{"id":5733,"date":"2025-05-17T17:14:20","date_gmt":"2025-05-17T09:14:20","guid":{"rendered":"https:\/\/cicserver.com\/cisa-adds-the-notorious-telemessage-flaw-to-kev-list\/"},"modified":"2025-05-17T17:14:20","modified_gmt":"2025-05-17T09:14:20","slug":"cisa-adds-the-notorious-telemessage-flaw-to-kev-list","status":"publish","type":"post","link":"https:\/\/cicserver.com\/de\/cisa-adds-the-notorious-telemessage-flaw-to-kev-list\/","title":{"rendered":"CISA adds the notorious TeleMessage flaw to KEV list"},"content":{"rendered":"<p><br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/www.csoonline.com\/wp-content\/uploads\/2025\/05\/3985565-0-52385800-1747229217-mobile_user_phone_messaging_texting_by_diego_cervo_gettyimages-598912704_2400x1600-100838209-orig.jpg?quality=50&amp;strip=all\" \/><\/p>\n<div>\n<p>\u201cAlthough the exploitation methods might not be complicated (hence the low score), the outcome\u2014access to plaintext chat logs despite assertions of end-to-end encryption\u2014constitutes a serious breach of confidentiality, which is essential for a secure messaging service, especially one that may handle sensitive communications,\u201d Schwake noted.<\/p>\n<p>CISA\u2019s advice for agencies and businesses to avoid using TeleMessage likely stems from this confirmed real-world exploitation and its significant impact on data privacy, regardless of the technical score, he added.<\/p>\n<h2 class=\"wp-block-heading\" id=\"government-officials-are-especially-vulnerable\">Government officials are especially vulnerable<\/h2>\n<p>\u201cThis vulnerability was most likely added to the KEV list due to the reported use of TeleMessage by government officials,\u201d Thomas Richards, infrastructure security practice director at Black Duck, told CSO in a comment.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u201cAlthough the exploitation methods might not be complicated (hence the low score), the outcome\u2014access to plaintext chat logs despite assertions of end-to-end encryption\u2014constitutes a serious breach of confidentiality, which is essential for a secure messaging service, especially one that may handle sensitive communications,\u201d Schwake noted. CISA\u2019s advice for agencies and businesses to avoid using TeleMessage [&hellip;]<\/p>","protected":false},"author":3,"featured_media":5734,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-5733","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog"},"_links":{"self":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/comments?post=5733"}],"version-history":[{"count":0,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5733\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media\/5734"}],"wp:attachment":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media?parent=5733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/categories?post=5733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/tags?post=5733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}