We have gathered the most important cybersecurity news from the past week.
- Russian authorities have stepped up pressure on social networks.
- A zero-day vulnerability in Google Chrome has been fixed.
- Ransomware victims are paying the ransom less often.
Zero-day vulnerability fixed in Google Chrome
In the new version Google Chrome 88.0.4324.150 for Windows, Mac and Linux, the zero-day vulnerability has been fixed. It has already been exploited by cybercriminals, but the company did not provide further details.
Some researchers believe that North Korean hackers attacked cybersecurity researchers with this bug.
Malware targeting supercomputers discovered
ESET researchers have discovered malware targeting supercomputers. Among its victims are a large Asian Internet provider and an American security solutions provider, whose names are not disclosed.
#ESETresearch published details about unique malware we’ve named Kobalos targeting multiple operating systems including Linux, FreeBSD and Solaris, and perhaps even AIX and Windows. #KobalosMalware @marc_etienne_ @ulexec 1/6 https://t.co/WLeXCVn9CL pic.twitter.com/d9SlEPiIgQ
— ESET research (@ESETresearch) February 2, 2021
Thanks to the malware named Kobalos, attackers gain remote access to file systems, can launch terminal sessions, and act as connection points to other infected servers.
ESET said that the operators’ true intentions with Kobalos are not entirely clear. No other malware, aside from the credential-stealing, was detected.
Facebook to request user consent for data collection for advertising and explain its purpose
Facebook will separately request permission to collect data for personalised advertising.
Users will be notified how the data is used for advertising, and explanations as to why providing it is important.
This step is a response to Apple’s App Tracking Transparency feature. It will allow blocking apps from tracking user activity if they do not want to grant access to this data.
Pressure on social networks in Russia intensifies
From February 1, Russia’s law requires social networks to independently identify and block illegal content. This includes disclosures of state secrets, calls for terrorism or its justification, advertising for online alcohol sales and internet casinos, materials containing obscene language, and other items.
ForkLog experts note that social networks have long had a ‘self-censorship’ mechanism in place.
Additionally, the Federation Council’s Commission on Information Policy and Interaction with the Media proposed to impose fines or block social networks for their use ‘to mobilize citizens for unlawful actions’.
Report: In Q4 2020, the average ransom paid to ransomware operators fell by 34%
Companies have started paying ransoms to ransomware operators less often, causing the average ransom to fall significantly, according to the Coveware report. In Q4 2020 it stood at $154,108, down from $233,817 in Q3.
In the same period, the share of ransomware attacks tied to the threat of data exfiltration increased from 50% in Q3 to 70% in Q4.
FonixCrypter ransomware operators publish decryptor tool
The FonixCrypter ransomware group announced it was ceasing operations.
End of FonixCrypter Project :#Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_service pic.twitter.com/wQdmp61juX
— fnx (@fnx67482837) January 29, 2021
Hackers published a decryptor tool for victims of the malware. Researchers confirmed that the decryptor works.
«The project started only due to the poor economic situation. But this work was not what my heart would like to do»,— one of the project admins wrote on Twitter.
Ministry of Internal Affairs seeks access to users’ smartphone contacts
The Russian MFA plans to implement in its mobile app an ‘Anti‑Fraud’ feature that will allow recognizing calls from fraudulent numbers. However, for its operation it will require access to the address book, writes Kommersant, citing tender documentation.
The agency is prepared to spend 63 million rubles on implementing the new feature.
StormShield cybersecurity company had part of its source code stolen
French cybersecurity services provider StormShield reported a breach. The attacker gained access and could have stolen personal and technical details about some clients. They also stole part of the source code of Stormshield Network Security firewall.
StormShield noted there is no evidence of compromise of products or changes to the source code yet.
Also on ForkLog:
- The Ministry of Digital Development proposed to remove geolocation from communications secrecy. Experts said this will grant law enforcement unlimited access to Russians’ movements.
- US Navy personnel sold the personal data of 9,000 people for bitcoins.
- Experts spoke of increased attacks on Russian government resources for mining.
- The hacker moved $2.8 million from the DeFi project pool of yEarn.Finance.
- Dmitry Medvedev suggested disconnecting Russia from the global Internet.
- Hackers prepared a major attack on Kubernetes clusters for covert mining of Monero.
- Natalia Kasperskaya warned that if the collection of personal data is not stopped, digital ‘Fukushimas’ await us.
What to read this weekend?
Palantir, the American software maker, is often described in the media as “the company that knows everything about you.” Read ForkLog’s in‑depth piece to learn how Palantir earned this reputation, what services it provides to intelligence agencies, and how its algorithms are used by American law enforcement.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news and polls.