{"id":49261,"date":"2021-09-11T07:00:00","date_gmt":"2021-09-11T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=49261"},"modified":"2025-09-02T11:46:36","modified_gmt":"2025-09-02T08:46:36","slug":"blocking-of-dns-services-in-russia-protonmail-scandal-and-other-cybersecurity-events","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/blocking-of-dns-services-in-russia-protonmail-scandal-and-other-cybersecurity-events\/","title":{"rendered":"Blocking of DNS services in Russia, ProtonMail scandal and other cybersecurity events"},"content":{"rendered":"<p>We have compiled the most important cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-1fd072e5-5f0d-4d2e-8ec1-e8d23373336b\">\n<li>Experts reported that Roskomnadzor is testing blocks on Google and Cloudflare DNS services.<\/li>\n<li>Media reported that WhatsApp reads users&#8217; private messages when reviewing content complaints.<\/li>\n<li>Almost 500,000 Fortinet VPN usernames and passwords have been made publicly accessible.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Roskomnadzor warned about testing the blocking of foreign internet protocols<\/strong><\/h2>\n<p>In early September Roskomnadzor asked state-owned companies to report on their possible use of encryption protocols that hide the name of the site, writes <a href=\"https:\/\/www.kommersant.ru\/doc\/4978090\">\u00ab\u042a\u00bb<\/a>. The matter concerns Google&#8217;s and Cloudflare&#8217;s DNS services and the DoH service being implemented by Mozilla and Google.<\/p>\n<p>To ensure network resilience, companies were invited to connect to DNS services of Russian operators or the National Domain Name System by September 9.<\/p>\n<p>On 8 September, several experts <a href=\"https:\/\/t.me\/zatelecom\/18853\">reported<\/a> that the blocking tests had begun.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Media: WhatsApp regularly decrypts users&#8217; private messages<\/strong><\/h2>\n<p>The messaging app WhatsApp, owned by Facebook, regularly decrypts users&#8217; private messages to review content complaints. This was reported by ProPublica.<\/p>\n<p>According to the outlet, the company uses contractors who study the content the complaint pertains to using specialized software.<\/p>\n<p>The outlet notes that employees only have access to messages flagged by users themselves and automatically routed to the company as potentially offensive.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe check is one element of a broader monitoring during which the company also reviews unencrypted materials, including data about the sender and their account\u201d.<\/p>\n<\/blockquote>\n<p>The company also studies unencrypted data, including names, phone numbers, profile photos, the unique mobile phone identifier and IP address, among others.<\/p>\n<h2 class=\"wp-block-heading\"><strong>ProtonMail updated its privacy policy after disclosure of a user IP address to French authorities<\/strong><\/h2>\n<p>The encrypted email service ProtonMail revised its privacy policy following the scandal over the disclosure of a user IP address to French authorities.<\/p>\n<p>The case concerns a ProtonMail user who took part in protests against gentrification in Paris last year. French police and Europol contacted Swiss authorities, where ProtonMail is headquartered, and asked for help identifying the activist. He was subsequently arrested.<\/p>\n<p>In ProtonMail, they said they had received an order from Swiss authorities that they are obliged to comply with.<\/p>\n<p>According to law, the company &#8220;may be compelled to collect information about user accounts under investigation in Switzerland&#8221;.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cOf course, this is not done by default, but only if Proton receives a legal order for a specific account\u201d,<\/p>\n<\/blockquote>\n<p>According to Ars Technica, it previously stated that the company &#8220;by default does not log IP addresses that could be linked to an anonymous email account&#8221;.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cProtonMail is email that respects privacy and puts people (not advertisers) first\u201d.<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\"><strong>The REvil gang&#8217;s site is back online<\/strong><\/h2>\n<p>Analysts found that Happy Blog, used by the REvil hacker group to publish victim data, is back online.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/REvil?src=hash&#038;ref_src=twsrc%5Etfw\">#REvil<\/a> Happy Blog is back online <a href=\"https:\/\/t.co\/11DCsWGmyB\">pic.twitter.com\/11DCsWGmyB<\/a><\/p>\n<p>\u2014 \ud835\udd6f\ud835\udd92\ud835\udd8e\ud835\udd91\ud835\udd9e \ud835\udd7e\ud835\udd92\ud835\udd8e\ud835\udd91\ud835\udd9e\ud835\udd86\ud835\udd93\ud835\udd8a\ud835\udd99\ud835\udd98 (@ddd1ms) <a href=\"https:\/\/twitter.com\/ddd1ms\/status\/1435292310024204298?ref_src=twsrc%5Etfw\">September 7, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<p>As yet no new posts have appeared on the site, so it remains unclear whether this signals a revival of the attackers&#8217; activities.<\/p>\n<p>As a reminder, this year REvil victims included several major companies. The hackers were behind attacks on the world&#8217;s largest meat producer <a href=\"https:\/\/u1f987.com\/en\/news\/russian-hackers-suspected-in-attack-on-worlds-largest-meat-producer-jbs\">JBS<\/a>, the company <a href=\"https:\/\/u1f987.com\/en\/news\/ransomware-group-revil-demanded-50-million-in-monero-from-acer\">Acer<\/a> and the American software developer <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hackers-breached-thousands-of-companies-and-demanded-a-70-million-ransom-in-bitcoin\">Kaseya<\/a>. For decrypting files they demanded a cryptocurrency ransom.<\/p>\n<p>In July the group\u2019s sites <a href=\"https:\/\/u1f987.com\/en\/news\/revil-hacker-sites-vanish-from-the-dark-web\">suddenly went offline<\/a>. Later in Kaseya it was stated that <a href=\"https:\/\/u1f987.com\/en\/news\/kaseya-the-american-software-maker-obtains-decryptor-key-without-paying-ransom\">they had obtained a \u201cuniversal decryptor key\u201d<\/a> for the REvil-infected files without paying the ransom.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hackers breached the United Nations computer network<\/strong><\/h2>\n<p>Earlier this year, hackers breached the United Nations computer networks and stole data that could be used against the organisation&#8217;s institutions and staff, Bloomberg reports.<\/p>\n<p>Allegedly the intruders gained access using a stolen UN employee username and password purchased on the dark web.<\/p>\n<p>The account used by the hackers was not protected by two-factor authentication.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Germany secretly bought Pegasus spyware<\/strong><\/h2>\n<p>The Federal Criminal Police Office of Germany, \u201cunder strict secrecy,\u201d bought Pegasus spyware from the Israeli company NSO Group, reports say. The agency confirmed the purchase.<\/p>\n<p>In the version purchased by the agency, some features were blocked to prevent abuse, officials clarified.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cHowever, it is unclear how this works in practice,\u201d the media notes.<\/p>\n<\/blockquote>\n<p>It is reported that the agency bought the Pegasus Trojan version in late 2020. It has been used in anti-terrorism and organised crime operations since March this year.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Almost half a million Fortinet VPN usernames and passwords leaked online<\/strong><\/h2>\n<p>Researchers found on hacker forums a database of almost 500,000 Fortinet VPN usernames and passwords. They are believed to have been obtained from vulnerable devices last summer.<\/p>\n<p>The hackers claim the Fortinet vulnerability has already been fixed, but many credentials are still valid.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThis leak is a serious incident because VPN credentials can allow attackers to gain access to networks to steal data, install malware and launch ransomware attacks\u201d, Bleeping Computer notes.<\/p>\n<\/blockquote>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>\u201c\u042f\u043d\u0434\u0435\u043a\u0441\u201d \u0441\u0442\u0430\u043b \u0436\u0435\u0440\u0442\u0432\u043e\u0439 <a href=\"https:\/\/u1f987.com\/en\/news\/yandex-was-hit-by-the-largest-ddos-attack-in-the-history-of-the-internet\">\u043a\u0440\u0443\u043f\u043d\u0435\u0439\u0448\u0435\u0439 DDoS-\u0430\u0442\u0430\u043a\u0438 \u0432 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430<\/a>.<\/li>\n<li>The hacker behind the DeFi protocol Cream Finance <a href=\"https:\/\/u1f987.com\/en\/news\/cream-finance-defi-protocol-hacker-returns-17-6-million\">returned $17.6 million<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">What to read this weekend?<\/h2>\n<p>Earlier this year, amendments to Russia&#8217;s legislation regulating the dissemination of information on social networks came into force. They require owners of such networks to monitor user content. ForkLog has consulted with lawyers to explain what the new rules mean and what they mean for business and users.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our Telegram \u2014 cryptocurrency news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most important cybersecurity news of the week.<\/p>\n","protected":false},"author":1,"featured_media":49262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-49261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"41","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=49261"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49261\/revisions"}],"predecessor-version":[{"id":49263,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/49261\/revisions\/49263"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/49262"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=49261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=49261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=49261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}