We have collected the most important news from the world of cybersecurity for the week.
Dropbox has confirmed the compromise of user data and part of the secret keys.The REvil participant received almost 14 years in prison and a fine of more than $16 million.The UK has introduced a ban on weak passwords by default.monobank has become the target of powerful DDoS attacks.Dropbox has confirmed the compromise of user data and part of the secret keys
The Dropbox cloud service announced the hacking of the production systems of the Dropbox Sign eSignature platform, as a result of which attackers gained access to the customer database. The incident occurred on April 24.
Email, user names, and general account settings have been compromised. In some cases, phone numbers, hashed passwords, and some authentication data, including API keys, OAuth tokens, and MFA, were disclosed.
An internal investigation found no evidence of unauthorized access to customer documents or agreements, as well as to other Dropbox services.
The company forcibly reset the passwords of all users, terminated their Dropbox Sign sessions, and restricted the use of API keys until they were replaced by the client. Safety recommendations have been issued for those affected.
The REvil participant received almost 14 years in prison and a fine of more than $16 million
A court in the United States found 24-year-old Ukrainian citizen Yaroslav Vasinsky guilty of carrying out more than 2,500 attacks using Sodinokibi/REvil ransomware programs that caused $700 million in damage.
In case of non-receipt of the ransom, Vasinsky, known by the nickname Rabotnik, and his accomplices disclosed the data of their victims. Authorities report that cybercriminals used cryptocurrency exchangers and mixers to hide illegal income.
Yaroslav Vasinsky. Data: VK.Vasinski was arrested in Poland in November 2021 and included in the US sanctions list. 39.8 BTC ($6.1 million at that time) was confiscated from him. The hacker subsequently pleaded guilty to 11 charges.
He was sentenced to 13 years and seven months in prison. He is also obliged to pay more than $16 million in compensation.
In turn, in Finland, 26-year-old Julius Aleksanteri Kivimaki received six years in prison, who broke into the private Vastaamo psychotherapy center in Helsinki back in 2018.
Julius Aleksanteri Kivimyaki (right). Data: Lehtikuva.According to local media, the hacker stole sensitive data from about 33,000 patients. He was found guilty of 9,200 cases of spreading information about private life, 22,000 attempts at blackmail and 20 episodes of extortion.
Additionally, Kivimaki will face more than 5,000 claims for damages.
The UK has introduced a ban on weak passwords by default
On April 29, the PSTI Act came into force in the UK, which tightens security measures for consumer smart devices, including mobile phones, tablets, entertainment gadgets, home surveillance systems and household appliances.
One of the main requirements is that the equipment should not be supplied with factory passwords, which can be easily picked up.
The law also requires manufacturers to provide a contact for reporting security issues and to inform about the minimum time for updating the device.
Companies that violate the law face monetary fines of up to 10 million pounds ($12.5 million) or 4% of their total annual income, whichever is greater.
Europol has closed 12 fraudulent call centers
As a result of Operation Pandora, German law enforcement officers, with the support of hundreds of colleagues from other countries, stopped the work of 12 call centers engaged in telephone fraud in Albania, Bosnia and Herzegovina, Kosovo and Lebanon.
The dialogue scenarios ranged from love and investment scams to simulated calls from the police.
Data: Europol.During numerous raids, police identified 39 suspects and arrested 21 people.
Evidence was confiscated, including data carriers, documents, cash and other assets worth approximately €1 million.
monobank has become the target of powerful DDoS attacks
On May 1 and 2, the Ukrainian monobank was subjected to powerful DDoS attacks. This was announced by the bank's co-founder Oleg Gorokhovsky.
"They are stubborn, you can't say anything. I really want to dump monobank. But it's difficult. Better shut down some online casino," he wrote.
Customers have fixed problems when working with a mobile application that either did not load at all, or hung up at the time of making a payment.
The monobank support service urged users not to make payments during the period of elimination of the technical failure.
Telegram, YouTube and Twitch ignored RCN's requests to delete information
Telegram messenger has not deleted over 120,000 illegal materials after the demands of Roskomnadzor. This is reported by TASS with reference to the press service of the department.
Similar requests from the RCN have so far been ignored by YouTube — 60,700 materials and the Twitch platform — 505.
According to the legislation of the Russian Federation, the owner of a hosting or Internet resource must delete illegal content within 24 hours of receiving Roskomnadzor's request. The penalty for non—fulfillment is up to 20% of annual revenue.
Also on ForkLog:
The trader lost $68 million due to address substitution fraud.Fintech companies in Nigeria have started blocking customers because of cryptocurrencies.Tether and Chainalysis will develop a solution for monitoring the secondary market.A suspect in the ZKasino fraud has been arrested in the Netherlands.The Wasabi Wallet developer will disable the CoinJoin anonymization service.Elliptic has taught AI to detect money laundering through bitcoin.Media: Square and Jack Dorsey's Cash App are being checked due to suspicious cryptotransactions.The alleged kidnapper of STRK airdrops has been detained in China.As a result of two attacks, Pike Finance lost almost $2 million.Beribit customers have reported fraud on the part of the bitcoin exchange.CertiK reported record low losses of the crypto market in April.Report: how Lazarus Group laundered $200 million from 25 attacks on the crypto market.The Shiba Inu community has been warned about scams and fake tokens.Lazarus Group created a fake investor to attack the DeFi segment.The Optimism team has fixed two critical vulnerabilities in the testnet.What should I read on the weekend?
In the educational section \"Cryptorium\" we tell you how different blockchain protocols solve the problem of the Byzantine generals.
https://forklog.com/cryptorium/kak-raznye-protokoly-reshayut-zadachu-vizantijskih-generalov