Tor updates, fake WhatsApp apps and other cybersecurity events

We round up the week’s most important cybersecurity news.

Tor Browser updates to help bypass blocks

The Tor Project team unveiled Tor Browser 11.5 with updates designed to help users evade censorship.

See more

🎉 Big news: Tor Browser 11.5 is here! In this release, we’re bringing you automatic censorship detection and circumvention, redesigned Tor Network settings, Firefox’s HTTPS-Only Mode enabled by default, and improved font support.

Take a look at what’s new in Tor Browser 11.5: pic.twitter.com/Tq5ldrhJcd

— The Tor Project (@torproject) July 14, 2022

Among the new features is Connection Assist, which automatically bypasses access restrictions to the Tor network, taking into account the blocking characteristics in different jurisdictions. The developers also simplified and expanded the network connection settings section for manual configuration.

Moreover, HTTPS-Only mode is now enabled by default. The HTTPS-Everywhere extension remains only in the Android version.

For an explanation of what the Tor Browser is, why you might need it, and how to use it, see ForkLog’s explainer cards.

Britain delays passage of controversial online safety bill

In Britain, voting on the online safety bill, which has sparked much debate among rights groups, has been postponed, the Financial Times reports.

The document would require major tech platforms to tighten content regulation to combat illegal, potentially harmful and abusive materials. Non-compliance could attract fines of up to 10% of annual turnover.

Many companies, including Google, Meta, and Twitter, as well as rights advocates, have warned that the bill threatens free speech and end-to-end encryption.

A new Android malware has spread in Google Play

Evina security researchers have discovered a new Android malware in the Google Play store that silently subscribes users to premium services.

See more

Found new family of malware that subscribe to premium services 👀

8 applications since June 2021, 2 apps always in Play Store, +3M installs 💀💀

No webview like #Joker but only http requests

Let’s call it #Autolycos 👾#Android #Malware #Evina pic.twitter.com/SgTfrAOn6H

— Maxime Ingrao (@IngraoMaxime) July 13, 2022

The malware Autolycos has been identified in at least eight Android apps, two of which were available in Google Play at the time of researchers’ publication. The infected apps had been installed more than three million times.

Twitter outage hits users worldwide

On July 14, users worldwide reported being unable to access Twitter.

The company later attributed the outage to “issues with internal systems”.

See more

And we’re back! We had some trouble with our internal systems that impacted many of you globally. Twitter should be up and running as expected — sorry for the interruption.

— Twitter Support (@TwitterSupport) July 14, 2022

WhatsApp warns about fake versions of the messenger that steal user data

Will Cathcart said the team found hidden malware in the Hey WhatsApp app and other similar ones that allegedly offer expanded functionality.

See more

Reminder to @WhatsApp users that downloading a fake or modified version of WhatsApp is never a good idea. These apps sound harmless but they may work around WhatsApp privacy and security guarantees. A thread:

— Will Cathcart (@wcathcart) July 11, 2022

In fact, these apps are designed to steal data from victims’ phones. Cathcart said the company is working with Google Play to identify such fake messengers.

ForkLog also covers:

• Hackers drained about $1.5 million from the Omni protocol.
• Attackers attacked Uniswap liquidity providers through a fake airdrop.
• Yam Finance fended off an attack worth $3.1 million.
• In the second quarter, crypto projects lost more than $670 million due to hacks, according to Immunefi.

What to read this weekend?

We explain why Telegram is not the best service from a privacy standpoint, and what alternatives exist.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.