We have gathered the week’s most important cybersecurity news.
- The United States announced the development of new encryption standards.
- Experts say the Conti ransomware group has ceased operations.
- Delivery Club experienced a data breach.
Experts say Conti hackers have ceased operations
Cybersecurity experts have said that Conti’s operations have ceased.
According to Advanced Intel, the admin panels on the Tor network used by participants to conduct negotiations and publish ‘news’ on the data-leak site of hacked companies are now offline.
Meanwhile, Conti members are now operating in other, smaller hacker groups, according to analysts.
Earlier, the U.S. State Department offered $15 million for information on Conti ransomware operators.
Roskomnadzor seeks to ‘ground’ Wikimedia Foundation
Roskomnadzor listed the Wikimedia Foundation, a non-profit charitable organization, among the entities required to open a representation in Russia and comply with the so-called ‘grounding’ law.
The organization maintains the infrastructure for several projects, including Wikipedia.
Lazarus attacked VMware servers via Log4Shell
The North Korea-linked Lazarus group is using the widely publicized Log4Shell vulnerability to implant backdoors on VMware Horizon servers, according to Bleeping Computer.
The malware installed by the attackers carries out a range of espionage operations, including taking screenshots, keystroke logging, accessing files, and more.
In some cases, Lazarus deployed not spyware but hidden cryptocurrency miners on compromised devices.
The United States is working on new encryption standards
The United States is developing encryption standards aimed at countering breaches enabled by quantum computing, Bloomberg reports.
The National Institute of Standards and Technology (NIST) is running a competition to update such encryption protocols. The US administration plans to implement the NIST-developed algorithms for all economic institutions in the country, as far as possible by 2035.
The NSA is partly involved in the development and assures that the new encryption protocols will contain no backdoors.
Trend Micro reports fraudulent Google Play apps targeting cryptocurrency users and Facebook accounts
Trend Micro researchers discovered more than 200 variants of various apps in Google Play infected with Facestealer spyware.
It steals Facebook user credentials via fraudulent apps from Google Play.
They also found more than 40 fake apps that purportedly allow earning through crypto mining, but are actually aimed at stealing passwords and seed phrases:
“The operators not only try to profit from their victims by deceiving them into paying for fake cloud mining services, but also attempt to steal private keys and other confidential information”.
Delivery Club data breach
Russia’s largest food and grocery delivery service Delivery Club said there was a data breach. The company states that it did not involve customers’ banking information.
The provider says the full database contains 250 million records, including names, phone numbers, delivery addresses, e-mails and more.
Also on ForkLog:
- The court overturned the decision to block the Tor site in Russia and referred the case for reconsideration.
- Anonymous hackers released documents from the Sberbank database.
- The creators of the card with leaked customer data for “Yandex.Eda” added its leaks from the GIBDD, VTB and Avito.
- The United States accused of creating a ransomware virus a 55-year-old cardiologist from Venezuela.
- US authorities warned about the involvement of IT specialists from North Korea in crypto-project development.
What to read this weekend?
Russian authorities continue to tighten censorship and restrict citizens’ access to social networks and alternative information sources. ForkLog explains how to read blocked resources.
Read ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analytics.