We have gathered the week's most important cybersecurity news.
- The Russian Federation Council called for clear regulation of the internet space.
- Fraudsters are attacking Facebook users worldwide through a fake Facebook Messenger app.
- Signal disclosed vulnerabilities in Cellebrite’s tools. Cellebrite had previously claimed to have hacked Signal.
Fraudsters target Facebook users in 84 countries worldwide
Group-IB specialists warned of a large-scale attack on Facebook users in 84 countries worldwide, including Russia.
The attackers spread links to download a non-existent “update” to Facebook Messenger, allegedly containing new features.
“To lull users’ vigilance, scammers used names in the accounts from which the messages were distributed that sounded similar to the popular messenger: Messanger, Meseenger, Masssengar, and as the avatar they uploaded the official app icon,” said Group-IB.
Analysts identified 5,700 fraudulent advertising posts and about 1,000 fake profiles across the social network used in the scheme.
The attackers could access victims’ accounts, as well as their phone numbers and email addresses. Going forward, cybercriminals could use these data for extortion, spam campaigns, or sale on hacker forums.
The Federation Council calls for clear regulation of the internet
Russia needs clear regulation of the internet space for the safety of the state and society, said the speaker of the Federation Council Valentina Matviyenko:
“The digital space often becomes a platform for unfair competition, unfriendly actions, and at times outright harmful ones.”
She stressed that this is a serious cause for concern.
“We must understand that there is no aim to close ourselves off from the world or to build an electronic wall. But at the same time we believe it is time to talk about clearer regulation of relations in the digital environment to ensure the security of the state, society and our citizens,” said Matviyenko.
“Cellebrite claimed to have hacked Signal. Now Signal hacks Cellebrite.”
In December, the Israeli company Cellebrite said it had found a way to hack the privacy-focused messenger Signal. However various developers and representatives of the messenger said that the described Cellebrite process “hack” is not revolutionary — to access Signal messages you need physical access to an unlocked device.
Now Signal strikes back— researchers studied Cellebrite’s tools. It turned out that to extract data from phones Cellebrite uses UFED and Physical Analyzer.
Our latest blog post explores vulnerabilities and possible Apple copyright violations in Cellebrite’s software:
«Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective»https://t.co/DKgGejPu62 pic.twitter.com/X3ghXrgdfo
— Signal (@signalapp) April 21, 2021
Signal found that these tools lack standard protections against exploits, and may infringe Apple’s copyrights — Physical Analyzer uses Apple’s iTunes libraries to analyze devices.
“It seems unlikely that Apple granted Cellebrite a license to distribute and include Apple’s DLL libraries, so this could be a legal risk for Cellebrite and its users,” the Signal blog says.
Google Chrome fixes yet another zero-day vulnerability
The Google team released a update for the Chrome browser on Windows, Mac and Linux, fixing a zero-day vulnerability that was actively exploited by hackers.
Earlier, Chrome also fixed a number of bugs.
In the United States, a Ukrainian citizen was sentenced to 10 years in prison for cyberattacks
An American court sentenced to ten years in prison one of the organizers of the hacking group FIN7, the Ukrainian citizen Fedor Gladary.
According to case materials, since 2015 FIN7 members hacked thousands of computer systems and stole data from millions of credit and debit cards.
“Only in the United States FIN7 successfully hacked systems of organizations in all 50 states and the District of Columbia, stealing data from more than 20 million cards,” the Justice Department said.
The total damage attributed to FIN7 is estimated at more than $3 billion.
Russia proposed to the United States to exchange guarantees on preventing cyber threats
The Russian Foreign Ministry proposed the United States exchange assurances of non-interference in each other’s internal affairs and to resume cooperation on preventing cyber threats.
“The essence of the Russian initiative is to adopt a package of practical measures to reboot bilateral relations in the field of information and communication technologies,” the Foreign Ministry said.
Among other things, the reboot proposal includes agreements on preventing incidents in the information space, as well as understandings not to strike first with information technologies.
Recall that the United States accuses Russia of attacks on U.S. government agencies, as well as interference in elections through social networks. White House national security adviser Jake Sullivan said that the United States would prepare a response to these cyberattacks. In his words, the response will include “visible and invisible tools.”
Also on ForkLog:
- REvil attackers attacked an Apple supplier and demanded $50 million ransom.
- Fraudsters created a clone of Bitmain's site to steal cryptocurrency from miners.
- Trello data from thousands of Russian companies was publicly exposed.
- DeFi project EasyFi lost $6 million due to a hacking attack.
- Unknown hacker put Domino’s India customer data up for sale for 10 BTC.
- The Russian Foreign Intelligence Service opened a presence on the darknet.
What to read this weekend?
The Federation Council calls for tighter regulation of the internet space, but in Russia this process has already begun. Since February amendments to the legislation regulating the distribution of information on social networks have come into force. They obligate owners of such networks to monitor user content.
Lawyers told ForkLog what these amendments are about and how they will reflect on business and the citizens of the Russian Federation.
Read ForkLog's Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.