YouTube slowdown in Russia, iOS update, and other cybersecurity events

We have gathered the week’s most important cybersecurity news.

Hackers breached Passwordstate password manager

Click Studios, the developer of Passwordstate, reported a breach of the service.

Hackers distributed to Passwordstate customers malware named Moserware via a compromised update. The incident occurred between 20 and 22 April.

As a result, attackers gained access to various information, including username, domain, details about running processes and other data.

They also began sending phishing emails to Passwordstate customers on behalf of Click Studios. In this regard, the company urged not to publish in social media emails from Click Studios:

«Hackers are actively monitoring social networks for information about the breach. It is important that clients do not post information that could be used by hackers. This happened with phishing emails that copy Click Studios’ content».

Apple released privacy-centric iOS update

Apple released iOS 14.5, which sparked much debate with Facebook.

One of the main changes was an updated privacy policy for collecting personal data by third-party apps — developers must now obtain user consent to collect their data for ad targeting.

Facebook opposed this. For more on the dispute, read ForkLog’s exclusive coverage:

In the Federation Council, a proposal to slow down YouTube

The head of the Federation Council committee on information policy and media relations, Alexey Pushkov proposed temporarily slowing YouTube traffic during the May holidays. The reason: the failure to remove prohibited content and censorship of Russian media.

«YouTube is going down the same path as Twitter», — he said.

Earlier, Roskomnadzor began slowing Twitter’s throughput in Russia over its refusal to remove content the agency deemed illegal.

Later, a Russian court fined the social network nearly 9 million rubles for “violating the procedure for restricting access to information that is subject to restriction under Russian law”. This week Roskomnadzor reminded Twitter of the need to remove prohibited information by 15 May.

The world’s most dangerous botnet Emotet self-destructed on infected devices

This week the Emotet botnet self-destructed on all infected devices. In an international operation, authorities dismantled Emotet back in January. As experts noted, the code introduced by the specialists should effectively reboot the botnet, and operators will have to start from scratch.

The takedown delay was due to the need to collect evidence.

In addition to devices, Emotet also compromised users’ mailboxes. Accordingly, the FBI and Dutch authorities shared with Have I Been Pwned more than 4.3 million email addresses compromised by Emotet.

Just blogged: Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU https://t.co/ZdUSUI9PYK

— Troy Hunt (@troyhunt) April 26, 2021

DigitalOcean reveals leak of customer billing data

Cloud infrastructure provider DigitalOcean reported a leak of customer billing data, TechCrunch reports.

Hackers gained access to data from April 9 to 22, 2021 through a vulnerability that, according to the developers, has been fixed.

According to DigitalOcean representatives, the leak affected only 1% of billing accounts.

Babuk ransomware ceases operations

Babuk ransomware operators said they have halted operations, BleepingComputer reports. They do not intend to return funds to victims or publish encryption keys.

Moreover, the hackers said they will do something akin to Open Source RaaS, where anyone can build their own product based on ours.

US hospitals shut down oncology equipment due to cyberattack

The Swedish provider of oncology and radiology equipment Elekta reported an attack on cloud-based software.

As a result, several American medical facilities had to temporarily disconnect radiotherapy equipment for cancer patients.

Institute for Security and Technology develops recommendations to combat ransomware

The Institute for Security and Technology (IST) has published a ransomware response framework.

Ransomware is a devastating cybercrime. The #RansomwareTaskForce report recommends a framework of 48 actions that together provide a comprehensive strategy to combat the ransomware epidemic. Learn more about this groundbreaking work. https://t.co/StfNTNrHJx

— Institute for Security and Technology (@IST_org) April 30, 2021

Authors of the report proposed conducting a “sustainable, aggressive, government-led, intelligence-driven campaign to combat ransomware, coordinated by the White House”.

In this regard, they also advocate stricter regulation of cryptocurrencies, as they “allow committing crimes using ransomware”.

Russia says it can track absolutely all US cyberattacks

Andrei Krutskikh, Russia’s special representative for international cooperation in information security, said that invisible US cyberattacks against Russia are technologically impossible.

«Russia’s technological capabilities allow us to see absolutely everything. It is naive to think that a great nuclear power would fail to see something. This is ridiculous», said Krutskikh.

Earlier, American media reported that authorities planned to carry out a series of cyberattacks on Russian systems in response to last year’s breach of several government agencies in the US, which is suspected to involve hackers from Russia.

Also on ForkLog:

• Hackers threatened to reveal informants for the US capital’s police.
• In the FSB explained the SolarWinds attack by a leak in the darknet.
• Microsoft and Intel have improved the search for hidden miners.
• The Uranium Finance project lost $50 million in Ethereum due to a vulnerability.
• The Hotbit exchange reported a possible leak of user data.

What to read this weekend?

We discuss the SolarWinds software provider attack, which sparked direct accusations of Russia in cyberattacks and threats by the US to respond.

Read ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analytics.