We have gathered the most important cybersecurity news from the past week.
- Media reports that Russia will study identifying internet users by their phone numbers.
- Seven trackers were found in LastPass for Android.
- The head of Microsoft said the company has evidence that Russian hackers are behind the cyberattacks on U.S. government agencies.
In Russia, authorities may begin identifying internet users by their phone numbers
The Central Scientific Research Institute of Communications (TsNIIS) will study the possibility of identifying internet service users using a system mapping phone numbers to domain names.
According to «Ъ» citing procurement-site documentation, around 33 million rubles are planned to be spent.
Microsoft says it has evidence of Russia’s involvement in the attack on U.S. government systems
During testimony before the U.S. Senate Intelligence Committee, Microsoft head Brad Smith stated that the company has strong evidence of Russia’s involvement in cyberattacks affecting multiple U.S. government agencies.
He added that Microsoft specialists found no signs indicating involvement by anyone else.
Also, White House national security adviser Jake Sullivan said that the United States will prepare a response to Russia for these cyberattacks. According to him, the response will include not only sanctions but also “visible and invisible tools.”
The large-scale attack first came to light in December 2020.
Part of Clubhouse conversations were broadcast to a third-party site
An unknown user managed to bypass the security settings of the popular Clubhouse app and streamed some conversations from closed “rooms” to a third-party site, reports Bloomberg.
The company said it has already blocked the user and introduced additional security measures. Nevertheless, experts noted that the app cannot fully guarantee data confidentiality.
In Ukraine, a cyberattack on the state document-management system is linked to Russian hackers
The National Cybersecurity Coordination Center under the Ukrainian National Security and Defense Council recorded attempts to distribute malware via the government document-interaction system. The attack is linked to Russian hackers.
The @ncsccUA warns of a cyberattack on the document management system of state bodies. The attack belongs to the so-called supply chain attacks. Methods and means of carrying out this cyberattack allow to connect it with one of Russia’s hacker spy groups.https://t.co/ICgYxuuflH
— NSDC of Ukraine (@NSDC_ua) February 24, 2021
The aim of the attack was to infect Ukrainian government information resources and gain remote access to devices.
“The methods and means of implementing this cyberattack allow tying it to one of Russia’s hacker espionage groups,” said the statement.
Seven trackers found in LastPass for Android
Security researcher Mike Kuketz discovered seven trackers in the LastPass Android app and recommended users drop the service.
The company said the trackers do not transmit actual passwords or user names, and the latter can be opted out at any time.
Nevertheless, Kuketz noted that the mere presence of trackers is a bad sign for a security-critical app handling confidential data.
Trend Micro: the number of cyber threats detected by the company in 2020 exceeded 62.6 billion
Last year, Trend Micro researchers detected 119,000 cyber threats per minute, ForkLog representatives said.
One of hackers’ main targets last year was remote workers and network infrastructure.
There was a 34% rise in new ransomware families used in “double extortion” attacks — when hackers first steal data and demand a ransom to avoid publishing it, then encrypt it.
The total number of cyber threats detected and blocked by Trend Micro grew by 20% in 2020 and exceeded 62.6 billion.
Australian authorities reached an agreement with Facebook after blocking news on the social network
After Facebook left Australian users without news, and also stopped showing Australian media posts to users in other countries in protest against the proposed news law, the companies and local authorities managed to reach a settlement.
According to the agreements, the bill was amended. Among other things, tech giants like Google or Facebook received more time to negotiate with Australian media companies about the remuneration for hosting their content on platforms. If talks fail, the government will set the remuneration amount.
As a result, this week the law passed.
Tor released an update to boost security
Tor Project released OnionShare 2.3, aimed at improving secure and anonymous file transfer.
Also on ForkLog:
- Moscow authorities will establish a new system for tracking citizens in the metro.
- An Ukrainian court ordered access to ForkLog, the GitHub subdomain and LiveJournal to be blocked. Later, the criminal case that formed the basis for the court decision was closed.
- A hacker put up for sale an alleged Trezor user database. The developers suspected it was fake.
- The attacker demanded bitcoins to decrypt files of an enterprise in Zarechny.
- The media reported that hackers withdrew crypto assets worth $45,000 from the non-operational Cryptopia exchange.
What to read this weekend?
A ForkLog exclusive examines how Russian authorities deploy a CCTV camera system and what it means.
Subscribe to ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — the most important news and polls.