Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label links. Show all posts

Join Group Calls Easily on Signal with New Custom Link Feature





Signal, the encrypted messaging service, has included new features to make it easier to join group calls, through personalised links. A blog post recently announced the update on the messaging app, setting out to simplify the way of conducting and administering a group call on its service.


Group Calls via Custom Link Easily Accessible


In the past, a group call on Signal began by first making a group chat. Signal recently added features that included automatically creating and sharing a direct link for group calls. Users no longer have to go through that annoying group chat setup just to make the call. To create a call link, one has to open the app and go to the links tab to tap to start a new call link. All links can be given a user-friendly name and include the ability to require approval of any new invitees prior to them joining, adding yet another layer of control.


The call links are also reusable, which is very useful for those who meet regularly, such as weekly team calls. Signal group calling has now been expanded to 50 participants, expanding its utilisation for larger groups.


More Call Control


This update also introduces better management tools for group calls. Users can remove participants if needed and even block them from rejoining if it is needed. That gives hosts more power when it comes to who should have access to the call, which would improve safety and participant management.


New Interactive Features for Group Calls


Besides call links, Signal has also integrated some interactive tools for consumers during group calls. Signal has included a "raise hand" button to enable participants to indicate whether they would want to speak, which makes further efforts to organise group discussions. It also allows support through emoji reactions in calls. The user can continue participating and not interrupt another caller.


Signal has also improved the call control interface so that more manoeuvres are available to mute or unmute a microphone, or turn cameras on or off. This is to ensure more fluidity and efficiency in its use.


Rollout Across Multiple Platforms


The new features are now rolled out gradually across Signal's desktop, iOS, and Android versions. The updated app is available on the App Store for iPhone and iPad users free of charge. In order to enjoy the new features regarding group calling functions, users should update their devices with the latest version of Signal.


Signal has recently added new features to make group calling easier, more organised, and intuitive. It has given the user more freedom to control the calls for both personal use and professional calls.

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.