IObit forums hacked in widespread DeroHE ransomware attack

Bleeping Computer

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.

IObit is a software developer known for Windows system optimization and anti-malware programs, such as Advanced SystemCare.

Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member.

Full article

OpenWRT Forum user data stolen in weekend data breach

Bleeping Computer

The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.

Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.

Good password not enough

The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information.

The intruder used the account of an OpenWRT administrator. The intruder used the account of an OpenWRT administrator. Although the account had “a good password,” additional security provided by two-factor authentication (2FA) was not active.

Email addresses and handles of the forum users have been stolen, the moderators say. They add that they believe the attacker was not able to download the forum database, meaning that passwords should be safe..

However, they reset all the passwords on the forum just to be on the safe side and invalidated all the API keys used for project development processes.

Users have to set the new password manually from the login menu by providing their user name and following the “get a new password” instructions. Those logging in using GitHub credentials are advised to reset or refresh it.

Full article

Privacy-focused search engine DuckDuckGo grew by 62% in 2020

Bleeping Computer

The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January.

DuckDuckGo is a search engine that builds its search index using its DuckDuckBot crawler, indexing WikiPedia, and through partners like Bing. The search engine does not use any data from Google.

What makes DuckDuckGo stand out is that they do not track your searches to build a user profile or share any personal or identifying data with third-party companies, including ad networks.

Each time you search on DuckDuckGo, you have a blank search history, as if you’ve never been there before,” DuckDuckGo explains in their privacy blog.

Full article

Signal down after getting flooded with new users

Bleeping Computer

Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message “502”.

According to DownDetector and user reports, Signal is currently experiencing an outage in the U.S, Europe, and other parts of the world. The problem was first reported at 10:09 AM EST.

For now, Signal users will have to wait until the company has resolved the issue.

Full article

Hackers leaked altered Pfizer data to sabotage trust in vaccines

Bleeping Computer

The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public’s trust in COVID-19 vaccines.

EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU.

The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet, the agency disclosed today.

This included internal/confidential email correspondence dating from November, relating to evaluation processes for COVID-19 vaccines.

Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.

EMA revealed that the COVID-19 vaccine data stolen in December was leaked online in a previous update, on Tuesday.

Full article

Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

Bleeping Computer

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.

There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twitter.

Over the past week, security researcher MalwareHunterTeam has seen an uptick in verified Twitter accounts hacked in a scam promoting another fake Elon Musk cryptocurrency giveaway.

Full article

Facebook sues makers of malicious Chrome extensions for scraping data

Bleeping Computer

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.

The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.

They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information, Jessica Romero, Director of Platform Enforcement and Litigation, said.

Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.

The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.

Full article

NSA advises companies to avoid third party DNS resolvers

Bleeping Computer

he US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors’ DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.

NSA’s recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environments, an encrypted domain name system (DNS) protocol that blocks unauthorized access to the DNS traffic between clients and DNS resolvers.

NSA recommends that an enterprise network’s DNS traffic, encrypted or not, be sent only to the designated enterprise DNS resolver, the US intelligence agency said.

Full article

Signal fixes verification delays caused by WhatsApp mass exodus

Bleeping Computer

Signal’s encrypted messaging service has recovered from delays affecting its new user verification process after a mass exodus of WhatsApp users to their platform.

When setting up Signal for the first time, users must verify their mobile number using verification codes sent by the encrypted messaging provider.

Due to a surge in users switching to Signal, the verification service had become overwhelmed, causing significant delays across various mobile providers.

The verification issues have now been fixed after Signal worked with mobile carriers to allow the verification codes to be delivered rapidly.

These issues were caused by increased promotion and the recent decision to force WhatsApp users to share their user data with Facebook or stop using it altogether.

Faced with this ultimatum, WhatsApp users began switching to other encrypted messaging platforms like Signal and Telegram.

It also didn’t hurt that Elon Musk recommended Signal to his 41.6 million followers in a recent tweet.

Full article