Security News

The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog. The Tor sites went offline earlier today, with a threat actor affiliated with the REvil operation posting to the XSS hacking forum that someone hijacked the gang's domains.

The Tor Project has brought major censorship circumvention and usability changes to the latest release of Tor Browser. The Tor team is on a mission to make Tor easier to use for everyone through user experience improvements based on research with users who face internet censorship and surveillance.

The Tor Project has released Tor Browser 10.5 with V2 onion URL deprecation warnings, a redesigned Tor connection experience, and an improved anti-censorship feature. Last year, the Tor Project announced that they were deprecating the use of V2 onion URLs in favor of the newer V3 URLs to provide more robust cryptography, longer URLs to prevent brute-forcing of hidden sites, and cleaner code.

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several security vulnerabilities addressed in Firefox 89.

A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites to track users across browsers by identifying applications running on their devices. The bug, a protocol flooding attack also referred to as scheme flood, relies on custom protocol handlers for browsers to probe desktop computers for installed applications, profile users, and track them across browsers such as Chrome, Firefox, Safari, and Tor.

The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices. In May, JavaScript fingerprinting firm FingerprintJS disclosed a 'scheme flooding' vulnerability that allows the tracking of users across different browsers based on the applications installed on their device.

WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements - including a relay system to anonymize Safari connections, and randomized email addresses for online account signups. Apple pundits had anticipated an Arm-based MacBook Pro, yet no word of next-generation Apple Silicon machines surfaced.

FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. That means, for example, if you browse the web using Safari, Firefox, or Chrome for some websites, and use the Tor browser to anonymously view others, there is a possibility someone could link your browser histories across all those sessions using a unique identifier, potentially deanonymize you, and track you around the web.

The Tor Project is auctioning off the first Tor Onion domain ever created, duskgytldkxiuqc6. Onion, as an NFT. The non-profit Tor Project operates the Tor decentralized network running on top of the Internet that allows users to access websites anonymously and special Onion URLs only accessible over Tor.

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday.