election, but, with a centralized entity like Apple calling the shots on its own App Store, there’s little the protesters can do about it, explains Telegram CEO Pavel Durov. “I think this situation is not black and white and would rather leave the channels be, but typically Apple doesn’t offer much choice for apps like Telegram in such situations,” Durov wrote in his Telegram channel. The tension between Apple and Telegram is part of the wider issue surrounding Belarus’ 2020 election, which saw incumbent Alexander Lukashenko re-elected despite claims and evidence the election was rigged. The result has seen thousands of Belarusian citizens take to the streets to protest. This tension also highlights a problem with centralized app stores. “Unfortunately, I assume these channels will end up getting blocked on iOS, but remain available on other platforms,” Durov added. Source
  14. Telegram adds video call support on Android, blames Apple for iOS delay Earlier this year, the team behind messaging app Telegram committed to finally making video calls available sometime in 2020. Today, in celebration of the app's seventh anniversary, the feature is finally available with version 7.0 of the app, but there's a caveat - it's only for Android users. As noted in the blog post, video calls are ready for the iOS version, but because of Apple's lengthy review process, the update wasn't published in time. Telegram took a jab at Apple, saying that it submitted the iOS version a few days before it sent the Android version for review, but Apple still didn't make it in time. The team says you'll have to wait a while longer, or "switch to a platform that has more respect for its users and developers, like Android". Video calls are pretty standard on Telegram, and the developers plan to expand its feature set over time, including support for group calls. For now, you can make one-on-one calls, and switch between the front and rear cameras at will. There's also picture-in-picture support, so callers will remain visible as you do other things. Aside from video calls, today's update adds a few more animated emoji, if you're looking for a way to spice up your chats. You can download Telegram for your preferred platform here. Telegram adds video call support on Android, blames Apple for iOS delay
  15. New RAT shows a rising trend in the cybercrime underground, with more malware being released with control-by-Telegram features. Security researchers have discovered a new remote access trojan (RAT) being advertised on Russian-speaking underground hacking forums. Named T-RAT, the malware is available for only $45, and its primary selling point is the ability to control infected systems via a Telegram channel, rather than a web-based administration panel. It's author claims this gives buyers faster and easier access to infected computers from any location, allowing threat actors to activate data-stealing features as soon as a victim is infected, before the RAT's presence is discovered. For this, the RAT's Telegram channel supports 98 commands that, when typed inside the main chat window, allow the RAT owner to retrieve browser passwords and cookies, navigate the victim's filesystem and search for sensitive data, deploy a keylogger, record audio via the microphone, take screenshots of the victim's desktop, take pictures via webcam, and retrieve clipboard contents. Furthermore, T-RAT owners can also deploy a clipboard hijacking mechanism that replaces strings that look like cryptocurrency and digital currency addresses with alternatives, allowing the attacker to hijack transactions for payment solutions like Qiwi, WMR, WMZ, WME, WMX, Yandex money, Payeer, CC, BTC, BTCG, Ripple, Dogecoin, and Tron. In addition, the RAT can also run terminal commands (CMD and PowerShell), block access to certain websites (such as antivirus and tech support sites), kill processes (security and debug software), and even disable the taskbar and the task manager. Secondary command and control systems are available via RDP or VNC, but the Telegram feature is the one advertised to buyers, mainly because of the ease of installation and use. Telegram becoming popular as a malware C&C channel Although many RATs are often inflated in their ads, T-RAT's capabilities were confirmed in an analysis by G DATA security researcher Karsten Hahn. Speaking to ZDNet, Hahn said T-RAT is just the latest in a string of recent malware families that come with a control-by-Telegram capability. Image: G Data The use of Telegram as a command and control system has been trending up in recent years, and T-RAT isn't even the first RAT to implement such a model. Previous ones include RATAttack (uploaded and removed from GitHub in 2017, targeted Windows), HeroRAT (used in the wild, targets Android), TeleRAT (used in the wild against Iranians, targets Android), IRRAT (used in the wild, targets Android), RAT-via-Telegram (available on GitHub, targets Windows), and Telegram-RAT (available on GitHub, targets Windows). Distribution vector remains unknown For now, the threat from T-RAT is relative low. It usually takes a few months before threat actors learn to trust a new commercial malware strain; however, Hahn believes the RAT is already gaining a following. "There are regular uploads of new T-RAT samples to VirusTotal," Hahn told ZDNet. "I would assume it is in distribution but have no further evidence of it." But T-RAT isn't the only new RAT offered for sale these days. According to Recorded Future, there's another new RAT advertised on hacking forums called Mandaryna. Source
  16. Russia lifts its ban on the Telegram messenger app The ban was mostly ineffective, as Russians found ways to access the app Illustration by Alex Castro / The Verge Russia will lift its nearly two-year ban on messenger app Telegram, Reuters reported. The country’s telecom watchdog Roskomnadzor said the company had shown “willingness” to help with counterterrorism efforts. “Roskomnadzor is dropping its demands to restrict access to Telegram messenger in agreement with Russia’s general prosecutor’s office,” the agency said in a statement. A Russian court blocked the app in April 2018, after Telegram refused to share its encryption keys — a means of accessing users’ data — with Roskomnadzor. Telegram has a history of use by terrorist organizations. Its refusal to provide access to encryption keys ran afoul of Russia’s anti-terrorism laws, which require messaging services to give authorities access to decrypt messages. Telegram founder and CEO Pavel Durov said in 2018 that “privacy is not for sale, and human rights should not be compromised out of fear or greed.” But the ban was mostly ineffective and led to a messy back-and-forth, with ISPs blocking 15.8 million IPs on Amazon and Google cloud platforms, which affected Russian businesses that used those services. Russia also blocked internet anonymizers and VPN services that Telegram may have used to hide traffic, according to the Independent. Many Russian agencies and Russians continued to find ways to use Telegram. Earlier this month, Durov said authorities in Russia should lift the ban to let Russian users access the service “with more comfort.” He said the company has improved its tools for detecting and deleting extremist content on the platform. Telegram said in April it had reached 400 million monthly active users, a doubling of its user base in just the past two years. Russia lifts its ban on the Telegram messenger app
  17. Alex42

    [Expired] Overwatch Free

    Overwatch Use VPN for Canada. Several Postal Codes: Ontario: M4C 1X5, M4C 1X6, M4C 1X7, M4C 1X8 Yukon: Y1A 0B2, Y1A 2L2, Y1A 2N2 It takes 8-12 business days https://docs.google.com/forms/d/e/1FAIpQLSc0EA1zq7BeMqzi6GeAXCRTpar4pgFvl2Mx_CvW1eHcihzbaw/viewform
  18. A vulnerability in Telegram Desktop results in the end-user public and private IP addresses being leaked during a call, a security researcher has discovered. A cloud-based instant messaging and voice-over-IP service, Telegram was designed to provide users with secure communication capabilities, as messages are heavily encrypted and can self-destruct. Tracked as CVE-2018-17780, the newly discovered issue affects Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, and is the result of a default, unsafe behavior where peer-to-peer (P2P) connections are accepted from clients outside of the My Contacts list. Security researcher Dhiraj Mishra discovered that a default setting where Telegram clients used P2P connections while initiating a call could result in the user’s IP address being leaked. Additional connection options are available in Settings > Privacy and security > Calls > peer-to-peer, but there was no option for setting “P2P > nobody” in tdesktop and Telegram for Windows, thus causing a privacy issue, the researcher says. According to Mishra, a user’s IP address could leak on Telegram for Android as well, provided that the option hasn’t been set to “Settings > Privacy and security > Calls > peer-to-peer > nobody.” However, the Android client does provide the option. To trigger the vulnerability in tdesktop, one would simply need to launch the application and initiate a call to another user, as the client would leak the IP address during call initialization. The bug manifests itself even for incoming calls, with the recipient being able to view the public/private IP address of the caller in logs. The IP leaks even if the call is made from a Windows Phone. “Not only the MTProto Mobile Protocol fails here in covering the IP address, rather such information can also be used for OSINT,” the researcher notes. Telegram Desktop 1.3.17 beta and v1.4.0 are no longer impacted. The vulnerability has been addressed with the addition of an option for setting P2P to Nobody/My contacts. Mishra received a €2000 ($2300) bug bounty reward for the discovery. Source
  19. Telegram for Desktop is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You can use Telegram on all your devices at the same time — your messages sync seamlessly across any number of your phones, tablets or computers. Download Telegram Offline Installer Setup for PC! With Telegram, you can send messages, photos, videos and files of any type (doc, zip, mp3, etc), as well as create groups for up to 1000 people or channels for broadcasting to unlimited audiences. You can write to your phone contacts and find people by their usernames. As a result, Telegram is like SMS and email combined — and can take care of all your personal or business messaging needs. You can download Telegram for PC offline installer from our site by clicking on free download button. What can you do with Telegram? Connect from most remote locations. Coordinate groups of up to 1000 members. Synchronize your chats across all your devices. Send documents of any type. Encrypt personal and business secrets. Destruct your messages with a timer. Store your media in the cloud. Build your own tools on our API. Enjoy feedback from your customers. Changelog v 1.3.14: Fix a crash in calls. v 1.3.13: Export data from individual chats using the '...' menu. Added a new night theme. You can now assign custom themes as night and day themes to quickly switch between them. Support for Telegram Passport 1.1 and improved password hashing algorithm to better protect Telegram Passport data. v 1.3.12: Bug fixes and other minor improvements. v 1.3.11: Added a new night theme. You can now assign custom themes as night and day themes to quickly switch between them. v 1.3.10: Bug fixes and other minor improvements. v 1.3.9 Mark chats in the chat list as Read or Unread. Improved censorship circumvention. v 1.3.8: Bug fixes and other minor improvements. v 1.3.7: Push fixes to stable version. v 1.3.6: Bug fixes and other minor improvements. v 1.3.5: Bug fixes and other minor improvements. v 1.3.4: Bug fixes and other minor improvements. v 1.3.3: Bug fixes and other minor improvements. v 1.3.2: Bug fixes and other minor improvements. v 1.3.1: Bug fixes and other minor improvements. v 1.3.0: Improved censorship circumvention. Improved stability when working through proxy servers. Save several proxy servers to quickly switch between them in Settings. Use proxy for calls. Emoji and text replacement now happens immediately after typing (instead of after sending) and can be rolled back using Backspace or CTRL/CMD + Z. Replacement no longer happens when pasting text. Added formatting shortcuts. Select text and use: CTRL/CMD + B/I for bold and italic CTRL/CMD + K to create or edit a custom link CTRL/CMD + SHIFT + M for monospace font CTRL/CMD + SHIFT + N to clear formatting Homepage Changelog - only major versions Github page - Source code & all builds changelog FAQ ███ Desktop Windows or Direct Link: https://updates.tdesktop.com/tsetup/tsetup.1.3.14.exe Portable or Direct Link: https://updates.tdesktop.com/tsetup/tportable.1.3.14.zip Mac or Direct Link: https://updates.tdesktop.com/tmac/tsetup.1.3.14.dmg App Store or Direct Link App Store: https://itunes.apple.com/us/app/telegram-desktop/id946399090 Linux x64 or Direct Link: https://updates.tdesktop.com/tlinux/tsetup.1.3.14.tar.xz Linux x86 or Direct Link: https://updates.tdesktop.com/tlinux32/tsetup32.1.3.14.tar.xz v1.3.13: Win Direct Link: https://updates.tdesktop.com/tsetup/tsetup.1.3.13.exe Portable Direct Link: https://updates.tdesktop.com/tsetup/tportable.1.3.13.zip Mac Direct Link: https://updates.tdesktop.com/tmac/tsetup.1.3.13.dmg Linux x64 Direct Link: https://updates.tdesktop.com/tlinux/tsetup.1.3.13.tar.xz Linux x86 Direct Link: https://updates.tdesktop.com/tlinux32/tsetup32.1.3.13.tar.xz ███ Phone Android or Direct Link Google Play: https://play.google.com/store/apps/details?id=org.telegram.messenger iphone / ipad or Direct Link App Store: https://itunes.apple.com/app/telegram-messenger/id686449807 Windows Phone
  20. Telegram now lets users send 2GB files, adds profile videos, and more Last month, the team behind the Telegram messaging app added a handful of new capabilities, including a new video editor and animated stickers in photos and videos. Today, a new update is bringing the version number to 6.3 and adding more capabilities to the app on multiple platforms. For starters, Telegram is increasing the size limit for files shared on the app, from 1.5GB per file - the limit that had been in place since 2014 - to 2GB for any file type. By comparison, WhatsApp allows media files to be shared up to 16MB, and up to 100MB for documents. The update also includes the ability to change your profile picture into a profile video. The video will play when someone opens the user's profile, and it's possible to choose a specific frame from the video to be displayed in chats. It's also now possible to go through your previous profile pictures and videos and choose one of them as your main profile picture in lieu of your current one. The video editor also has a new option for photos and videos from the front-facing camera, which allows users to smoothen their skin in case they want to hide any imperfections. The team has also added mini thumbnails for photos in the chat list and notifications, instead of a generic thumbnail for media files. If you like animated emoji, some more have been added with today's update. There are other improvements to the chatting experience, starting with improvements to the People Nearby feature, which now also indicates the distance between the the user and any detected contacts. Users that often get messages from new people outside their contacts can now have those chats automatically muted and sent to the archive, though this will need to be enabled from the app's privacy settings page. Back in March, Telegram added the option to view channel statistics to gauge follower engagement over time. Channel statistics are now available for channels with 500 subscribers or more, and also for groups with 500 members or more. In the future, the features will be available for groups with just 100 members. As for version-specific changes, Android users now have a redesigned music player with an expandable track list, the video editor now allows for cropping and rotating videos, and the text input box expands smoothly as more lines are added. Meanwhile, Telegram Desktop now supports multiple accounts, similar to the mobile app, which has done so since 2017. Telegram now lets users send 2GB files, adds profile videos, and more
  21. A Telegram Feature May Be Exposing Your Location Telegram's People Nearby feature can help hackers find your exact home address. Telegram's People Nearby feature might not be as safe as you once thought. A software engineer and has found that this feature may expose your exact location to hackers. People Nearby Puts Your Privacy at Risk Ahmed Hassan, a software engineer and researcher, uncovered a dangerous flaw in Telegram's People Nearby feature. According to Hassan, using the feature can help hackers find your home address. Telegram doesn't turn on the People Nearby feature automatically; you must enable it manually. Once it's turned on, the feature lets you see nearby Telegram users who have also chosen to share their location. At first glance, People Nearby doesn't pose much of a threat. It doesn't expose your exact location, only your relative geographic area. But after doing some digging, Hassan has discovered that this feature can be easily abused by hackers. Hassan published an in-depth analysis of the flaw in a post on his blog, Ahmed's Notes. In the post, Hassan says that hackers "can spoof their location for three points and use them to draw three triangulation circles." Hassan then went on to expose how easily hackers can spoof their location on the app. Bad actors can either use spoofing hardware, root their device, or even just walk around an area to collect GPS data. From here, the hacker can use the triangulation method to pinpoint the exact location of their target. Because of this, Hassan gave a dire warning to Telegram users, stating "if you enable the feature of making yourself visible on the map, you're publishing your home address online." Hassan emailed Telegram with his concerns, and Telegram responded by basically saying that it's a non-issue. The platform reportedly said that "it's expected that determining the exact location is possible under certain conditions." It's Time to Turn the People Nearby Feature Off Telegram is known for being a private, secure messaging app that keeps your conversations safe. But it's clear that the platform is ignoring one of the most crucial safety features: the ability to hide your exact location. Even if Telegram gives you the option to turn the People Nearby feature on and off, it should still have the necessary safety features for those who choose to use it. But for now, you might want to turn this feature off. In the end, it's better to take the extra step to keep your information safe just in case a hacker decides to take advantage of the People Nearby loophole. Source: A Telegram Feature May Be Exposing Your Location
  22. Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubling both for the social media giant and its millions of users, guess who benefits the most out of the incident? TELEGRAM. Pavel Durov, the founder of the popular secure messaging platform Telegram, claims to have had a surge in sign-ups within the last 24 hours, at the time duration when its rival messaging services were facing downtime. "I see 3 million new users signed up for Telegram within the last 24 hours," Durov wrote on his Telegram channel. "Good. We have true privacy and unlimited space for everyone." Telegram is an excellent alternative to Facebook's Messenger and WhatsApp services, offering users an optional end-to-end encrypted messaging feature, so that no one, not even Telegram, can access them. Telegram adopted end-to-end encryption support way back in 2013—three years before WhatsApp and Facebook Messenger. Besides this, Telegram messenger has introduced many unique features in recent months that no other widely-adopted messaging app is yet offering. Two of these features include: Multiple Account Support: Users can add up to 3 Telegram accounts and easily switch between them simultaneously without logging out. Create Polls: Telegram offers built-in polling feature for large communities, allowing them to coordinate their activities and discuss complex issues efficiently. The telegram has previously faced restrictions and bans in countries like Iran, as well as in its home country Russia, after Durov refused to comply with government requests for encryption keys and information on its users. "In 5+ years, Telegram disclosed exactly zero bytes of private data to third-parties including governments. That's why Telegram is banned by authoritarian governments such as Russia and Iran. Other apps such as WhatsApp have no issues with there," Durov said in a tweet. Since Durov telegram message doesn't offer any explanation for the sudden spike in the Telegram sign-ups, The Hacker News has reached out to him and will update this article as soon as we hear back. Source
  23. The first coins should be here within two months Telegram’s cryptocurrency— the Gram — may be going public after all. The encrypted messaging app company plans to deliver “the first batches” of the coin in the next two months, according to a report at The New York Times. The last time we reported on the Gram, it was to note that Telegram was canceling its initial coin offering (ICO), so the news may come as a bit of a surprise unless you’ve been following Telegram and cryptocurrency closely. But if you have, you’ve probably heard a rumor that Telegram has a hard deadline to make it happen: if it doesn’t deliver by October 31st, it legally forfeits the $1.7 billion it raised to make those coins a reality. That October 31st deadline is real, according to legal documents reviewed by the Times, so the company’s trying to make those coins real, too, and as quickly as possible. Users will apparently store them in a Gram digital wallet, one that Telegram plans to offer to all its 200+ million users around the world, according to three anonymous investors who spoke to the publication. It’s not quite clear how regulators might deal with a new Telegram cryptocurrency, seeing how Telegram itself is a decentralized messaging operation that’s happily tangled with governments in the past. Facebook’s Libra is the closest parallel, but one based in the United States, and it’s already encountered quite a bit of early scrutiny. Source
  24. SEC says Telegram can't avoid federal securities laws by labeling their product a cryptocurrency. Telegram's plans for its cryptocurrency and blockchain network may be in jeopardy. The US Securities and Exchange Commission has filed an emergency action and obtained a temporary restraining order against the company, which prevents it from distributing and selling its Gram tokens in the country. According to the regulators, the company sold 2.9 billion Grams at discounted prices to 171 initial purchasers worldwide, raising $1.7 billion in the process. A billion of those tokens were purchased by people in the US. The agency says Telegram didn't register the offering with its office, and since it sees Grams as securities, it's accusing the company of violating the Securities Act of 1933. It's not clear how this restraining order would affect Gram's launch as a whole. Former SEC attorney Zachary Fallon told Bloomberg that it could also complicate the company's ability to sell tokens in other countries. But even if it doesn't prevent Telegram from launching outside the US, it could still cause huge issues for the company. The New York Times reported back in August that Telegram promised investors it would deliver Grams by October 31st or return their money. The SEC Division of Enforcement's Co-Director Stephanie Avakian said: "Our emergency action today is intended to prevent Telegram from flooding the US markets with digital tokens that we allege were unlawfully sold. We allege that the defendants have failed to provide investors with information regarding Grams and Telegram's business operations, financial condition, risk factors, and management that the securities laws require." The agency also stressed that companies can't avoid federal securities laws just by labeling their products a cryptocurrency or a digital token. Source
  25. Alex42

    Giveaway NetSpot Pro

    NetSpot Pro NetSpot lets you visualize, optimize, and troubleshoot your wireless networks with any PC so you can get the best connection possible at all times. Use the mapping feature to view dead zones and optimize hotspot placement, and use the troubleshooting tool to identify connectivity issues. With NetSpot Pro, you'll never miss a beat, post, or important email even when your Internet is acting up. You'll reach maximum WiFi efficiency, all while assuring your network is perfectly secure. Visualize, manage, troubleshoot, audit, plan, & deploy wireless networks Analyze your WiFi coverage anywhere you are or plan on being Easily assure that hotspots are placed correctly & radio channels are assigned properly Identify dead zones on a network using the visual map Load a visual map, collect survey data, & build a comprehensive heatmap of a network View any number of Access Points (BSSIDs) simultaneously Utilize flexible grouping of APs by SSID, channel, vendor, security, etc. & custom groups Choose from multiple export possibilities, including new customizable advanced reports Run Internet download & upload speed tests Giveaway Telegram
×
×
  • Create New...