New blocks in Russia, hackers, Windows 11 and other cybersecurity developments

We have gathered the week’s most important cybersecurity news.

Experts: 3.8 billion Clubhouse user phone-number database on the dark net may be fake

Cybersecurity researcher Marc Ruef reported the sale on the dark net of a database of 3.8 billion phone numbers. He said the leak is linked to Clubhouse and affects not only service users but also contains phone numbers from their synced contacts.

Full phone number database of #Clubhouse is up for sale on the #Darknet. It contains 3.8 billion phone numbers. These are not just members but also people in contact lists that were synced. Chances are high that you are listed even if you haven’t had a Clubhouse login. pic.twitter.com/PfAkUJ0BL5

— Marc Ruef (@mruef) July 23, 2021

Some experts say the database is fake and consists of randomly generated numbers. Even if they are genuine, the data would be almost useless without additional information, the experts added.

The new Clubhouse database leak is pretty much bullshit.

It is just a list of phone numbers, without any additional information, they could have arrived from anywhere. pic.twitter.com/fj9GnriAov

— Alon Gal (Under the Breach) (@UnderTheBreach) July 24, 2021

Israeli authorities began a probe into NSO Group’s activities amid the Pegasus spyware scandal

Israeli authorities conducted inspections at NSO Group offices following the publication of investigations into governments’ use of the company’s spy software to monitor rights defenders, journalists and politicians worldwide.

Earlier, Amnesty International released the Mobile Verification Toolkit (MVT) tool, allowing users to check if a device is infected with Pegasus. However, as The Verge notes, running it requires some technical skills.

Against the Pegasus scandal, 146 civil society organisations and 28 independent experts worldwide urged governments to immediately impose a moratorium on the sale, transfer and use of such surveillance technologies.

DarkSide and REvil ransomware gangs have a successor

Researchers at Recorded Future discovered a new hacking group operating as RaaS. The hackers say they blend the best traits of DarkSide, REvil and LockBit.

They are now seeking opportunities to buy access to networks of large companies in the US, Canada, Australia, and the UK. According to Recorded Future, they are interested in all sectors except healthcare and government.

BlackMatter is offering between $3,000 and $100,000 for network access, as well as a share of a potential ransom payout.

Biden warns of the threat of a real war due to hacker attacks

President Joe Biden signed a national security memorandum aimed at strengthening cyberdefense in critical U.S. companies. For now, the White House has urged such organisations to improve defenses, but Reuters notes that measures to mandate protection for large companies could be codified into law.

Biden also warned that the outcome of such attacks could be a “real shooting war.” The main cyber threat to the United States is seen as coming from hackers in Russia, China, Iran and North Korea.

Earlier in May, the DarkSide attacked the operator of the U.S. Colonial Pipeline, locking its computer systems and stealing data. 

Media reports said that investigations into ransomware attacks in the United States have received the same level of priority as terrorism cases. In the Biden administration, tracking cryptocurrency transactions was named as one possible option to combat ransomware.

Windscribe VPN servers seized by Ukrainian authorities were not encrypted

The privacy tools provider Windscribe failed to ensure proper encryption of its corporate VPN servers, which were seized by Ukrainian authorities last month. 

According to Windscribe’s post, the servers were seized as part of an investigation into activities that took place a year earlier. They contained an OpenVPN server certificate and its private key, but used an older stack rather than full encryption, the company admitted.

Ars Technica reports that Ukrainian authorities could access information on the servers and intercept and decrypt traffic passing through them. Windscribe acknowledged the hypothetical possibility of such a scenario, though the likelihood is very low.

Threat actors began distributing malware disguised as Windows 11

Researchers at Kaspersky’s Kaspersky Lab said that scammers are distributing malware to users eager to download Windows 11.

Often, when downloading a Windows 11 image, users also agree to install other programs.

“These very ‘others’ can be very different: from relatively harmless advertising programs that our solutions classify as not-a-virus, to full-fledged trojans, stealers, exploits and other nasty things,” the experts say.

Russian authorities blocked more than 40 sites linked to Navalny’s team

Roskomnadzor blocked Alexei Navalny’s site and another more than 40 related to him and his team pages.

Later, the mirror site navalny.app was blocked. The Telegram channel Global Check says this was the first case where deep packet inspection equipment was used to block a site.

As a reminder, DPI equipment was installed under the so-called Sovereign Internet Law, which came into force in 2019.

Also on ForkLog:

• Kaseya’s software developer obtained a decryption key without paying a ransom to the hackers.
• User data of the cloud mining service Unmined was exposed.
• DeFi project THORChain paused operations after a series of hacker attacks.
• Monero developers disclosed a flaw in the privacy algorithm.
• Russia submitted to the UN a draft convention on fighting cybercrime. It mentions cryptocurrencies.
• A Moscow court fined Google for the first time 3 million rubles for refusing to localize Russian users’ data.

What to read this weekend?

ForkLog explains what end-to-end encryption is, why governments oppose its use and whether it can be banned.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.