We have collected the most important news from the world of cybersecurity for the week.
- Researchers have discovered a data breach of users of the JusTalk application. The developers assured that all information is protected by end-to-end encryption.
- The Court of the Russian Federation declared “information in the Tor Browser application” prohibited.
- TRM Labs has reported a wave of attacks on the NFT community via Discord.
JusTalk user data leaked to the network. The application team claimed that all correspondence is protected by end-to-end encryption.
Researchers have uncovered data from unencrypted private messages of users of the JusTalk video calling and messaging app, writes TechCrunch. At the same time, the JusTalk team claims that all user correspondence is protected by end-to-end encryption.
Among the leaked data are millions of messages, the date and time they were sent, as well as the phone numbers of the sender and recipient. They also contained records of calls that were made using the application.
Tor banned in Russia again
The Leninsky District Court of Saratov partially satisfied the claim of the prosecutor’s office and declared the information contained in the Tor Browser and the application itself prohibited. This was reported by RosKomSvoboda, whose lawyers are conducting the case.
Lawyer Ekaterina Abashina said that the court agreed with Roskomnadzor, “which insists throughout the process that information, applications, and technology are the same, so all this can be recognized as prohibited by a court decision.”
Report: NFT Projects Lost $22M Since May Due to Discord Hackers
Since May 2022, TRM Labs analysts have recorded more than 150 compromises of NFT project Discord servers.
In June, the number of NFT minting-related phishing attacks deployed through compromised Discord accounts increased by 55% compared to the previous month.
As explained by TRM Labs, after gaining control over administrator accounts, hackers send links to ostensible gifts or “exclusive” NFTs so that people go to malicious sites.
TRM Labs has linked dozens of similar cases. Analysts believe many hacks are related to the same hacker that attacked the Bored Ape Yacht Club Discord servers in June.
Kazakhstan expands powers for authorities to control social networks and instant messengers
Kazakhstan signed amendments giving the Ministry of Information and Social Development (MIOR) the ability to restrict the activities of foreign online platforms or messengers.
In addition, the agency can request data from such services on the number of users per day and maintain a register of “representatives of foreign online platforms and instant messaging services.”
Innovative home camera makers from Amazon and Google have confirmed the possibility of transferring data to authorities without a warrant
Amazon-owned developer of video-enabled smart doorbells, Ring, has confirmed that video footage was handed over to police on 11 occasions in 2022 without user consent. Among them were situations where the police did not have a warrant to access this data, writes CNet.
Nest, a Google-owned video intercom company, says in its terms of use that it can also share information with law enforcement in an emergency without user consent:
“If we believe we can prevent someone from dying or causing serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, or missing people.”
At the same time, Nest noted that they had never resorted to this practice.
Innovative home camera makers, including Arlo, Eufy, Wyze, and Apple, which process such video footage, have said they do not provide such data to authorities without a warrant or court order.
