The weakest passwords of 2020, geolocation data sales to the US military, and other cybersecurity developments

We’ve gathered the week’s most important cybersecurity news.

The most popular (and weak) passwords of 2020 named

NordPass researchers published the list of the most frequently used passwords of 2020.

Let’s talk progress. It’s been only a year, and we already made it to 6 digits. 💪 The future is bright, huh?

Click the link, breathe in, breathe out, and deep dive in into the waters of password habits of 2020: https://t.co/TIiKMcRjKC pic.twitter.com/K0RSQIWhEC

— NordPass (@NordPass) November 19, 2020

Top of the list are “123456”, “123456789”, “picture1”, “password” and “12345678”.

Most of the passwords on the list can be cracked in less than a second.

In Russia, a proposal to block overseas sites such as YouTube and Facebook was introduced

A bill was submitted to the State Duma, proposing the ability to block internet resources for “violation of human rights and freedoms”. Censorship of materials from Russian media was among such violations.  

“Since April 2020, authorized Russian authorities have recorded complaints from media outlets about censorship of their accounts by foreign internet platforms Twitter, Facebook, and YouTube. Censorship affected media outlets such as Russia Today, RIA Novosti, Crimea 24,” the explanatory note says.

One of the bill’s authors suggested that, as a result of adopting the bill, YouTube could be blocked in Russia.

Firefox adds “HTTPS-Only” mode

Mozilla released a new version, Firefox 83.0, with improved security. The browser can now enable the “HTTPS-Only” mode. It will ensure the HTTPS version of a site is used, and if that is not possible — warn the user. 

Media: US military buys location data of people around the world

As a result of the investigative reporting, it has emerged that the US military buys location data of people from apps across the globe.

⚡️ “How the U.S. Military Buys Location Data from Ordinary Apps”https://t.co/Uw0HdeAJAo

— Motherboard (@motherboard) November 16, 2020

Journalists found two companies selling data to the military — Babel Street, behind the Locate X service, and X-Mode.

The former provides advertising data to intelligence agencies, law enforcement and the military for monitoring. Access to the service’s database was acquired by the United States Special Operations Command.

X-Mode obtains location data directly from apps and then sells this data to contractors.

One of the most popular apps linked to selling data to the US military was Muslim Pro — downloaded more than 98 million times.

Major hosting provider Managed.com shut down client sites due to ransomware attack

Hackers attacked a major managed web hosting provider Managed.com, forcing the company to take down all its servers. 

According to BleepingComputer, the REvil operators were responsible for the attack, demanding $500 000 in Monero.

Facebook Messenger for Android fixed a vulnerability that allowed eavesdropping on users

Facebook fixed a critical vulnerability in the Android version of Facebook Messenger.

It allowed listening to the surroundings of other users during a call before the call was answered.

Russian authorities will release an app to track contacts with infected people

The Ministry of Digital Development of the Russian Federation developed the app “StopCoronavirus. My Contacts.” It will track social contacts and warn if someone within ten meters has COVID-19.

Authorities assured that the app does not collect personal information and users enter data voluntarily. It should be automatically deleted after two weeks.

For details on how governments deploy monitoring tools under the guise of the coronavirus, read ForkLog’s exclusive.

Apple accused of tracking users

A group of European activists called NOYB filed a complaint against Apple over IDFA tracking codes. These codes are assigned to each device and enable tracking of users’ online activity.

NOYB stressed that Apple implements these tracking codes without the owners’ knowledge and may share them with third parties. EU law strictly prohibits such practices without user consent.

Also on ForkLog:

• Bitcoin exchange Liquid reported that user data was leaked.
• Positive Technologies specialists stated that attacks by ransomware are on the rise.
• In the State Duma they introduced a bill banning the use of personal data without the owner’s consent. 
• Twitter will appoint a famous hacker as head of security.

What to read this weekend?

We recount the story of the Russian hacker group Lurk — how it managed to steal more than a billion rubles from banks and how it is connected to the FSB and the hacking of the U.S. Democratic Party.

Subscribe to ForkLog’s news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.