Cybersecurity News Digest For August 2023

Summer is over! We don’t know whether to congratulate you or not. But now the dreariest time of year begins — autumn.

So that you don’t get bored at all, we have prepared a cybersecurity digest for you. Read and be aware of what is happening.

The previous digest for July is here.

#1 The service confirmed the hacking and data leakage of 760,000 users confirmed the hacking of the network IT infrastructure and leakage of data from 760,000 users. The website temporarily disabled access to its services, and the service began checking the incident.

Discord security problems

“ has suffered a data breach. We are stopping all operations for the foreseeable future,” the project’s website says. The company started canceling all paid subscriptions.

A hacker under the nickname Akhirah was able to obtain user data such as: username, email address, home address (for a few users), hashed password, and Discord ID.

According to Akhirah, so far the user database has not been sold to any third party. Akhirah warned that the sale could happen soon if representatives of the service do not contact him and remove all prohibited information and links to illegal content from the platform.

On August 14, 2023, the database of registered users of, a third-party interface for servers of the cross-platform proprietary Discord system, was put up for sale on the hacker forum Breached.

Experts of the DLBI data leak intelligence and darknet monitoring service explained that the proposed database has 760,000 rows with user data, including email addresses and hashed passwords. The seller claims that the database dump was made quite recently, and administrative access to the user database still remains open to third parties.

Judging by the provided test sample, the logins are valid and are verified through password recovery on the site, DLBI experts clarified.

#2 Telegram unblocked in Iraq

On August 13, 2023, the Ministry of Communications of Iraq announced the unblocking of access to Telegram servers in the country after the start of cooperation with the administration of the platform. This happened 7 days after the introduction of restrictions on the messenger by the main service providers of Iraq at the request of the regulator to preserve the integrity of users’ personal data and for reasons of national security.

The Iraqi Ministry of Communications told the media that the decision to unblock was made after “the company that owns the platform responded to the demands of the security authorities, who called on the company to disclose entities that leaked citizens’ data.” The Iraqi supervisory authority clarified that the Telegram administration “expressed full readiness to communicate with the relevant regulatory authorities.”

In response to a media request on this situation, the Telegram press service said that “posting private data without consent is prohibited by the Telegram terms of service, and such content is routinely removed by the messenger moderators.”

“We can confirm that our moderators took down several channels sharing personal data. However, we can also confirm that no private user data was requested from Telegram and that none has been shared,” a company representative clarified to the media.

Let’s recall that on August 6, 2023, the Iraqi authorities blocked access to Telegram in the country. A special statement from the Ministry of Communications of Iraq stated that “the blocking of Telegram was carried out on the basis of instructions from the competent authorities related to the national security of the country, as well as in order to preserve the personal data of citizens, which was not observed by the messenger mentioned above.”

Telegram security issues

Profile network resources then reported that the blocking of Telegram in Iraq was carried out by the main communication providers Zain and Earthlink, as well as local telecom operators. The web version of the service is blocked for most users in the country.

Kurdistan Net and Korek Telecom operators did not comply with the authorities’ requirements to block the service. Also, the technical restriction by the Ministry of Communications of Iraq turned out to be circumventable using VPN services.

Read more about Telegram security issues here.

#3 ProtonMail rents users. “Protected anonymous mail” is a myth

The ProtonMail secure email service passed user information to the FBI in connection with an investigation into threats against Claire Woodall-Vogg, director of the Milwaukee Election Commission.

In 2021, Woodall-Vogg received a surge of negative messages and threats after her communication with election consultant Ryan Chiu was published on the Gateway Pundit and Wisconsin Spotlight websites.

The FBI initiated an investigation into these threats and issued a search warrant for an unknown ProtonMail user who sent Woodall-Vogg a message containing harsh statements and threats.

Subsequently, Proton Technologies, the operator of ProtonMail, provided the FBI with a user ID in accordance with the warrant. This information helped the FBI identify the person in question.

Although many “anonymous protected” service providers claim that their systems are completely secure and charge money for it, it is always worth remembering that there is no anonymity on the internet.

Choose the most anonymous tool for transferring data — Utopia P2P.

#4 Wikipedia has become a tool for masking the new malicious WikiLoader loader

Proofpoint has announced in its new report the identification of new malware called WikiLoader, which has been used in a number of cybercrime campaigns. Since December 2022, this malware has been used by hackers mainly against Italian and other European organizations.

A Proofpoint report published a few days ago states that WikiLoader is distributed through a variety of vectors, including macro-enabled documents, PDF files with embedded URL links, as well as OneNote attachments with embedded executable files. Its main function is to load the payload of the second stage, most often representing malicious Ursnif software.

The name WikiLoader was chosen because the malware executes a request to the domain, checking for the presence of the string The Free in the response. Information security experts from Proofpoint note that this is probably an attempt to evade detection, which is used to interfere with functioning in an automated analysis environment.

The Proofpoint company said that the WikiLoader malware has a complex structure. The report highlights that its call instruction is being replaced by a combination of push/gmp instructions, which creates problems for popular analysis tools such as IDA Pro and Ghidra. In addition, WikiLoader uses indirect system calls to bypass detection systems and sandboxes.

Wikipedia data leaks

The malware also uses packaged loaders to enhance its detection evasion capabilities. The report says that at least three versions of WikiLoader have been identified, which indicates its active development. Its creators seek to complicate it so that it will be more difficult for specialists to detect it.

#5 Android 14 gets a new standard for cellular security

Google has announced the introduction of “first-of-its-kind” cellular security features in the next major Android release. They will protect voice, text, and internet data from interception by intruders.

One of the vulnerable factors is 2G networks, first deployed in 1991. The standard does not assume mutual authentication — that is, the phone cannot verify that it is connected to a real cell tower.

Scammers use this by launching base station emulators like Stingray or IMSI Catcher. They are also able to force neighboring devices to switch to 2G, even if more modern communication standards are operating nearby. After the interception, the emulator owner gets access to confidential information (unique identifiers of nearby phones, call metadata), and in some cases to the contents of SMS and voice calls.

Therefore, in Android 14, all smartphones using the Radio HAL 1.6+ interface will receive an option to prohibit a 2G connection. Owners of Pixel phones of the latest generations are already familiar with this function. It is located in the “Settings” section: open “Network and Internet,” select “SIM cards” and tap on “Allow 2G.”

2G will remain as a backup communication channel, but only when calling emergency services.

It is known that some cellular networks still use zero cipher, an outdated form of encoding that does not involve data protection during transmission between the phone and the base station. Moreover, the already mentioned Stingray can deceive user devices: it tells them that encryption is not supported by the network.

In Android 14, there will be an option to disable zero-cipher connections at the modem level. However, its implementation in real gadgets depends on the manufacturers.


Leave a Reply

Leave a comment

Your email address will not be published.