We have gathered the week’s most important cybersecurity news.
- Rutube was hacked; the platform was offline for several days. The attack was claimed by the hacker group Anonymous.
- CoinGecko and Etherscan warned about a phishing attack.
- Data of 21 million VPN users was distributed for free in Telegram channels.
Rutube hacked and offline for several days
On 9 May, Russia’s video hosting Rutube suffered a major cyberattack and could not restore operation for several days.
The attack was claimed by the hacker group Anonymous. They said that more than 75% of the main version’s databases and infrastructure had been damaged and 90% of backups and clusters used to restore the databases.
The Village, citing a source close to the Rutube team, reported that during the attack the site’s code had been \”completely deleted\” and that the video service would \”not be recoverable\”. However, Rutube refuted this information.
On the day of the breach, screenshots from the service’s internal system listing channels surfaced in the network, as well as a letter allegedly sent by Rutube’s director Alexey Nazarov to the FSB complaining about irregularities in the procurement of a cybersecurity system from the company Group IB.
The latter refuted the information that the company’s products ‘were or had ever been used to protect against cyberattacks on the Rutube’s office or server infrastructure or separate applications of the video hosting service Rutube’.
On May 11, the Rutube team stated that the platform’s operation had been restored.
CoinGecko and Etherscan warn of phishing attack
CoinGecko and Etherscan warned about a phishing attack targeting their users. In the attack, attackers attempt to gain access to victims’ funds by asking them to connect their MetaMask wallets.
Users are being asked to connect their wallets to a dubious site, nftapes.win.
CoinGecko and Etherscan emphasised that this must not be done under any circumstances.
Later, it emerged that the phishing attack was carried out using a malicious HTML5 banner ad script served by Coinzilla, a popular crypto ad network.
Data of 21 million VPN service users exposed publicly
A 10 GB database from several VPN services, including GeckoVPN, SuperVPN and ChatVPN, circulated in Telegram channels. VPNMentor reports.
The database includes 21 million records with email addresses, names, payment details and other user information. Last year the data was sold on the dark web; now it is being distributed for free.
The fraudulent ‘Sberbank Online Site’ app becomes one of the most downloaded free apps in the Russian App Store
The ‘Sberbank Online Site’ service appeared among the ten most downloaded free apps in the App Store in Russia. However, Sberbank warned that it is not official and was launched by scammers, RBC reports.
Due to sanctions, the ‘Sberbank Online’ app became unavailable for download in the App Store, and later disappeared from Google Play.
Russian Android users report issues updating Google Chrome
Android users in Russia reported being unable to update Google Chrome via Google Play.
Earlier, Google Play announced blocking of paid app downloads and updates from May 5.
Also on ForkLog:
- The U.S. State Department offered $15 million for information on operators of the Conti ransomware.
- Chainalysis estimated that 97% of cryptocurrency stolen in 2022 was attributable to DeFi protocols.
What to read this weekend?
An expert explains how to preserve privacy in messaging and why Telegram won’t help in that regard.
Follow ForkLog’s Bitcoin news in our Telegram — crypto news, prices and analysis.