We’ve gathered the most important cybersecurity news from the past two weeks.
- Hackers gained access to user data of cryptocurrency exchange KeepChange.
- An employee at Yandex provided access to users’ email accounts.
- In China, the Clubhouse social network was blocked amid a surge in popularity. Experts warned that the Chinese government could have access to user data.
- Facebook restricted news for residents of Australia, and access to Australian media content worldwide.
Yandex disclosed an internal leak of user data
In Yandex, they reported a breach affecting 4,887 Yandex.Mail inboxes caused by an employee.
“This was one of three system administrators with the access rights required to perform the tasks needed to support the service,” the company said.
Unauthorized access to the compromised mailboxes has been blocked, and victims have been notified to change their passwords. An investigation is underway.
Hackers breached the KeepChange exchange and gained access to user data
Cryptocurrency platform KeepChange was the target of a hacking attack, resulting in a data breach.
Data Breach at KeepChangehttps://t.co/PtWT4u8s62
— KeepChange (@KeepChange_io) February 8, 2021
The project team said that “not a single bitcoin was stolen,” however user data were compromised. Hackers gained access to names, email addresses, details about the number and amount of transactions, and hashed passwords.
In KeepChange, withdrawals were paused and they urged users to change passwords as soon as possible and enable two-factor authentication.
Facebook began restricting news in Australia over a new law
From 17 February, Facebook blocked Australian media from publishing content, and users in the country cannot view local or international news via the platform. Users in other countries also cannot share posts from Australian media.
This move followed a proposed bill under which digital platforms would have to pay media for publishing and distributing their content.
Facebook did not back down, arguing that hosting news on the platform helps distribution and monetisation for media outlets.
“Such actions merely confirm the concerns that an increasing number of countries express about the behavior of tech firms that consider themselves above governments and rules. They can change the world, but that does not mean they rule it,” said Australian Prime Minister Scott Morrison.
A database with more than 3 billion stolen records put up for sale
On the RaidForums cybercrime forum, a database containing about 3.27 billion “unique combinations of email addresses and passwords” was posted, ThreatPost reports. It was priced at just $2.
The database is a compilation of data obtained from previous breaches. It includes data from Netflix, LinkedIn, Exploit and other platforms.
According to the seller going by Singularity0x01, the database was built on the basis of a previous 1.4 billion-record compilation.
Experts noted that some files in the database were corrupted or missing, and the total size appeared smaller than claimed. RaidForums later permanently banned Singularity0x01 for “leakage of hidden content.”
Experts reveal the most popular passwords leaked online
Analysts named the passwords that appeared most often in 2019–2020 breaches. Among them are 123456, picture1 (test1 in 2019) and password. Analysts advise changing your password if it is on the list.
If you find your password on this list published by security application provider @NorthpassHQ, it might be wise to make a change. https://t.co/eXMaxb1lMV pic.twitter.com/t2w6M1WKkH
— Statista (@StatistaCharts) February 10, 2021
More than 100 financial services firms were targeted by DDoS attacks
In 2020, more than 100 financial-services firms worldwide fell under the gaze of hackers orchestrating DDoS strikes. This is according to the FS-ISAC.
More than 100 #financialservices firms across the globe were targets of a wave of DDoS attacks in 2020. See our latest release for how cross-border #cyberintel sharing helps protect firms from evolving threats. https://t.co/vjloWc8Dfw #daretoshare pic.twitter.com/GE426H1teC
— FS-ISAC (@FSISAC) February 9, 2021
Companies received threat emails promising further attacks and ransom. The Wall Street Journal notes attackers began by targeting individual companies to demonstrate their capabilities, and threatened to escalate. Initially they demanded ransom from $200,000 to $350,000 in bitcoin.
The attackers claimed ties to the Fancy Bear and Lazarus groups. However, the FBI stated they were simply trying to intimidate their victims.
Microsoft fixed more than 50 vulnerabilities in its products
Microsoft patched over 50 bugs, including a zero-day vulnerability that attackers had already exploited.
The Windows TCP/IP stack also received fixes for three vulnerabilities that could allow control of the systems.
China blocks Clubhouse
Chinese authorities blocked the Clubhouse social network, which had been rapidly gaining popularity worldwide.
According to South China Morning Post, Clubhouse spread quickly in China because users had a rare chance to discuss political issues.
TechCrunch reports that since last Monday, users on the mainland can no longer access the app, though the site remains unblocked.
Stanford Internet Observatory reports that part of Clubhouse’s infrastructure is run by the Shanghai-based Agora software vendor, which also has an office in the United States. User IDs are transmitted in plaintext over the internet.
📢 New work out today from our Tech team & China research team: @joinClubhouse app recently became popular in 🇨🇳. We looked at its data security practices & found a potential risk to mainland Chinese users.
Here are our key findings 👋🧵⤵️
(1/8)
— Stanford Internet Observatory (@stanfordio) February 13, 2021
Thus, researchers suggested that Chinese authorities could access user data from Clubhouse.
Google to introduce anti-tracking features in Android
Google aims to follow Apple’s lead and is exploring a version of anti-tracking in Android, Bloomberg reports, citing familiar sources.
According to the publication, engineers are weighing how to limit data collection and cross-app tracking in Android, although the new feature would be less radical than Apple’s.
US police request Amazon Ring footage to track Black Lives Matter protesters
The Electronic Frontier Foundation gained access to emails showing that Los Angeles Police Department requested data from Amazon Ring doorbell cameras.
When we asked for more info on what, specifically, LAPD was investigating, they responded with «criminal behavior.» LAPD also redacted the dates, times, and number of hours of footage sought. https://t.co/OOf6y9vClp
— EFF (@EFF) February 16, 2021
Requests for footage relate to last year’s Black Lives Matter protests, media reports say. Civil-liberties groups note that the growing use of surveillance tools during protests poses an “incredible risk” to civil rights:
“People have fewer opportunities to exercise their rights to political speech, protest and assembly if they know the police can obtain video of these actions simply by sending letters to people with Ring cameras.”
Also on ForkLog:
- The media reported that hackers attacked KIA Motors America and demanded $20 million in bitcoin.
- US authorities charged three North Korean hackers in the theft of more than $1.3 billion.
- EXMO exchange was subjected to a DDoS attack.
- Hacker withdrew tokens worth $37.5 million from the DeFi protocol Cream Finance.
- In Ukraine, arrested suspects linked to the Egregor ransomware.
- The Cyberpunk 2077 and The Witcher designer suffered a ransomware attack.
- Europol announced the arrest of hackers who stole $100 million in cryptocurrency using SIM-swapping.
- Blockfolio was hacked for the purposes of an abusive mailing list.
- Ransomware operator Ziggy shut down.
- The UN stated that North Korea used stolen cryptocurrency to advance its nuclear weapons program, and linked the KuCoin hack to DPRK hackers. Chainalysis confirmed the latter.
- Experts described the legality of monitoring protesters using surveillance data.
What to read this weekend?
Since mid-December, the SolarWinds software supply chain attack has drawn enormous attention from U.S. intelligence and cybersecurity professionals worldwide.
ForkLog explored why this breach is regarded as one of the biggest attacks on American government systems in recent years.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full feed of news, ForkLog — the most important news and polls.