We have collected the most important news from the world of cybersecurity for the week.
RCN has confirmed the blocking of the Signal messenger in the Russian Federation.Bitcoin extortionist BlackSuit demanded more than $500 million from victims.The vulnerability has been able to bypass the protection of Chrome, Firefox and Safari for 18 years.RCN has confirmed the blocking of the Signal messenger in the Russian Federation
Access to the Signal messenger in the territory of the Russian Federation is limited by the decision of Roskomnadzor. This is reported by Interfax.
The agency cited as the reason \"violation of the requirements of legislation to prevent the use of the messenger for terrorist and extremist purposes\".
Russian users have been complaining about service failures since August 8.
The creators of Signal confirmed the blocking in a number of countries and promised to do "everything possible" to maintain and restore access to the messenger.
In the USA, the alleged administrators of the WWH Club darknet forum were arrested
Pavel Kublitsky, a Russian, and Alexander Khodyrev, a citizen of Kazakhstan, were arrested in Florida on charges of conducting cybercrime activities through the WWH Club darknet marketplace. This is reported by Court Watch.
According to investigators, both defendants were administrators of the platform for hiring hackers, selling stolen bank cards, illegally obtained information and training courses on cyber fraud. The number of forum users exceeded 170,000 people.
The FBI has gained access to the admin panel and the site's database.
The agency found more than a hundred bitcoin addresses associated with the defendants, which from July 2015 to June 2024 received almost 4,000 transactions totaling ~152 BTC (the equivalent of $961,000, taking into account the duration of the evaluation period).
In December 2022, Kublitsky and Khodyrev requested asylum in the United States. They lived in South Florida and were not employed. At the same time, Kublitsky owned a luxury condominium in Sunny Isles Beach, and Khodyrev purchased a 2023 Chevrolet Corvette worth $110,000.
One of the Russian's e-mails allowed him to be linked to the Omsk branch of the MMM-2011 financial pyramid, of which he was the head.
The accomplices are charged with trading and storing unauthorized access devices. Their criminal cases are classified as "secret".
Bitcoin BlackSuit extortionist demanded more than $500 million from victims
Experts from CISA and the FBI provided fresh details about the activities of the operators of the BlackSuit encryption virus, who extorted a total of over $500 million in bitcoins from victims.
We published an advisory with the @FBI on Royal ransomware actors (rebranded as #BlackSuit) with #IOCs and #TTPs from FBI investigations and third-party reporting. Read the advisory for mitigations: https://t.co/xLhqbONfNp pic.twitter.com/0GsrUrEeVO
— Cybersecurity and Infrastructure Security Agency (@CISAgov) August 7, 2024As a direct successor to the Conti cybercrime syndicate, the group began operations in January 2022 under the name Quantum, distributing the cryptographer of the same name. Later, the virus was renamed Royal, and then BlackSuit. It existed under this brand from September 2022 to June 2023.
The size of the buyout usually ranged from $1 million to $10 million. The largest individual request was $60 million.
Vulnerability of 18 years allowed to bypass the protection of Chrome, Firefox and Safari
Oligo Security researchers have discovered a vulnerability in the largest browsers that was found 18 years ago, in 2006, and has not been fixed until now. It allows malicious sites to bypass protection in Chrome, Firefox and Safari by hacking local networks.
🚨NEW 0-DAY VULNERABILITY
Oligo's research team has discovered a new #0day vulnerability in #Chrome, #Firefox, and #Safari.
This flaw exposes internal networks and private services on localhost to external attackers in public domains. @Forbes coverage:https://t.co/PmzwkQ5ehb
The bug, called 0.0.0.0 day, allows the use of the same IP address by default instead of the local host 127.0.0.1. Thus, hackers can send remote requests to internal networks. This is fraught with the execution of arbitrary code and access to confidential information.
The vulnerability affects only devices running Linux and macOS. Windows computers are safe because Microsoft blocks incoming third-party connections at the operating system level.
Browser developers have recognized the problem and are working to fix it.
At DEF CON, they told the story of identifying the LockBit administrator
John DiMaggio, a researcher at the information security firm Analyst1, participated in the identification of the administrator of the LockBit ransomware program, known by the nicknames LockBitSupp and putinkrab. During the DEF CON conference, he shared the story of infiltration into the gang and told about a tip that helped identify the hacker, 31—year-old Voronezh native Dmitry Khoroshev. A condensed version of the story was published by <url>.
To get to know LockBitSupp, DiMaggio pretended to be a novice cybercriminal who wanted to join the gang. With the help of fake accounts, he communicated with the hacker's inner circle, creating a person with a background and connections on the darknet.
For months, he gained Khoroshev's trust and became his friend, finding out details of ongoing cyber attacks along the way. They discussed how to negotiate with victims and how to set the right amount of ransom.
An anonymous tip helped to find out LockBitSupp's real name — DiMaggio received his Yandex mail address.
"This was my first doxing experience. [After the FBI announced] his name, I published everything else: his place of residence, current and previous phone numbers," the specialist said.
As a farewell, DiMaggio wrote Khoroshev a message explaining that he had to reveal his identity before others did.:
"LockBitSupp, you're a smart guy. You said that money is no longer the main thing, and you want to have a million victims before you stop, but sometimes you need to know when to leave. The time has come, my old friend."
After that, Khoroshev did not write to him anymore.
A detailed story with all the documentation is available on DiMaggio's blog.
Also on ForkLog:
OKX denied the targeted blocking of clients from the CIS. At the same time, experts believe that the Russian Federation is a high-risk area for the exchange.The Nomad protocol hacker transferred 14,500 ETH to Tornado Cash.Illegal turnover of cryptocurrencies worth $75.4 million has been stopped in Kazakhstan.Unknown persons withdrew over $11 million from Ronin's sidechain. The funds were later returned.What should I read on the weekend?
In a special article, we tell the personal stories of clients of the collapsed Mt.Gox exchange and about their problems with refunds.
https://forklog.com/exclusive/chto-proishodit-so-sredstvami-mt-gox-rasskazyvayut-polzovateli-reddit