{"id":11906,"date":"2024-03-23T07:00:00","date_gmt":"2024-03-23T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-developments-telegram-censorship-darknet-bitcoin-seizure-and-more\/"},"modified":"2024-03-23T07:00:00","modified_gmt":"2024-03-23T05:00:00","slug":"cybersecurity-developments-telegram-censorship-darknet-bitcoin-seizure-and-more","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-developments-telegram-censorship-darknet-bitcoin-seizure-and-more\/","title":{"rendered":"Cybersecurity Developments: Telegram Censorship, Darknet Bitcoin Seizure, and More"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>\u20ac94,000 in cryptocurrencies seized from the darknet marketplace Nemesis Market.<\/li>\n<li>A flaw in Apple&#8217;s chip threatens the security of encrypted data.<\/li>\n<li>A vulnerability has been revealed that allows hotel and private home doors to be unlocked.<\/li>\n<li>Plans to censor Telegram have been announced in Ukraine and Russia.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>\u20ac94,000 in Cryptocurrencies Seized from Nemesis Market<\/strong><\/h2>\n<p>On March 20, the <span data-descr=\"Federal Criminal Police Office of Germany\" class=\"old_tooltip\">BKA<\/span> <a href=\"https:\/\/www.bka.de\/DE\/Presse\/Listenseite_Pressemitteilungen\/2024\/Presse2024\/240321_PM_Nemesis_Market.html?nn=27906\">seized<\/a> the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania, disrupting its operations. The police confiscated digital assets worth \u20ac94,000.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/lrNTR8lOXPw7bx-vgQdcG6IPcx6nnD_J1IT5645AvKX6NRDp7yaY2PDYONGr5zXOZyxDakrgwCMAyEXv3NKk3d141Tw71rofz4cXQBlnM4W-FgsYzZH9bdKdg20WSsS2rc4LOfdpUVi3fqHl9bkYjSo\" alt=\"Cybersecurity Developments: Telegram Censorship, Darknet Bitcoin Seizure, and More\"\/><figcaption class=\"wp-element-caption\">Source: BKA.<\/figcaption><\/figure>\n<p>Founded in 2021, the platform traded in drugs, stolen data, credit cards, and cybercriminal services, including ransomware, phishing, and <span data-descr=\"distributed denial of service\" class=\"old_tooltip\">DDoS<\/span>. Payments were accepted in Bitcoin and Monero.<\/p>\n<p>At its peak, Nemesis Market had over 150,000 user accounts and 1,100 vendor accounts worldwide, with about 20% located in Germany.<\/p>\n<p>The investigation into the darknet marketplace began in October 2022.<\/p>\n<p>The BKA did not specify whether the server administrators or platform operators were identified or arrested. However, the seized data will aid law enforcement in identifying them.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Apple Chip Flaw Threatens Encrypted Data Security<\/strong><\/h2>\n<p>A group of American scientists discovered an &#8220;unpatchable&#8221; <a href=\"https:\/\/gofetch.fail\/files\/gofetch.pdf\">vulnerability in Apple&#8217;s M series chips<\/a> that allows hackers to access secret keys and encrypted data on Mac computers.<\/p>\n<p>They named the flaw GoFetch, identifying it as a side-channel exploit when Apple&#8217;s chips execute widely used cryptographic protocols.<\/p>\n<p>According to the scientists, the issue lies at the microarchitecture design level, making it &#8220;unfixable.&#8221; Using third-party cryptographic software can significantly reduce the performance of Apple&#8217;s M series chips.<\/p>\n<p>The exploit works seamlessly in the user environment and requires only standard privileges similar to regular applications.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Vulnerability Allows Hotel and Home Doors to Be Unlocked<\/strong><\/h2>\n<p>Researchers from the US have publicly disclosed for the first time a technique to hack several models of locks with <span data-descr=\"Radio Frequency Identification\" class=\"old_tooltip\">RFID<\/span> keys from the Saflok brand, manufactured by Swiss company Dormakaba. This was reported by <a href=\"https:\/\/www.wired.com\/story\/saflok-hotel-lock-unsaflok-hack-technique\/\">Wired<\/a>.<\/p>\n<p>The group of vulnerabilities, named <a href=\"https:\/\/unsaflok.com\/\">Unsaflok<\/a>, allows the reading of an original key card to determine the necessary data to unlock the lock and forge a working master key consisting of two cards.<\/p>\n<p>Any RFID duplicator, including Proxmark3 or Flipper, and even an Android smartphone with NFC, can be used to create the forgery.<\/p>\n<p>When exploiting the vulnerability, the first card rewrites the lock&#8217;s data, and the second opens it.<\/p>\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Censored_Hotel_Hack_v4-1.mp4\"><\/video><figcaption class=\"wp-element-caption\">Source: Researcher Ian Carroll.<\/figcaption><\/figure>\n<p>Saflok systems are installed in 13,000 hotels and homes in 131 countries worldwide.<\/p>\n<p>Researchers first discovered the vulnerability in September 2022 during a closed hackathon in Las Vegas. They shared these findings with Dormakaba without public disclosure.<\/p>\n<p>Despite the supplier&#8217;s quick response and the start of a global device update, over 64% remain vulnerable.<\/p>\n<h2 class=\"wp-block-heading\"><strong>GitHub Introduces AI Tool for Fixing Code Vulnerabilities<\/strong><\/h2>\n<p>GitHub&#8217;s new AI-based feature allows for the automatic fixing of code vulnerabilities.<\/p>\n<p><a href=\"https:\/\/docs.github.com\/en\/code-security\/code-scanning\/managing-code-scanning-alerts\/about-autofix-for-codeql-code-scanning\">Code Scanning Autofix<\/a> operates on GitHub Copilot and CodeQL, capable of handling over 90% of alert types in JavaScript, Typescript, Java, and Python. It then provides potential fixes in the code with minimal or no editing.<\/p>\n<p>GitHub warns that the tool&#8217;s suggested edits may only partially address the security vulnerability or not preserve the intended functionality of the code. Developers are advised to thoroughly review them.<\/p>\n<p>In the coming months, GitHub will add support for C# and Go languages.<\/p>\n<p>Code Scanning Autofix is in public beta and is automatically enabled in all private repositories for GitHub Advanced Security clients.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Plans for Telegram Censorship Announced in Ukraine and Russia<\/strong><\/h2>\n<p>Ukrainian MP Mykola Kniazhytskyi has initiated a bill to regulate Telegram and other messengers.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.facebook.com\/plugins\/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fmykolakn%2Fposts%2Fpfbid03QnfpKEPNPVegyhrzU5M1eo8o3ECme3yCrbqo6DNJCQGHL13byjKGzFHM36Pgepnl&#038;show_text=true&#038;width=500\" width=\"500\" height=\"292\" style=\"border:none;overflow:hidden\" scrolling=\"no\" frameborder=\"0\" allowfullscreen=\"true\" allow=\"autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share\"><\/iframe><\/p>\n<p>His proposals include:<\/p>\n<ul class=\"wp-block-list\">\n<li>A ban on distributing illegal materials, including justifying Russian aggression;<\/li>\n<li>A requirement to disclose the ownership structure and funding sources of Telegram channels upon request;<\/li>\n<li>If this information is not disclosed, a ban on using the messenger by government bodies and financial institutions processing Ukrainian data.<\/li>\n<\/ul>\n<p>Kniazhytskyi is currently gathering signatures for his initiative.<\/p>\n<p>Meanwhile, the Russian <span data-descr=\"Regional Public Center for Internet Technologies\" class=\"old_tooltip\">ROCIT<\/span> <a href=\"https:\/\/t.me\/webstrangler\/3263\">sent<\/a> an appeal to Pavel Durov about the need for Telegram to combat fake news.<\/p>\n<p>To achieve this, they request:<\/p>\n<ul class=\"wp-block-list\">\n<li>Adding a &#8220;Disinformation&#8221; category to the complaint mechanism for Telegram channel content;<\/li>\n<li>Requiring support services to prioritize these messages and implement measures against systematic violators;<\/li>\n<li>Introducing a &#8220;Fake News&#8221; label that will be forcibly displayed next to the channel name, and a ban on forwarding content published in it.<\/li>\n<\/ul>\n<p>The organization also reminded Durov of the need to comply with the so-called &#8220;landing law,&#8221; threatening &#8220;enforcement measures&#8221; that could &#8220;inconvenience Russian Telegram users.&#8221;<\/p>\n<h2 class=\"wp-block-heading\"><strong>Ukrainian Police Arrest Hackers of Over 100 Million Emails and Instagram Accounts<\/strong><\/h2>\n<p>Police in the Kharkiv region <a href=\"https:\/\/cyberpolice.gov.ua\/news\/pryvlasnyuvaly-oblikovi-zapysy-korystuvachiv-internetu--kiberpoliczejski-xarkivshhyny-vykryly-chleniv-zlochynnogo-ugrupovannya-3502\/\">halted the activities<\/a> of three hackers who sold access to accounts they compromised. Over a year, they used <span data-descr=\"brute force hacking\" class=\"old_tooltip\">brute force<\/span> to hack more than 100 million emails and Instagram profiles. These accounts were later used for fraud.<\/p>\n<p>The cybercriminals operated from different cities, receiving instructions from their leader.<\/p>\n<p>During searches, 70 computers, 14 phones, bank cards, and cash were seized.<\/p>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/qX1fh1raB8k?si=KUMO-kDg5es4Q383\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>The suspects are charged with unauthorized interference in information systems. They face up to 15 years in prison.<\/p>\n<p>Additionally, the police will investigate whether the hackers used the stolen accounts in the interests of Russia.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Kyrgyzstan&#8217;s Four Dragons Bitcoin exchange shared details of a hack.<\/li>\n<li>A vulnerability in the IFTTT auto-posting service led to the hacking of crypto influencers on X.<\/li>\n<li>A white hat hacker exploited the Telegram game Super Sushi Samurai for $4.6 million.<\/li>\n<li>AirDAO reported a $1 million platform hack.<\/li>\n<li>UN: Half of North Korea&#8217;s foreign currency income comes from cyberattacks.<\/li>\n<li>Media: Ethereum Foundation received a confidential request from an unnamed government agency.<\/li>\n<li>X accounts of Trezor and TON blockchain were hacked to promote scams.<\/li>\n<li>Tornado Cash developer accused of laundering $1.2 billion.<\/li>\n<li>Bloomberg: Binance urged prime brokers to tighten client checks.<\/li>\n<li>Nigeria requested Binance data on all users from the country.<\/li>\n<li>The &#8220;Red Admin&#8221; of WEX case verdict is now final.<\/li>\n<li>Milady founder reported a hack of NFT wallets.<\/li>\n<li>The creator of meme coin Slerf accidentally burned all airdrop and LP tokens.<\/li>\n<li>Russia to create a platform for confiscated cryptocurrencies.<\/li>\n<li>DeFi protocol Mozaic Finance lost $2 million in a hack.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>Participants of the Privacy Day 2024 conference shared with ForkLog how the European regulation will impact the artificial intelligence industry as a whole.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. \u20ac94,000 in cryptocurrencies seized from the darknet marketplace Nemesis Market. A flaw in Apple&#8217;s chip threatens the security of encrypted data. A vulnerability has been revealed that allows hotel and private home doors to be unlocked. Plans to censor Telegram have been announced in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11905,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-11906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"30","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/11906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=11906"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/11906\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/11905"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=11906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=11906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=11906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}