We have gathered the most important cybersecurity news from the past week.
- The European Union has stepped up privacy pressure — reports say the Council of the EU has presented a resolution requiring messaging services to curb end-to-end encryption, while one EU agency is training police from different countries to hack iPhones.
- Researchers have found a new ransomware.
- Microsoft accused hackers linked to Russia and North Korea of attacking COVID-19 vaccine developers.
Media: EU proposes to limit end-to-end encryption in messaging apps
The Council of the European Union has presented a resolution according to which messaging services should facilitate law enforcement access to encrypted data. Media noted that this could threaten end-to-end encryption.
The document was also prepared with the participation of Europol, the FBI and the Five Eyes intelligence alliance, which includes the United Kingdom, the United States, Australia, New Zealand and Canada.
The final approval is expected in December.
The EU trains law enforcement worldwide in user surveillance
According to Privacy International, one EU agency trains police from various countries in hacking iPhones, deploying malware, and surveilling users.
[NEW!] Today, we reveal how EU funds are used to support surveillance in non-EU countries.
PI and a coalition of civil society organisations demand urgent reforms to EU development aid and cooperation programmes!
More in this thread https://t.co/wEGbc59yDc
— Privacy International (@privacyint) November 11, 2020
Privacy International claims that such training is often funded by EU funds, and participants include law enforcement from countries outside the EU.
Moscow authorities spend 237 million rubles on facial recognition system protection
The Moscow mayor’s office is conducting a tender to create protections for the facial recognition system against unauthorized access and data leaks, prompting human rights advocates to call for a moratorium on its use. The starting price of the tender is 237 million rubles.
The city plans to allocate about 28.5 billion rubles for the operation of the video surveillance system from 2021 to 2023.
Microsoft: Hackers from Russia and North Korea Target COVID-19 Vaccine Developers
Microsoft said that hackers are increasingly targeting pharmaceutical companies in Canada, France, India, South Korea and the United States involved in coronavirus vaccine research.
According to Microsoft, the attacks are carried out by Russia-linked hackers Strontium (Fancy Bear) and two North Korean groups — Zinc and Cerium.
Researchers find how malware most often ends up on Android devices
Researchers at NortonLifeLock and the IMDEA Software Institute analyzed 12 million Android devices and found that nearly 68% of detected malware apps were obtained directly from the Google Play Store.
The second place, by a large margin, is taken by alternative app stores.
The world’s largest office furniture manufacturer victim of ransomware
Steelcase said it recently suffered a cyberattack, forcing a two-week shutdown of all systems.
According to Bleeping Computer, Ryuk ransomware operators were behind the attack.
New ransomware hit Israeli companies
Several Israeli companies were subjected to cyberattacks by the previously unknown Pay2Key ransomware.
The malware spread across corporate networks and encrypted data within an hour. Usually, the operators behind Pay2Key demand a ransom of 7 to 9 BTC.
A 8.3 million-record database of 123rf stock photo users surfaced online
On a hacker forum, a database of the popular stock photo service 123rf was posted containing names, email addresses, phone numbers, IP addresses, and more.
Inmagine Group, which owns 123rf, confirmed the breach but noted that the data in the database are not the most up-to-date.
Google Chrome fixes two more zero-day vulnerabilities
Google researchers have again patched bugs in their browser. The company did not disclose details, but this is the fourth and fifth vulnerabilities fixed in recent weeks.
Also on ForkLog:
- Hackers attacked the laptop maker Compal and demanded 1100 BTC ransom.
- US authorities accused Zoom of deceiving users about data protection.
- Experts disclosed how much money hackers stole from cryptocurrency users over nine years.
- A former Microsoft employee received a prison sentence for Bitcoin fraud.
What to read this weekend?
Can Bitcoin mining activity be fully anonymous? Slush Pool representatives discussed key ways to enhance miners’ privacy.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.