Reading time: ~2 m
We’ve compiled the most important news from the world of cybersecurity for the week.
- Rutube was hacked, the platform was down for days. Anonymous hackers claimed responsibility for the attack.
- CoinGecko and Etherscan reported the phishing attack.
- Data from 21 million users of VPN services was distributed for free in Telegram feeds.
Rutube attacked by hackers and went offline for days
On May 9, the Russian video hosting site Rutube was subjected to a large-scale hacker attack and was unable to restore its work for several days.
Anonymous hackers claimed responsibility for the attack. They claimed to have corrupted more than 75% of the databases and infrastructure of the main version and 90% of the backups and clusters to restore the databases.
JUST IN: #Anonymous hacked Russia’s video platform ‘RuTube’
Nearly 75% of the databases and infrastructure of the main version and 90% of the backup and cluster to restore the databases have been severely affected, that means #RuTube is probably GONE FOREVER. #OpRussia pic.twitter.com/0NFzWGmP9u
– Anonymous TV 🇺🇦 (@YourAnonTV) May 10, 2022
The Village, citing a source close to the Rutube team, reported that the attack “completely deleted the site code” and the video service “cannot be restored.” However, Rutube denied this information.
On the day of the hack, screenshots from the service’s internal system with a list of channels appeared online, as well as a letter allegedly sent by Rutube director Alexei Nazarov to the FSB complaining about machinations in the purchase of the cyber protection system from Group IB.
The latter denied that the company’s products “are or have ever been used to protect office or server infrastructures or individual applications of the Rutube video hoster from cyberattacks.”
On May 11, the service team announced that the platform had been restored.
CoinGecko and Etherscan warned of a phishing attack
CoinGecko and Etherscan have reported a phishing attack on their users. Hackers are attempting to gain access to victims’ funds by requesting to connect their MetaMask wallets.
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU
– CoinGecko (@coingecko) May 13, 2022
Users are encouraged to connect their wallets to a certain site called nftapes.win.
CoinGecko and Etherscan stressed that this should not be done under any circumstances.
It was later revealed that the phishing attack was carried out using a malicious script from the Coinzilla ad network.
1/ The situation earlier was caused by a malicious html5 banner ad script (https://t.co/iInKK5MMXK) served by @adsbycoinzilla, a popular crypto ad network which is used by a lot of crypto sites
– Etherscan (@etherscan) May 14, 2022
Data from 21 million VPN users in the public domain
A 10GB database from several VPN services, including GeckoVPN, SuperVPN and ChatVPN, has circulated in Telegram feeds. VPNMentor writes about it.
The database includes 21 million records with e-mail addresses, names, payment details and other user information. Last year the data was sold on the darknet, but now it is distributed for free.
Sberbank’s fraudulent app has become one of the most downloaded in the Russian segment of the App Store
The service “Sberbank online site” was in the top ten most downloaded free applications in the App Store in the Russian Federation. However, Sberbank warned that it is not official, and launched by fraudsters, reports RBC.
Recall, due to sanctions, the app “Sberbank Online” became unavailable for download in the App Store, and later disappeared from Google Play.
Russian Android users complained about problems with the Google Chrome update
Android users from the Russian Federation reported the inability to update their Google Chrome browser via Google Play.
Earlier, Google Play said it had blocked downloads of paid apps and updates to them since May 5.
Also on ForkLog:
- The U.S. State Department has offered $15 million for data on the operators of the Conti ransomware virus.
- Chailusis estimated that 97% of cryptocurrencies stolen in 2022 were accounted for by DeFi-protocols.
What to read this weekend?
How to keep your correspondence private and why Telegram won’t help, says an expert.
How to protect the secrecy of correspondence: Top 5 private messengers
#Hacking #Rutube #phishing #CoinGecko #Etherscan #cybersecurity #events