Breaking News »

Latest Hacking News

Russian cybersecurity researcher charged with treason for sharing info with US firms

A top cybersecurity researcher, Ruslan Stoyanov,  at  Kaspersky lab was arrested after he was allegedly charged with treason by Russian authorities. It is now reported that he allegedly passed the secret state documents to Verisign and other US companies.

In December, Stoyanov was arrested with two other  FSB officers, Sergei Mikhailov and Dmitry Dokuchayev,  in Moscow, after a Russian businessman accused them of treason.

According to an unnamed source, the allegations against three officials were first made in 2010 by a Russian businessman,  Pavel Vrublevsky, who is the founder of the online payment firm ChronoPay.

And in  December 2016, all three of them were arrested in response to those 2010 claims that the men had passed secrets on to American companies.

“I can confirm we (Chronopay) expect to be part of this case,” Vrublevsky told Reuters. “In 2010 we provided the FSB and other important Russian agencies with evidence that at least one FSB employee, as well as several other people, were involved in treason.”

Before his allegation, Vrublevsky himself was arrested and convicted for organizing a cyber attack on rival online payment company's website, ChronoPay.

After the news of the arrest of  Stoyanov, Kaspersky Lab released the following statement:

"The case against this employee does not involve Kaspersky Lab. The employee, who is Head of the Computer Incidents Teams, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation."

"The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments."

Google Discloses Vulnerability After Microsoft Fails To Patch In Time

(pc-Google Images)
Google's Project Zero has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made public.

The vulnerability in question is in the gdi32.dll file that is used by a significant number of programs. It is affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10, which are yet to be patched.

Google gives company 90 days after disclosure of vulnerabilities to fix the issue. However, if the time elapses without a patch that is made available to the public, the vulnerability is then disclosed to the public so that users can protect themselves by taking necessary steps.

In a post, Google’s Mateusz Jurczyk explains how the bug works. The post -- entitled "Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records" -- says that Microsoft issued a patch that fixed a related issue, but not all the memory access issues were addressed.

As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we've discovered that not all the DIB-related problems are gone. As a result, it is possible to disclose uninitialized or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker.

Jurczyk informed Microsoft about the bug on 16 November, giving the Windows-maker 90 days to get things sorted before going public. With this month's batch of security patches from Microsoft being delayed, the company missed the deadline, so the details of the bug are now available for everyone to see.

TeamSpy Malware Reappears In a Spam Campaign

(pc-Google Images)
Heimdal Security researchers spotted a new spam campaign carrying the TeamSpy data-stealing malware.

The attackers exploit the TeamViewer remote access tool to grant an attacker full access to a compromised device. Once downloaded the malware first targets usernames and passwords and then scans for personal information and pictures, which can be used for a number of illicit activities, including extortion, and financial gains, said Heimdal CEO Morten Kjaersgaard.

First, an email from a spoofed address will get the victim to download a zip file, which, once opened, triggers the .exe file inside to be activated. The TeamSpy code is then dropped onto the victim's computer, as a malicious DLL. The emails noticed by the security firm had "eFax message from “1408581 **" as a subject line.

As before, the cybercriminals install a legitimate version of TeamViewer on their victims' computers and then alter the behavior with DLL hijacking to make sure it stays hidden.

The logs are copied to a file, adding all available user names and passwords. The file is continuously sent to a C & C server.

Per the researchers, the TeamSpy malware includes various components in the otherwise legitimate TeamViewer application, two of them are keylogger and a TeamViewer VPN.

Putin Says Number of Cyber attacks against the Russia grew three times

The number of attacks launched against Russian Cyberspace has increased significantly in the recent years, President of Russian Federation Vladimir Putin said at the annual board meeting of the Federal Security Services on February 16.
 
"The Number of cyber attacks against official information databases has tripled in the past year compared to 2015", — said the President.

On 11 February, Oleg Salagai, the Director of the Department of public health & communications Ministry, said that unknown hackers attacked the official website of the Health Ministry. The attackers failed to gain access to any personal data or classified files.

Vulnerability »

Malware Report »

Defacements »

Spam Report »