Elon Musk’s X Gave Check Marks to Terrorist Group Leaders, Report Says

A new report cited 28 “verified” accounts on X that appear to be tied to sanctioned groups or individuals.

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work.

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature

iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went to conceal and cover

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a

Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

Meta has once again reaffirmed its plans to roll out support for end-to-end encryption (E2EE) by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22, 2023, exactly seven months after it started gradually expanding the feature to more users in

GitHub’s Hardcore Plan to Roll Out Two-Factor Authentication (2FA)

GitHub has spent two years researching and slowly rolling out its multifactor authentication system. Soon it will be mandatory for all 100 million users—with no opt-out.

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source an implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming

EncroChat Bust Leads to 6,558 Criminals' Arrests and €900 Million Seizure

Europol on Tuesday announced that the takedown of EncroChat in July 2020 led to 6,558 arrests worldwide and the seizure of €900 million in illicit criminal proceeds. The law enforcement agency said that a subsequent joint investigation initiated by French and Dutch authorities intercepted and analyzed over 115 million conversations that took place over the encrypted messaging platform between no

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter is officially beginning to roll out support for encrypted direct messages (DMs) on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existing direct messages on users' inboxes. Encrypted chats carry a lock icon badge to visually

Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what's referred to as zero-click attacks. The South Korean chaebol said the solution "preemptively" secures users' devices by "limiting exposure to invisible threats disguised as image attachments." The security feature, available on Samsung Messages and Google

Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. Eurojust, in a press statement, said the February 3 exercise resulted in the arrests of 45 individuals across Belgium and the Netherlands, some of whom include users as well as the administrators and owners of the

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Facebook Introduces New Features for End-to-End Encrypted Messenger App

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said. The social media behemoth said it intends to notify

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong,

What Is Smishing and Vishing, and How Do You Protect Yourself?

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis. 

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself. 

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data. 

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing? 

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages. 

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware. 

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details: 

• “We have detected unusual activity on your account. Please call this number to speak to a customer service representative.” 
• “You have won a free gift card! Click here to claim your prize.” 
• “Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.” 
• “Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.” 
• “Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?” 

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.  

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account. 

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself. 

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips: 

• Be suspicious of any text messages that ask for personal information or include a link. 
• Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off. 
• Look for errors in spelling or grammar. This can be another sign that the message is not legitimate. 
• Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking. 
• If you’re not expecting a message from the sender, be extra cautious. 
• If you’re unsure whether a text message is legitimate, call the company or organization directly to verify. 

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links. 

To set up spam filters on your iPhone: 

1. Go to the Settings App 
2. Go to Messages 
3. Find the Filter Unknown Senders option and turn it on 

To set up spam filters on your Android mobile device: 

1. Go to the Messaging App 
2. Choose Settings 
3. Tap Spam Protection and turn on Enable Spam Protection 

Use McAfee Mobile Security 

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones. 

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches. 

Other benefits include: 

• Antivirus 
• Secure VPN for privacy online 
• Identity monitoring for up to 10 emails 
• Guard your identity against risky Wi-Fi connections 
• Safe browsing 
• System Scan for the latest updates 

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important. 

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.  

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure. 

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected. 

The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact ("72client") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said. "All users can rest assured that

Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger

Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the