SecurityWeek reports that open source messaging app Threema has been criticized for minimizing a report by Swiss university ETH Zurich detailing that the platform could be leveraged to execute seven different attack techniques.
Threat actors could exploit the messaging platform's authentication and encryption vulnerabilities to secure message metadata, avert message delivery, perform account cloning, and recover Threema ID-related private keys, as well as encrypt compromising messages that would be later sent to users, according to the ETH Zurich study.
While mitigations and a new protocol have been released by Threema in response to the findings, Threema noted no "considerable real-world impact" from any of the attack methods described in the study.
"Most [attacks] assume extensive and unrealistic prerequisites that would have far greater consequences than the respective finding itself," said Threema.
Such a response was noted by ETH Zurich Professor Kenneth Paterson, who was part of the study, to be "unexpectedly dismissive."
Other cybersecurity experts, including Andreas Steiger, have also slammed Threema for an unprofessional and aggressive response to the findings.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.