ZDNet

Hackers are scanning for MySQL servers to deploy GandCrab ransomware

ZDNet

At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware.

These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers running on Windows systems to infect them with ransomware.

Full article

Miscellanious

Tor Browser is Stable on Android

Since the Tor Project released the first alpha version of Tor Browser for Android in September, they’ve been hard at work making sure they can provide the protections users already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users with a mobile Tor Browser release. The stable version of Tor Browser for Android is now available for download from Google Play and their website.

Miscellanious

Enigmail 2.0.11 released!

Are you using Enigmail? If so, it’s time to update to version 2.0.11!

This release addresses a security issue with inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text.

In addition, some defects and regressions were fixed.

Patrick Brunschwig

You find the ChangeLog here.

Miscellanious

HTTPS Everywhere 2019.5.6.1

HTTPS Everywhere version 2019.5.6.1 is out! Please see the change log what is new in this release.

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.

Upgrade now!

Miscellanious

Tor Browser 8.0.9

Changelog:
Tor Browser 8.0.9 — May 7 2019

  • All platforms
    • Update Torbutton to 2.0.13
      • Bug 30388: Make sure the updated intermediate certificate keeps working
    • Backport fixes for bug 1549010 and bug 1549061
      • Bug 30388: Make sure the updated intermediate certificate keeps working
    • Update NoScript to 10.6.1
      • Bug 29872: XSS popup with DuckDuckGo search on about:tor

For the most up-to-date information about this release, visit blog.torproject.org/new-release-tor-browser-809.

Our recommendation is that you upgrade now!

Miscellanious

Russia is the most cyber-attacked country according Kaspersky

https://cybermap.kaspersky.com/

Accoding cybermap.kaspersky.com Russia is the most cyber-attacked country in the world. Kaspersky’s sources are mentioned on their site.

Think twice!

As usual we highly recommend everyone to think twice before believing this information. Even if Kaspersky Lab is not controlled from the Kremlin, one can imagine that Kaspersky or its owner will gain benefits by acting in a special way. In other words it’s time to be sceptic as we don’t know why they claim Russia to be the most cyber-attacked country in the world.

Think twice because it’s about Russia?

No! Of course you should be equally sceptic about statements made by US companies. Or Chinese companies. You should also be sceptic even if Kaspersky was a Swiss or Norwegian company claiming that Switzerland or Norway was the #1 cyber-attacked country.

With above said, we can’t forget that eastern part of Ukraine is occupied by Russia, not by the governments in Bern or Oslo. If Kaspersky gain benefits for their statements we remind you that benefits are given by one LGBTQ hostile government!

Believe those you trust!

Another example about think twice is when Mr Edward Snowden’s endorsement of the Signal messaging app. Signal could be as good as Mr Snowden claims, but don’t forget how is his host.

Try to find multiple sources before you decide what you think is true!

BBC

Russia tightens grip on its national net

BBC

Russia has formally adopted a law that gives its government more control over its domestic internet.

The law means the systems that exchange data between the networks forming the Russian internet must share more information with government regulators.

It also lets regulators exert direct control over what Russians can post, see and talk about online when national security is threatened.

Russian net firms have until 1 November to comply with the law.

Widespread protests were mounted in a bid to stop the law being passed.

Full article

WIRED

A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree

WIRED

A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply chain hacking spree—and becoming more advanced and stealthy as they go.

Over the past three years, supply chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. They’re known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply chain attacks as their core tool. Their attacks all follow a similar pattern: Seed out infections to a massive collection of victims, then sort through them to find espionage targets.

Full article

BBC

Rape victims among those to be asked to hand phones to police

BBC

Victims of crimes, including those alleging rape, are to be asked to hand their phones over to police – or risk prosecutions not going ahead.

Consent forms asking for permission to access information including emails, messages and photographs have been rolled out in England and Wales.

It comes after a number of rape and serious sexual assault cases collapsed when crucial evidence emerged.

Victim Support said the move could stop victims coming forward.

Full article