CyberSecurity news

FlagThis - #telegram

Pierluigi Paganini@Security Affairs //

Russian Brokers Offering Millions for Telegram Exploits

A Russian zero-day broker known as Operation Zero is offering up to $4 million for zero-day exploits targeting the Telegram messaging app. This broker exclusively sells vulnerabilities to Russian government and private organizations, suggesting a significant interest from these entities in exploiting Telegram's security flaws. The high bounty offered indicates the immense value of potential targets to these organizations and their willingness to invest heavily in acquiring such exploits.

Operation Zero has released multiple bounty tiers for security vulnerabilities targeting Telegram, with the price depending on the user interaction required. Remote code execution vulnerabilities needing one user interaction fetch $500,000, while a zero-click RCE vulnerability is valued at $1.5 million. A complete exploit chain capable of compromising the entire system may command up to $4 million. This highlights the potential for targeted attacks on individuals or user groups through the platform, given Telegram's user base of over a billion.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberInsider: Russian Zero-Day Firm Offers Record $4 Million for Telegram Exploits
  • infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
  • techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
  • securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • securityonline.info: The Russian vulnerability broker, Operation Zero, is a company specializing in the acquisition and sale of security vulnerabilities—whether The post appeared first on .
  • Davey Winder: The Russian exploit brokerage firm, Operation Zero, is offering up to $4 million for zero-day vulnerabilities in Telegram. This signifies heightened state-sponsored interest in hacking Telegram.
  • hackread.com: A broker that only sells to Russian private and government organizations has just offered $4 million for a zero-day hack attack against the Telegram messenger app.
Classification:
Carly Page@TechCrunch //

PSEA Data Breach Exposes Personal Information of 500,000 Members

The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, has announced a significant data breach affecting over 500,000 members. The breach, which occurred in July 2024, resulted in attackers stealing sensitive personal information. PSEA is now notifying the impacted individuals about the incident and the potential risks.

The stolen data includes highly sensitive information, such as government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial data like card numbers with PINs and expiration dates. Member account numbers, PINs, passwords, and security codes were also accessed. PSEA took steps to ensure, to the best of its ability and knowledge, that the stolen data was deleted.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • BleepingComputer: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • techcrunch.com: US teachers’ union says hackers stole sensitive personal data on over 500,000 members
  • www.bleepingcomputer.com: Pennsylvania education union data breach hit 500,000 people
  • The Register - Security: Attackers swipe data of 500k+ people from Pennsylvania teachers union
  • The DefendOps Diaries: Understanding the PSEA Data Breach: Lessons and Future Prevention
  • : The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
  • Zack Whittaker: Pennsylvania's biggest union for educators had a data breach, exposing over half a million members' personal information.
  • securityaffairs.com: Pennsylvania State Education Association data breach impacts 500,000 individuals
  • Carly Page: The Pennsylvania State Education Association says hackers stole the sensitive personal and financial information of more than half a million of its members.  PSEA said it “took steps†to ensure the stolen data was deleted, suggesting it was the target of a ransomware or data extortion attack, and subsequently paid a ransom demand to the hackers responsible
  • infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
  • securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
  • CyberInsider: Cyber Insider article about Russian Zero-Day Firm Offering Record $4 Million for Telegram Exploits
  • www.techradar.com: Data breach at Pennsylvania education union potentially exposes 500,000 victims
Classification:
  • HashTags: #DataBreach #PSEA #Privacy
  • Company: Pennsylvania State Education Association
  • Target: PSEA members
  • Product: Membership Management System
  • Feature: Member Database
  • Type: DataBreach
  • Severity: Major
@cyberpress.org //

Telegram for Android Zero-Day Exploited

A critical zero-day vulnerability, dubbed EvilLoader, has been discovered in Telegram for Android by security researcher 0x6rss. This exploit allows attackers to disguise malicious APK files as video files, potentially leading to unauthorized malware installations on users' devices. The vulnerability exploits Telegram's file handling mechanism, tricking the app into treating HTML files with .mp4 extensions as legitimate video files, even though the file is not a video file.

When a user attempts to play these crafted "videos," Telegram prompts them to open the file in an external application, potentially leading to the installation of malicious software. For the attack to succeed, users must click the embedded link multiple times, disable Android’s security restriction on installing apps from unknown sources, and proceed with the installation. The file facilitating this attack has been available for sale on underground hacker forums.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberpress.org: A critical zero-day vulnerability in Telegram for Android, dubbed EvilLoader, has been discovered by security researcher 0x6rss. This exploit allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users’ devices.
  • WeLiveSecurity: ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos
  • securityonline.info: Telegram’s EvilLoader: Hackers Exploit Video Flaw Again
Classification:

Posts

Blogs

Research Tools