Breaking News »

Latest Hacking News

Mr.Grey back again: Theft of 1.2 billion log-in credentials

Mr. Grey, not again! A Reuter report has confirmed that the famous hacker Mr. Grey’s involvement in stealing 1.2 billion internet credentials.

Mr. Grey, who had got the access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N), now linked by the FBI through a Russian email address to the theft of a record 1.2 billion Internet credentials.

According to the documents, which were made public by a federal court in Milwaukee Wisconsin, the hacker was associated with a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites.

The investigation started last year when Milwaukee-based cybersecurity firm obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

After that the FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam.

It also discovered an email address registered in 2010 contained in the spam utilities for a "mistergrey".

Further, it found out posts of 2011 by the hacker stating that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security's chief information security officer, told Reuters this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Hilton payment system attacked

One of the largest US based hotel chain Hilton revealed that hackers had infected some of their point-of-sale computer systems with malware crafted to steal credit card information.

They didn’t disclosed what data was taken, but cautioned everyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to check for any irregular activity from their debit or credit cards.

In an online post Hilton said that the Malware that infected system had a potential to retrieve cardholders' names, account numbers, security codes and expiration dates.

They further wrote that they are investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

Starwood hotels, which operate the Sheraton and Westin chains, announced four days before Hilton that hackers had attacked their payment system resulting in leaking of customer credit card data in some of their establishments.

"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," the group said in a statement.

Starwood and Hilton are not the only one whose payment system has been hacked but last month Trump hotels has face the similar incidence of cyber attack.

"We believe that there may have been unauthorised malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels," Trump Hotel Collection said at a website devoted to details of the incident.

According to Trump hotels, the access could have taken place in between May 19 of last year and June 2 of this year.

Brian Krebs, cyber threat blogger at explained the cyber attack on payment systems as "just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments."

Dell says "sorry" for installing vulnerable digital certificate

Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.

“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 

Cyber Criminals from Russia steal $790 million in three years

It seems like Russian cybercriminals, who steal money from banks using Trojan, have been increasing every year.

Kaspersky Investigation Unit (KIU) has shown that more than 160 Russian hackers from small to large criminal gangs accused of stealing cash using Trojan.  

"This estimate is based both on the analysis of public information about the arrests of people suspected of committing financial cybercrime in the period between 2012 and 2015 and on Kaspersky Lab’s own data," Ruslan Stoyanov, chief of the KIU, said.

"Of course, this figure only includes confirmed losses, the details of which were obtained by law enforcement authorities during the investigation. In reality, cybercriminals could have stolen a much larger amount," Stoyanov added.

The security firm has said to have investigated more than 300 online financial attacks since 2013.
Recently, Stoyanov, has said that a hacking group stole US $790 million in three years from the World Bank’s account.

According to Stoyanov, a Russian cyber-crooks group, which includes 20 professional hackers, has stolen $509 million from the individuals and businesses from the U.S., and across the European Union since 2012.

The security experts’ research have suggested that these 20 people play leading roles in criminal activities that involve the online theft of money and information.

Similarly, the hackers have skill sets that mirror legit tech shops, including web designers, programmers, and BOFHs, along with cryptors who obfuscate malware in ways that help it to evade security software.

"Cybercriminal system administrators configure management servers, buy abuse-resistant hosting for servers, ensure the availability of tools for anonymous connection to the servers (VPN) and resolve other technical challenges, including the interaction with remote system administrators hired to perform small tasks," he said.

According to him, employees can be paid as freelancers or permanent staff, and are recruited through forums or in brazen public advertisements that often target underprivileged techs in areas like war-torn Ukraine.

It is said that the small group would buy crime kit like exploit kits and traffic services, while large criminal outfits with a dozen or more heads would do it themselves and target businesses, not just individuals.

Vulnerability »

Malware Report »

Defacements »

Spam Report »