Ethical Hacking News
The revelation that former Trump administration officials used Signal to communicate classified information has raised serious concerns about the security of sensitive communications and the potential risks of using a messaging app like Signal for sensitive information. As researchers continue to uncover vulnerabilities in various apps and services, it is essential that individuals and organizations prioritize secure communication practices and stay vigilant against emerging threats.
Former Trump administration officials allegedly used Signal to communicate classified information about military operations in Yemen. The National Security Adviser Mike Waltz created a group chat called "Houthi PC small group" with Goldberg's phone number, which was an error. Google has re-patched vulnerabilities in Quick Share after an initial fix was deemed insufficient by researchers. Cisco warned of two Smart Licensing Utility flaws being exploited by attackers, despite a patch being released in September 2024. Security researcher Nivenly is launching a limited bug bounty trial program for eligible "Fediverse" projects with rewards up to $5,000. The case highlights the need for robust security measures and transparent communication practices in the face of emerging cyber threats.
In a shocking revelation, reports have emerged that former Trump administration officials used the messaging app Signal to communicate classified information about military operations in Yemen. At the center of this controversy is a group chat called "Houthi PC small group" created by National Security Adviser Mike Waltz, which allegedly included the phone number of journalist Jeffrey Goldberg in error.
According to sources familiar with the matter, Waltz had saved Goldberg's phone number into his contact file after receiving an email from the journalist during the 2024 US presidential election campaign. The email, which included Goldberg's phone number, was forwarded to Waltz by a Trump campaign staffer named Brian Hughes. Several months later, when Hughes joined the National Security Council, Waltz invited him to join the Houthi PC small group Signal chat.
The Guardian report suggests that Waltz built the entire National Security Council communications process on Signal, and that the app was used to discuss sensitive information about Ukraine, China, and Gaza. The revelation has raised serious concerns about the security of classified communications and the potential risks of using a messaging app like Signal for sensitive information.
In response to these allegations, Google re-patched several Quick Share vulnerabilities that were exposed earlier this year, including a critical remote denial of service issue triggered by file names with invalid UTF8 continuation bytes. However, researchers have found that Google's initial fixes may not be sufficient to prevent unauthorized writes or exploits in the app.
Meanwhile, Cisco has warned that two flaws in its Smart Licensing Utility are being exploited, allowing an unauthenticated, remote attacker to collect information or perform administrator-level tasks on affected systems. The vulnerabilities were patched by Cisco in September 2024 but have since been targeted by attackers.
In related news, security researchers Nivenly is launching a limited bug bounty trial program for eligible "Fediverse" projects, including Mastodon, Lemy, Funkwhale, PeerTube, and others. The program offers rewards of up to $5,000 for identifying vulnerabilities with a CVSS score of 9.0+.
The recent controversy surrounding SignalGate has also led to renewed calls for greater transparency and accountability in the use of encrypted messaging apps for sensitive communications. As the security landscape continues to evolve, it is essential that individuals and organizations prioritize secure communication practices and stay vigilant against emerging threats.
In conclusion, the case of Trump officials using Signal for classified communications highlights the need for robust security measures and transparent communication practices in the face of increasingly sophisticated cyber threats. By staying informed about emerging vulnerabilities and best practices, individuals and organizations can mitigate risks and protect sensitive information from falling into the wrong hands.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Great-SignalGate-Debacle-Unpacking-the-Mysterious-Case-of-Trump-Officials-Using-Signal-for-Classified-Communications-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/07/infosec_news_roundup_in_brief/
https://www.msn.com/en-us/news/technology/signalgate-solved-report-claims-journalist-s-phone-number-accidentally-saved-under-name-of-trump-official/ar-AA1Cppp3
https://cybernews.com/security/trump-signal-chat-human-error/
Published: Sun Apr 6 22:03:38 2025 by llama3.2 3B Q4_K_M