Hacking and Cyber Security News

According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic. According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent. A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over th

A surge in new cyberspying by a speculated Chinese group that dates as far back as to late January was recently being observed by a U.S. cybersecurity firm.  Happening around the time when the worldwide pandemic COVID-19 began to spread outside the borders of the Chinese, a publicly-traded cybersecurity company, FireEye Inc. (FEYE.O) said in a report that it had detected a spike in movement from a hacking group it calls "APT41" that began on Jan. 20 and focused on more than 75 of its customers, from manufacturers and media companies to medicinal and healthcare services associations and non-profits.  The report stated that it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.” In its report, FireEye said that APT41 abused the recently revealed defects and flaws in the software created by Cisco (CSCO.O), Citrix (CTXS.O) and others to attempt to break into scores of companies' networks in the US, Canada, Britain,

The first step anyone took after hearing the first of the Coronavirus was ‘Googling’ it. Google has been a solution, for as long as we can remember, to most of our queries. Yet again it upholds its reputation. Amid all the mass confusion and chaos this virus has caused for the human race, every single one of us has wanted a ‘go-to’ for a little clarity between all of this bewilderment related to COVID-19. Be it asking about the first symptoms, vaccine information or prevention strategies, in the middle of this bewilderment people have continued to look up to search engines for answers. Google stepped in at the right moment and launched a website that encompasses next to every single bit of information about the Coronavirus. Per sources, by way of collaborating with the US government, Google was has developed a website fully committed to educating people about COVID-19 including the probable symptoms, ways of prevention, treatment and all the other related information. Rep

Owing to the lockdown due to the outbreak of the global pandemic Covid-19, people are once again resorting to their go-to messaging app – WhatsApp to spread misinformation in the name of information. Notably, WhatsApp has continued to be the most favorite platform for the circulation of fake news which also caused a number of untoward incidents in India. It's mainly because of the rampant forwarding of messages created to promote individuals' or organizations' vested interests. While, public fear, unawareness, and lack of knowledge have a huge role to play in the equation of fake news and the consequences it had on the society, WhatsApp has constantly stood up to the issue and ensured to eliminate the flaws in its software. The app has a massive reach across the globe with more than 2 billion active users and in an attempt to curb this circulation of misinformation, WhatsApp is reportedly working on a new feature that would allow users to verify the forwarded message

Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol (RDP) for three weeks (since the end of February 2020) increased by 9% and reached over 112,000. It is enough for hackers to send a special RDP request to vulnerable Remote Desktop Services (RDS) to attack. Authentication is not required. If successful, an attacker can install and delete programs on a compromised system, create accounts with the highest level of access, and read and edit confidential information. The vulnerabilities affect Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems. According to Alexey Novikov, director of Positive Technologies security expert center, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work. For a secure remote connect

If hackers trespass into your smartphones, they can send fake emails, fake alerts using your camera, and even control user activity. According to Denise DeRosa, founder of Cyber Sensible, if even a minute thing in your smartphone is not secured, it makes the device vulnerable to cyber attackers. The basic problem is that your smartphones are connected to the central hub, where all the data is managed and regulated. If this is ever exposed, your complete digital information is at risk. Regrettably, your smartphone is not safe from all these potential threats, and it is frightening. But there's no need to worry, follow these nine simple steps to ensure the safety of your smartphone. 1. Create a secure password by using a set of random arrangements from different dictionaries. Hackers have always used algorithms to predict the patterns of your password. Experts recommend having at least a 12 character password with capital letters and unique characters. In this way, hackers

Chinese security firm Qihoo 360 reported that since December 2019, a miscreants group has been hacking into DrayTek enterprise routers to record and spy on FTP ( File Transfer Protocol) and email traffic inside the corporate network. Netlab the network security division of Qihoo published a report saying, they detected two different groups, each one exploiting a zero-day vulnerability in DrayTek Vigor- Attack Group A - using load-balancing routers and  Attack Group B - using VPN gateways.  Qihoo did warn DrayTek about their zero-day vulnerability but the message was sent to the incorrect receiver and could not reach DrayTek.  Although the company did learn about the zero-days but only after group B attacks in January and released the patches on February 10. The attacked models are discontinued routers, still, DrayTek released their patches as soon as they could.  Qihoo reported the attacked models - DrayTek Vigor 2960, 3900, and 300B and said only 10,000 of these (activ

Check Point experts have identified a new family of malware in the Google Play Store. It was installed in 56 Google Play Store apps that have been downloaded almost a million times by users worldwide. 24 apps among the damaged 56 are children's games, as well as utilities such as calculators, translators, cooking apps and others. As it is specified, applications emulate the behavior of a real user. Tekya malware uses the MotionEvent mechanism in Android that simulates a click on an ad banner (first discovered in 2019) to simulate user actions and generate clicks. Imitating the actions of a real person does not allow the program or a third-party observer to understand the presence of fraud. This helps hackers to attack online stores, make fraudulent ads, promote advertising, promote sites in search engine results, and also serve to carry out banking operations and other illegal actions. During the research, Tekya went unnoticed by the VirusTotal and Google Play Protect pro

The spread of malware through apps being downloaded by users in the name of 'the latest information and instructions about COVID-19' is amongst one of the most prevalent threats that have been observed since the outbreak of the novel Coronavirus. As a result, users were forced to download apps such as COVID19Tracker or Covid Lock from a website, the app locked victims outside their smartphones and asked for a ransom of $100 in Bitcoin for the release of their data. Consequently, attackers threatened them to leak all their contacts, media, and social media accounts online in case they failed to pay the ransom in due time. Users are being severely targeted amid the COVID-19 themed malware and data exploit attacks, another example resides in the discovery of a new type of attack that is targeting home routers. It redirects victims to an infected website after altering the DNS settings and then drops a file-encrypting malware 'Oski' that encrypts the important files on

Russian Security Services (RSB) has tracked down and charged an international credit card fraud ring arresting 25 accused. The carding kingpin is suspected to be linked with dozens of carding shops and with some of the most significant data breaches plaguing the Western World. FSB, the Russian Federal System, issued a statement this week stating they arrested 25 individuals accused of circulating illegal means of payment tied with around 90 websites that sold stolen credit cards. Though the FSB did not release a list of names, a blog LiveJournal by cybersecurity blogger Andrey Sporov leaked the details of the raid and exposed that the infamous hacker Alexey Stroganov, who goes by the hacker names "Flint" and "Flint24" was also among the arrested. According to Intel 471, a cyber intelligence firm Stroganov is with some of the major cyber threats since 2001. Stroganov and his associate Gerasim Silivanon (a.k.a. "Gaborik ") were also sentenced to six yea

The Federal Bureau of Investigation as of late brought down the Russian-based online platform DEER.IO that said to have been facilitating different cybercrime products and services were being sold according to announcements by the Department of Justice. The Russian-based cyber platform known as DEER.IO has for quite some time been facilitating many online shops where illicit products and services were being sold. A little while back, there happened the arrest of Kirill Victorovich Firsov as revealed by authorities, he was the supposed main operator behind Deer.io, a Shopify-like stage that has been facilitating many online shops utilized for the sale of hacked accounts and stole user data. Convicts ware paying around $12/month to open their online store on the platform. When the 'crooks' bought shop access through the DEER.IO platform, a computerized set-up wizard permitted the proprietor to upload the products and services offered through the shop and configure the pa

Atlas VPN did a new study based on Flash Intelligence Research findings from 2017-2019. The research has revealed the costs of essential goods and services on the dark web. For instance, the Social Security Numbers, which are now out of date and insecure as they are no longer in use, especially after the 2018 Equifax Hack, they are still widely used as a primary proof of identification confirmation. Hackers tend to attack websites that can generate millions of SSNs at once so that all the data is vulnerable to hackers. Therefore, with millions of SSNs in the open, they are sold up to $4 on the dark web. According to Flashpoint, the following services are available on the dark web along with the SSNs. These services are divided into four types:  Hacker Services  Forged Documents  Personal Identifiable Information (PII)  Stolen Financial Information  The PII (personally identifiable information) package, in addition to the SSN for $4, has the victim's Name, Passport

Defense Minister Sergei Shoigu, speaking in the Federation Council, announced opposition attempts to penetrate Russian military facilities. The head of the military Department recalled that Western countries regularly make high-profile accusations against Moscow, such as interference in American elections, hacking attacks, and concealment of military losses. "In our country, they are supported by a Pro-Western opposition division regularly trained abroad. Using media laws as a cover, its activists are trying to infiltrate military facilities and are monitoring relatives and witnesses. They go to hospitals where our wounded are lying, to cemeteries, to commemorations, to the families of our dead children. They take photos of the entrances and exits from our secret objects and put them on the Internet. You can imagine what responsibility they would be brought to in Western countries," said the head of the military Department. In this regard, Shoigu called on senators t

Computer enterprise company HP (Hewlett Packard Enterprise) warns its customers about a bug that it has recently found in its SSD (Solid State Drives). The company HP has made a new firmware patch to prevent some of its hard drives from crashing after 40,000 hours of consumer use. In a firmware incident last week, HP informed its consumers about a bug in some of its hard drives that will cause them to stop working after 40,000 hours of use, which is around four years and 200 days. SAS SSDs (Serial-Attached SCSI solid-state drives) is the model of the hard drives that are likely to be affected by this firmware bug. According to HP, the hard disks manufactured during that period will crash around October this year, and these will be among the earliest failures. To solve this issue, HP has released some firmware updates to fix this bug last week. It has asked the companies to update to the latest firmware updates, and if they fail to do so, the companies might risk losing both the SS

A boutique Indian cyber security firm (a proprietorship) just went through a nightmarish experience with an MNC when it sought to secure a Code Signing Certificate (CSC). The MNC simply refused to recognise several valid documents issued by the Government of India. The Indian firm has a GST registration, a MSME registration and has over the last few years continuously offered protection against cyber security threats to over a dozen blue chip firms in the Banking & Financial Services Sector. Most of the firm’s business is repeat business on an annual subscription model. The firm wrote a small executable which can dig into viruses on hard disks and wanted a secure a code signing certificate in this connection. The first code signing vendor said that they can only issue a certificate to a company incorporated with the Ministry of Company Affairs and thus rejected the application. Fortunately, no application fee has been paid and the matter ended there. A second vendor was

More than 30 members of an interregional criminal group engaged in cloning and selling credit and payment cards of Russian and foreign banks were detained by the Federal security service (FSB). Hackers gained access to data by hacking user accounts and payment systems. The detentions took place immediately in 11 regions of Russia. The group created more than 90 online stores where it was possible to buy data from other people's bank cards. The cards of both Russian and foreign banks, including credit cards, were compromised. According to the FSB, the criminal group has been operating for at least the past three years. Criminals obtained the necessary data of real cardholders by accessing user accounts on the Internet and payment systems. One of the most common ways to get them was to create websites selling various products at below-market prices. Customers interested in these cheap offers paid for the purchase directly on the site with a bank card. At the same time, using

According to data by Coindesk, the cryptocurrency value suddenly increased on Tuesday. And this comes as a matter of surprise as the whole trade market is suffering heavy losses due to coronavirus pandemic. Witnessing this sudden increase in the Cryptocurrency's value, Bitcoin eventually rose up to 10% in a single day, as trading prices reached $6,569.17 around noon, Singapore time. Meanwhile, Ethereum's value has increased by 7%, whereas XRP witnessed a jump rate of over 5% in its prices. The total value of the cryptocurrency trading market- Market Capitalization, recorded a surprising leap of $14 Billion to $182.62 Billion within a mere 24 hours at 11:47 am Singapore time, says the data of the website Coinmarketcap.com. The entire Cryptocurrency market suffered severe losses at the start of March. On 8th March, the whole business failed when oil prices took a hard fall. Furthermore, on 12th March, the Cryptocurrency lost $93.5 of its value within a day, and even wors

Cybersecurity threats have seen a massive upsurge since the outbreak of the COVID-19 pandemic that forced a majority of people to work from home which now is leading to attacks on remote workforces. Amid the anxiety it created, hackers have devised multiple ways to take advantage of the coronavirus and continued to exploit the fear amongst people in a number of ways, one being the distribution malware in the facade of Covid-19 or Corona related emails. The threat posed by the Coronavirus has been seen to be scaling beyond human health, job losses and the collapsing global economy as it also set the stage for hackers to scam people for monetary and other gains. The urgency revolving around the novel biological virus robbed tech vendors and corporate systems of their ability to effectively tackle the risks. Scammers are well aware of the overwhelmed state of cybersecurity groups that led to a dramatic rise in phishing attempts and cyberattacks. Notably, hackers are exploiting the Co

The coronavirus epidemic around the world has affected not only electronics factories, but many companies are also transferring their employees to remote mode. But, according to experts, such a measure will negatively affect the entire field of data storage. Following a four-fold increase in the number of phishing mailings in Russia, analysts predict a significant increase in the number of leaks of personal user information. According to experts of the Russian company Internet search, the danger of data being leaked to third parties often comes from the company's own employees. Employees working at home are not monitored by either colleagues or CCTV cameras, and the effectiveness of special software is often not enough to prevent leaks. "It's scary to imagine that banks or IT giants will be unprepared for a new threat — working from home. All last year we observed how weaknesses in building the information security of the largest companies in the country led to cata

Amid the coronavirus epidemic and panic among the public, FTC (Federal Trade Commission) has urged the public to stay aware of the hackers that might try to attack their devices during these vulnerable times. FTC has generated a list of hacking tricks and strategies that the hackers use to attack susceptible users amid the coronavirus epidemic. Cybersecurity has become FTC's primary concern on its 2nd alert notification about various ways the hackers are using to launch cyberattacks for their profits because of the coronavirus outbreak. According to cybersecurity experts, in one of the latest incidents, hackers are sending users fake emails claiming that they have the necessary supplies of groceries or that they have the cures for coronavirus. In another widespread episode, hackers sent users fake WHO advisory about the 'safety tips to follow to prevent yourself from COVID-19.' According to FTI's caution, if the users download information using the given links or o

In 2019, the Rostelecom Solar JSOC Monitoring and Response Center for Cyberthreats detected and repelled over 1.1 million external attacks on organizations' information resources. At the same time, as always, more than 430 thousand cyberattacks were detected in Moscow. More than 128 thousand cyberattacks were recorded over the year in the North-Western Federal district. The most common tool of hackers was the use of vulnerabilities in web applications (web portals, email, Internet banks, personal accounts). At the same time, according to Solar JSOC experts, it's easy to hack every third application and gain access to the organization’s server. The number of such attacks increased by 13% in 2019. "Such dynamics can be associated with the active development of corporate Internet resources, not only in traditional industries (banks, retail), but also in the fuel and energy sector, and the public sector. At the same time, most of these resources have critical vulnerabil

In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption. The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks. The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.” As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries. Image credit: Down Detector’s live map Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet

Canada's hospitals and clinics are suffering massive cyber threats as the cyberattacks targeting the Canadian healthcare industry saw a sudden rise in number. Researchers reported that the health-care sector is the most targeted sector in Canada amounting to a total of 48% of all security breaches in the country. Digital security of hospitals in Canada is being exposed to heavy risk as the growing number of data-breach incidents imply how the healthcare industry has become the new favorite of cybercriminals. The issue has gained widespread attention that led to calls for imposing national cybersecurity standards on the healthcare industry. In order to tackle the problem effectively and protect the privacy of their patients, the institutions are required to update their cybersecurity arsenal for which the federal government's involvement is deemed necessary by the experts. While commenting on the matter, Paul-Émile Cloutier, the president and CEO of HealthcareCAN, said:

Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were exploited in the Digital Video Recorders (DVRs ) that the vendor is well known for. Sources mention that the exploitation of the zero-day vulnerabilities had been a continuous thing for almost half a year and the vendor was unaware. Nevertheless, they rolled out a patch in February 2020. Digital Video Recorders are electronic devices that collect video feeds from local CCTV/IP cameras systems and store them on different mass storage devices like SD cards, USB flash drives, disk drives, etc. DVRs are a huge deal today given they are a major element for the security cameras that are used almost everywhere in these times. With CCTV cameras raging, attacks especially designed for them have also risen equally. Malware botnets and other hacker operations have been targeting these widely used DVRs for quite some time now. Per sources, the non-r

Dubbed as CrazyCoin, a brand new virus has been recently discovered by researchers, which spreads through the NSA leaked EternalBlue exploit kit. The researchers came across this new computer virus as they found that it incorporates numerous capabilities in its arsenal.  The virus allegedly incorporates mining, hacking, and 'backdoor' modules. After it taints a user's machine, it downloads mining and data-stealing modules. Later it plants the Double Pulsar backdoor program so that every one of these modules cooperates with one another and plays out their own activities.  As indicated by researchers from 360 Baize Labs who found the infection, “The powershell script is responsible for downloading various modules to the victim’s machine for execution.” They state that the mining module incorporated in the virus is utilized to mine Monero and HNS coins.  Furthermore, among the data stolen by the virus' stealing module are the victim's sensitive documents, like

Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices. According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries. It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs. According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory user

Russian payment systems will switch to using domestic cryptographic information security tools by 2031 Existing payment systems in Russia will have to switch to the use of cryptographic information protection tools of domestic production. This was announced by Ivan Kosyakin, chief engineer of the information security Department of the Bank of Russia, during his speech at the scientific and practical conference "Ruscrypto 2020" held in the Moscow region. Thus, according to him, Russia's sovereignty in the field of information security for the needs of the banking sector will be increased. So, to achieve this goal, functional technical requirements for payment systems with a terminal core, hardware security modules, payment cards were approved in 2019. In turn, as noted by Elena Mareeva, Deputy Director for scientific and technical development of Practical Security Systems, in January of this year, requirements for cryptographic information protection tools were ap

Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities. An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days. On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources. Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities. Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”. The

On March 16, a Representative of the Bank of Russia, Alexey Guznov, announced a possible ban on the issue and organization of cryptocurrency circulation in the territory of the Russian Federation. As noted in the bill on digital financial assets, the issue and circulation of cryptocurrencies in Russia carry an unjustified risk. The bill prohibits the issue and circulation of cryptocurrency in Russia and introduces responsibility for violating the ban. Mister Guznov noted: "The position of the Bank of Russia remains unchanged. We believe that there are great risks when legalizing the circulation of cryptocurrencies." Risks arise for financial stability and the anti-money laundering system, and consumer protection will also suffer. The Central Bank objected to legalizing cryptocurrency as a "tool" and an object of circulation, said mister Guznov. Some experts suggested that cryptocurrency should be treated as a foreign currency and its issuance and circulation

Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations.  Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now. SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network.  Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity.  It had so happened in October in the United States that the