Latest news with #MD5
Yahoo
19-05-2025
- Yahoo
Knock-off Signal app Mike Waltz was caught using can be hacked in ‘15 to 20 minutes,' report says
The 'knock-off' Signal app Mike Waltz was caught using, which lacks security guarantees, can be hacked in '15 to 20 minutes,' according to a report. Days after former National Security Adviser Mike Waltz was caught in photos using a Signal dupe called TeleMessage Signal, or TM SGNL, a hacker broke into the app and was able to access sensitive data. The app, which archives copies of all messages, unlike Signal, was infiltrated easily and within a matter of minutes all thanks to a basic misconfiguration in the app, the hacker told Wired. 'I would say the whole process took about 15 to 20 minutes,' the hacker said. 'It wasn't much effort at all.' TeleMessage, which has since temporarily suspended its services, had a weak password system and a slew of other issues that allowed the hacker to easily infiltrate. 'I first looked at the admin panel and noticed that they were hashing passwords to MD5 on the client side, something that negates the security benefits of hashing passwords, as the hash effectively becomes the password,' the hacker said. Hashing is a security measure that transforms plain-text passwords into a seemingly random string of characters, making it difficult to determine the original password. However, TeleMessage used MD5, an inadequate version of the algorithms used to hash passwords, according to Wired. TeleMessage was also programmed with JSP, an antiquated program to create web apps in Java, which made the hacker realize 'their security must be poor.' The hacker then utilized Feroxbuster, which locates publicly available resources on a website, to find a vulnerable URL to hack. They were then led to a Java heap dump – a snapshot of the server's memory the moment they loaded the URL – and discovered usernames and passwords of random accounts. The hacker tried logging into the app with a random pair of credentials they had just gained access to – and eventually hacked into an account with an email address associated with US Customs and Border Protection. CBP confirmed to Wired that it was a TeleMessage customer. The hacker was then able to read plaintext chat logs, including internal conversations from Coinbase, a popular crypto trading platform. Within 15 to 20 minutes, the hacker said they were able to compromise CBP and Coinbase, according to the report. According to the report, the app uploaded unencrypted messages to before forwarding the messages to the customer's intended destination. This goes against TeleMessage's claims that the app uses 'end-to-end encryption from the mobile phone through to the corporate archive,' according to the report. Additionally, according to the report, if anyone had loaded the heap dump URL as Mike Waltz was texting on the app, they would have been able to gain access to his encrypted Signal messages as well. Waltz was Trump's National Security Adviser before being removed from his post and tapped to be the U.S. ambassador to the United Nations. The shakeup happened after Waltz accidentally added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a Signal group chat where top Trump officials were discussing imminent U.S. military strikes on Yemen. Goldberg then reported on what was supposed to be a secret dialogue between officials, including Defense Secretary Pete Hegseth and Vice President JD Vance, causing a scandal for the Trump administration. Secretary of State Marco Rubio is Trump's acting National Security Adviser until he names an official replacement.
The Independent
19-05-2025
- The Independent
Knock-off Signal app Mike Waltz was caught using can be hacked in ‘15 to 20 minutes,' report says
The 'knock-off' Signal app Mike Waltz was caught using, which lacks security guarantees, can be hacked in '15 to 20 minutes,' according to a report. Days after former National Security Adviser Mike Waltz was caught in photos using a Signal dupe called TeleMessage Signal, or TM SGNL, a hacker broke into the app and was able to access sensitive data. The app, which archives copies of all messages, unlike Signal, was infiltrated easily and within a matter of minutes all thanks to a basic misconfiguration in the app, the hacker told Wired. 'I would say the whole process took about 15 to 20 minutes,' the hacker said. 'It wasn't much effort at all.' TeleMessage, which has since temporarily suspended its services, had a weak password system and a slew of other issues that allowed the hacker to easily infiltrate. 'I first looked at the admin panel and noticed that they were hashing passwords to MD5 on the client side, something that negates the security benefits of hashing passwords, as the hash effectively becomes the password,' the hacker said. Hashing is a security measure that transforms plain-text passwords into a seemingly random string of characters, making it difficult to determine the original password. However, TeleMessage used MD5, an inadequate version of the algorithms used to hash passwords, according to Wired. TeleMessage was also programmed with JSP, an antiquated program to create web apps in Java, which made the hacker realize 'their security must be poor.' The hacker then utilized Feroxbuster, which locates publicly available resources on a website, to find a vulnerable URL to hack. They were then led to a Java heap dump – a snapshot of the server's memory the moment they loaded the URL – and discovered usernames and passwords of random accounts. The hacker tried logging into the app with a random pair of credentials they had just gained access to – and eventually hacked into an account with an email address associated with US Customs and Border Protection. CBP confirmed to Wired that it was a TeleMessage customer. The hacker was then able to read plaintext chat logs, including internal conversations from Coinbase, a popular crypto trading platform. Within 15 to 20 minutes, the hacker said they were able to compromise CBP and Coinbase, according to the report. According to the report, the app uploaded unencrypted messages to before forwarding the messages to the customer's intended destination. This goes against TeleMessage's claims that the app uses 'end-to-end encryption from the mobile phone through to the corporate archive,' according to the report. Additionally, according to the report, if anyone had loaded the heap dump URL as Mike Waltz was texting on the app, they would have been able to gain access to his encrypted Signal messages as well. Waltz was Trump's National Security Adviser before being removed from his post and tapped to be the U.S. ambassador to the United Nations. The shakeup happened after Waltz accidentally added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a Signal group chat where top Trump officials were discussing imminent U.S. military strikes on Yemen. Goldberg then reported on what was supposed to be a secret dialogue between officials, including Defense Secretary Pete Hegseth and Vice President JD Vance, causing a scandal for the Trump administration. Secretary of State Marco Rubio is Trump's acting National Security Adviser until he names an official replacement.
Yahoo
08-04-2025
- Business
- Yahoo
Index Engines' Latest CyberSense® Release Strengthens AI-Driven Cyber Resilience
The latest CyberSense update provides an industry-first raw disk corruption detection, advanced threat analysis, and seamless integration to fortify cyber resilience HOLMDEL, N.J., April 8, 2025 /PRNewswire/ -- Cyber Resilience company Index Engines, today announced the release of CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides powerful new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense's highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. "As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast and accurate recovery," said Larry Meese, Vice President of Product Marketing at Index Engines. "CyberSense innovation and integration with Dell PowerProtect Cyber Recovery represents another major step forward in delivering comprehensive cyber resilience. It not only enhances our customers' abilities to detect and recover from threats more effectively but also reinforces Index Engines' position as a trusted leader in AI-driven data protection and integrity." This latest release is focused on the advanced, proactive detection of bad actors for an accelerated and streamlined recovery: Raw Disk Corruption Detection: Index Engines offers the industry's first raw disk corruption detection safeguards for virtual machines against ransomware, malware, wiper attacks, hardware failures, and internal corruption. CyberSense flags raw disk corruption by identifying read errors and alerting users to potential attacks that prevent access to critical files. Traditional ransomware retains visibility into the (encrypted/corrupted) files, making them accessible but unusable. By contrast, this attack vector hides the files, giving the appearance of an empty or faulty disk. Custom YARA Rule Support: Custom YARA rules within CyberSense support detection of patterns in files, allowing it to identify even zero-day ransomware that hasn't been seen before. Custom Malware Signatures: While CyberSense already maintains its own database of malware signatures, users can now supply their own MD5 signatures, enabling both forward and backward detection of malware in backups. Once added, CyberSense will search for the signature within both historical and future backups. Rapid Threat Detection with Delta Block Analysis: Users can now see the DBA score produced by CyberSense and visualize on a graph how that score changes over time, and what is normal activity for their environment. Already an existing feature in previous versions, DBA improves performance by scanning only changed blocks rather than all files on a virtual machine. It uses AI to detect suspicious activity and triggers a full index if necessary. Expanded Workload Support and Future Proofing: Optimized for databases, VMs, and cloud workloads, CyberSense ensures seamless integration with leading security and backup solutions, including PowerProtect Data Manager 19.18 & 19.19; Avamar 19.12, NetWorker 19.12; Commvault Backup and Recovery 11.36; Cohesity NetBackup 10.5, including NetBackup OST (Open Storage Technology); and Oracle ASM RMAN. CyberSense 8.10 brings deeper visibility into organizational data integrity, ensuring the detection of corrupted data, and allows organizations to pinpoint the last known clean backup, to minimize the impact of an attack. This latest release also empowers organizations with expanded role-based access control with custom permissions as well as improved threshold alerts and UI/UX improvements. CyberSense is available now through Dell Technologies and its global partner network. See it at Index Engines' booth during Dell Technologies World, May 19-22 in Las Vegas. To learn more about how Index Engines is driving the future of cyber resilience, visit: About Index EnginesAt Index Engines, we are experts in Cyber Resiliency, helping organizations build an infrastructure where trusted data is available and reliable. Our leading solution, CyberSense, provides a 99.99% SLA for detecting ransomware corruption. CyberSense empowers organizations to confidently navigate cyber challenges, mitigate risks, and quickly recover to normal business operations in the ever-evolving cyber landscape. For more information, visit View original content to download multimedia: SOURCE Index Engines
