To exploit vulnerabilities to read encrypted messages, you first need to gain control of the recipient’s account.
Developers of the open-source Matrix instant messaging protocol have disclosed details of vulnerabilities (CVE-2021-40823 and CVE-2021-40824) affecting a range of Matrix clients, including Element (web / desktop / Android), FluffyChat, Nheko, Cinny and SchildiChat … The issue does not affect Element on iOS.
As the developers explained, under certain circumstances, an attacker can force vulnerable clients to issue encryption keys for messages previously sent by this client to the user whose account has been compromised.
To exploit vulnerabilities to read encrypted messages, an attacker first needs to gain control of the recipient’s account. This requires either directly compromising his credentials or the home server.
In other words, users in encrypted rooms with malicious servers are at greatest risk. Administrators of malicious servers can impersonate users’ devices and intercept messages sent by vulnerable clients in this room.
The vulnerabilities do not affect the Matrix and Olm / Megolm protocols or the libolm implementation. The issue is an implementation bug in certain Matrix and SDK clients that support end-to-end encryption.
There is no information about the exploitation of vulnerabilities in real attacks. The problems were discovered by Element researcher Denis Kazak during an internal audit.
Hotfixes have already been released for affected clients and users are strongly encouraged to install them. If the upgrade is temporarily impossible, it is recommended that vulnerable clients not be connected to the Network if possible.
Vice Society ransomware attacked a network of medical facilities in California
The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.
United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.
United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.
On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.
This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.
The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.
When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:
They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?
The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?
If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “
The data of those wishing to take out a loan from Sovcombank got into the public domain
The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.
The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …
Chinese authorities ordered to cleanse cartoons of “unhealthy” content
The Chinese authorities are confident that cartoons should support “truth, goodness and beauty.”
The Chinese television regulator demanded that producers not allow scenes of violence, vulgar and pornographic content to appear in cartoons. At the same time, the authorities will encourage “healthy” cartoons that carry “truth, goodness and beauty.”
The National Radio and Television Administration of China issued a notice to cartoon creators on September 24. The regulator recalled that mainly children and young people watch cartoons. Therefore, producers and artists should fill the paintings with content that carries “truth, goodness and beauty,” the agency said.
The regulator promised to encourage the creators of “healthy” cartoons, but did not specify how exactly.
In recent months, the Chinese authorities have introduced several measures aimed at the younger generation. At the end of July, the country banned streaming with the participation of children under the age of 16. A local regulator expressed concern over the display of “capitalist values” and “extravagant pleasures” in the videos of young Chinese people.
In August, the Chinese authorities also limited the time children and teenagers can spend playing online. Minors are only allowed to play between 8:00 pm and 9:00 pm on Friday, Saturday, Sunday and public holidays.
1.64-inch AMOLED screen, heart rate and SpO2 monitoring, water resistance, over 100 training modes and 14 days of battery life for $ 85. Oppo Watch Free Smartwatch Introduced
Together with the K9 Pro 5G smartphone, the Oppo brand today introduced the Oppo Watch Free smartwatch in China. The...
AMOLED screen 120 Hz, 64 MP, 4500 mAh and 60 W. Oppo K9 Pro 5G presented
The Oppo brand today unveiled the Oppo K9 Pro smartphone in China. This model has nice specs at a very...
Xiaomi Civi will receive the thinnest bottom bezel of all the company’s smartphones. Its thickness is only 2.55 mm
Xiaomi has published a new teaser and revealed new details about the Civi smartphone, which will debut tomorrow. It turned...
Following microcircuits, capacitors became scarce
To the semiconductor shortage that has plagued many industries, it appears to be added a shortage of passive components such...
- Phones6 days ago
The Samsung Galaxy S22 Ultra will be Samsung’s most beautiful smartphone, and the 200MP camera may debut in the Galaxy S23. Ice Universe shares new predictions
- Components4 days ago
Microsoft has unveiled its top-of-the-line Surface Laptop Studio. Intel Core 11 processors, GeForce RTX 3050 Ti graphics, up to 19 hours of autonomy and price up to $ 3100
- Security6 days ago
TikTok has limited the use of the application by children
- News6 days ago
OnePlus buried OnePlus 9T, announced a new unified OS and the merger of Warp Charge and SuperVOOC technologies