Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk



Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets. 
 
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details.

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.

Citrix Discloses Data Breach By International Cyber Criminals


An enormous data breach by "international cyber criminals" of the famous enterprise software company Citrix was unveiled a weekend ago, reporting the breach of its internal network.

The software company which is known to provide its services, especially to the U.S. military, the FBI, numerous U.S. organizations, and different U.S. government offices was cautioned by the FBI of foreign hackers compromising its IT systems and sneak "business documents," likewise including that the company did not know exactly which records and documents the hackers acquired nor how they even got in, in the first place.

In a blog post Citrix says that, “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security...”
"Password spraying” is an attack where the attackers surmise weak passwords to pick up an early toehold in the company's system in order to launch more extensive attacks.

The enormous data breach at Citrix has been distinguished as a part of "a sophisticated cyber espionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of the economy," said Rescurity, an infosec firm in a blog post.

The researchers at Resecurity shed all the more light on the episode when Citrix refused to disclose the numerous insights regarding the breach, guaranteeing that it had prior cautioned the Feds and Citrix about the "targeted attack and data breach."

In spite of the fact that Resecurity says that the Iranian-backed IRIDIUM hacker group hit Citrix in December a year ago and yet again on Monday i.e. the 4th of March and purportedly stole approximately 6 terabytes of sensitive internal files including messages, emails, blueprints and various other documents as well.

While this Florida-based company focused on the fact that there was no sign that the hackers bargained any Citrix product or service, and that it propelled a "forensic investigation," procured the best cyber security company, and took "actions" to skilfully secure its internal network.


Since the consequences of the Citrix 'security incident' are grave and they could influence a more extensive scope of targets, as the company holds sensitive data on other companies as well, including critical infrastructure, government and enterprises, therefore,  strict measures will be thusly taken to secure it inside-out.


Enterprise VPN Provider Citrix, Hacked; 6TB of Sensitive Data Stolen



Enterprise VPN provider, Citrix, was subjected to a hack which is doubted to have stolen private data pertaining to the company’s technology.

On Friday, Citrix told that FBI informed them about "international cyber criminals" working their way into the organization’s networks.

They were further told that most probably the criminals resorted to the technique of “password spraying” to break into the company’s networks. They did do by appropriately guessing the password to an account which belongs to the company.

The hackers involved are reported to be a part of an Iranian Hacking group which has attacked over 200 companies, along with multiple government agencies, technology firms and gas, and oil companies.

Referenced from a blog post by Resecurity, the cybersecurity firm contacted Citrix in an attempt to warn them about the hack which was on the way.

And, while refraining from telling the origins of the source from where the firm learned of the hack, it said that it "has shared the acquired intelligence with law enforcement and partners for mitigation."

While FBI denied commenting on the matter, Resecurity drew a connection between the hackers and a nation state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

Citrix expressed a probability of business documents being acquired and downloaded by the attackers and told in a notice, "The specific documents that may have been accessed, however, are currently unknown."

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company further included in the notice.



Anonymous Threat Group Compromised 1 Million Web Pages of Popular Brands like Coca-Cola and McDonalds’s



Around 1 million Israeli based webpages owned by renowned brands like McDonalds’s and Coca-Cola have been compromised by an anonymous group of hackers who notably breached the websites of leading brands which were introduced for Israel natives with address ‘co.il’  – Cocacola.co.il and McDonalds.co.il and etcetera.  

The hacker group employed third-party accessibility plug-in known as ‘nagich.co.il’ which loaded infected JavaScript code that compromised the website and assisted the threat actors in exploiting and corrupting a million of web pages.

There’s a critical vulnerability which existed in the disabled page accessibility plug-in, Nagich, it permitted access to more than 1 million Israel based webpages and primarily assisted the attackers in corrupting the webpages.

Besides websites of renowned brands – Coca-Cola, McDonald’s and Toys"R"Us, other popular websites namely Ynet and Calcalist also fall prey to this breach. Reportedly, the attackers corrupted these websites and displayed political messages.

The Nagich website is not a usual site, it’s a website which contains an accessibility plugin - a Javascript which runs on a website which opts for this service and provides it a multitude of options. 

On giving necessary permissions, the severe vulnerability can run code on the website which means it can make any changes in our site and do whatever it wants. Hackers exploited it to replace the malicious code with an embedded link with the motives of corrupting webpages.

Due to the delay in taking remedial measures to patch the vulnerability, Nagich officials, in a way led hackers to compromise hundreds of webpages.  



Attackers Launched a Rapidly Changing Malware which uses .DOC Extension




A new malware has been discovered by security experts, they observed that it is constantly altering its behavioral patterns in an attempt to bypass the email security protection.

As dissemination of malware through email campaigns is becoming common day by day, email security providers are devising new ways to battle and terminate such malicious activities.

However, cybercriminals are employing subtle and sophisticated methods to bypass all the layers of security, which has led to a massive upsurge in successful malware campaigns.

In the aforementioned case, the infected emails are sent to the potential victims, which on being accessed leads to the downloading of a word template with a .doc extension.

Notably, the attack is configured quite differently than most of the attacks which make use of a single pattern with little customizations. In this attack, a number of different email addresses, subject headings, display name spoofs, body content, and URLs are used.

The attackers send the malspam email which entails an infected link which takes the user to a corrupted website that has the malware all set to sneak into the system and infect it.

Referencing from the findings of researchers at the only cloud-native security platform, Greathorn, “Initially, this attack pattern identified  at 12:24pm on Wednesday, February 20th, the attack has (so far) consisted of three distinct waves, each wave corresponding with a different destination URL, one at 12:24pm ET, one 2:05pm ET, and a third at 2:55pm ET, suggesting an attack pattern that anticipated and planned for relatively quick shutdowns of the destination URLs. “



File-less Malware Is Wreaking Havoc Via PowerShell.


File-less Malware Is Wreaking Havoc Via PowerShell





Advanced Volatile Threats (AVTs) also known as the File-less Malware, is another threat which works directly from the memory. PowerShell is a major course adapted by the cyber-cons to achieve the attack.

The malware first suspends a malicious code into the target’s system. Whenever the system is working the code begins to collect the credentials on the system.

In case of a victimized company, the malicious code had started gathering the credentials of its employees, along with the administrator permissions.

The next step it took was to hunt for the most valuable assets of the organization and beeline them.

The code was too cleverly designed to be spotted by the company’s security system and the organization was never alerted.

After doing so much damage to the company and its credibility, the code disappeared without a trace.

These AVTs had surfaced around a year ago, and it works especially on working on the memory rather than on the hard drive.

The traditional and old-fashioned threat detection systems would never in a million chances sense that something’s fishy.

PowerShell is the very basic medium they use to employ the file-less malware attack.

PowerShell lets systems administrators completely automate the tasks on the servers and computers.

Meaning, if the cyber-cons happen to take control of the server and computer they could easily get hold of as many permissions as they’d wish for.



Windows is not a platform PowerShell is limited to. Microsoft Exchange, IIS and SQL servers also fall into line.

What file-less malware does is that it forces PowerShell to institute its malicious code into the console and the RAM.

It becomes a “lateral” attack once the code gets executed, meaning the attack propagates from the central server.

As after the dirty work’s done the malware leaves no traces behind, traditional security solutions are never able to place what was behind the attack.

Only heuristic monitoring systems, if run constantly could help in tracing the attack’s culprit.

Precautionary Measures Against Fileless  Malware

  • Disable PowerShell (If it’s not required to administer systems)
  • If it can’t be disabled, ensure that you’re using the latest version of it. (PowerShell 5 has better security measures in Windows)
  • Only enable specific features of PowerShell via “Constrained Language” mode.
  • Enable automatic transcription of commands which will help in making the system suspicious about file-less attacks.
  • Employ advanced cyber-security methods such as permanent anti-malware services.
  • Do constant research on unknown processes occurring within the system which could generate file-less malware.


Hackers Targeting Retail Websites and Online Shoppers via Formjacking



With the advent of online shopping, the e-commerce market has skyrocketed and by 2022, the figures are expected to touch a whopping $150 billion. The ever-expanding arena of e-shopping has given cybercriminals even more reasons to exploit user data employing all new ways. The most recent hacking method which affects online shoppers is known as ‘Formjacking’.

What is Formjacking?

It is a virtual ATM skimming method which is employed by cybercriminals to insert malicious codes into retail websites. These codes are programmed to leak payment details of the shoppers along with their card details.

A report from Symantec suggests that every month, over 4,800 different websites fall prey to Formjacking. It has also been observed that the number of Formjacking attacks has been increased over the past year and the data is also being sold on the dark web.
Referencing from the report, “By conservative estimates, cybercriminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web, with a single credit card fetching up to $45 in the underground selling forums,”
Expressing concern on the matter, Greg Clark, CEO, Symantec, said “Formjacking represents a serious threat for both businesses and consumers,”
 “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in Formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised,”



Attacks on the US Companies by Chinese and Iranian Hackers Renewed


As a result of Trump pulling the U.S out of the Iran nuclear deal last year and the trade disputes between the U.S and China, Iranian and Chinese hackers heavily attacked corporations and government agencies in the United States. Security experts are of the opinion that these hackers have been fuelled by the conflicts of the past.

Referencing from the briefing of seven people who gave a glimpse of the incidents, the recent attacks which targeted multiple US corporations, government agencies, American banks, and various businesses were more brutal than those which were carried out in past. These people were not permitted to publicly discuss the details. 

Analysts and security researchers at National Security Agency sourced the attacks to Iran. Meanwhile, FireEye, which is a privately owned security firm, instigated an emergency order when the government shutdown took place last month. They did so by the Department of Homeland Security.

Reportedly, these Iranian attacks occurred simultaneously with a renewed Chinese offensive configured to steal sensitive data related to military and trade from U.S tech companies and military contractors.

Commenting on the matter, Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence said, “Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,”






Astaroth- The Tojan That Abuses Anti-Virus Software To Steal Data




A new Trojan has surfaced which disguises itself as GIF and image files and tries to exploit the anti-virus software to harvest the data on the user’s PC.

A security research team brought the situation to everyone’s notice that this variant supposedly makes use of the modules in the cyber-security software.

The exploitation of the modules leads to the cyber-con getting hold of the victim’s data including online credentials

The Trojan in the guise of an extension-less files tries to move around the victim’s PC undetected.

By the use of spam emails and phishing messages, the victim’s lured into downloading the malicious file and then the actual Microsoft Windows BITSAdmin tool is used to download the full payload from a command-and-control (C2) server.

The malware then launches an XSL script and finalizes a channel with the C2 server. The script is obfuscated and contains functions to shroud itself from the anti-virus software.

The same script is responsible for the process which influences BITSAdmin to download payloads which include Astaroth from a different C2 server.

The old version of this Trojan used to launch a scan to look for the anti-virus programs, and in case of the presence of “Avast”, the malware used to quit.



But as it turns out with Astaroth, the antivirus software would now be abused and a malicious module would be injected into one of its processes.

The exploitation of these systems is called LOL bins, Living Off the Land binaries. GAS, an anti-fraud security program could be abused in the same way.

This Trojan first surfaced in the year 2017 in South America. It targets machines, passwords and other data. Astaroth is also capable of Keylog and could intercept calls and terminate processes.

The malware employs a “ fromCharCode() deobfuscation ” method to conceal code execution, which is an upgrade on older versions of Astaroth.

LOLbins seem to have a lot of malicious potential including stealing credentials and personal data. This method is highly attractive to cyber-cons and hence needs to be prepared against.


Bank details of Bernard Matthews employees stolen

A suspected cyber-attack "potentially compromised" the bank account details of 200 workers at Bernard Matthews.

The turkey producer has made staff aware of the suspected hack.

The Norfolk-based company said it was alerted by its bank on 22 January, as first reported in the EDP.

A spokesman said: “After being first alerted by our bank, we reported the incident to the relevant authorities and put in place extra security measures, as well as offering additional security advice to those affected.” "We continue to monitor the situation but we are not aware colleagues have been affected any further," he added.

The person or group behind the hack is unknown.

Bernard Matthews employs 3,000 people across East Anglia. The company is a major employer in Norfolk and Suffolk, including at its plant at Holton, near Halesworth, and its headquarters at Great Witchingham.
The business has been through a difficult time in recent years, coming close to collapse in 2013.

Last year, it was one of two interested parties bidding to take over Banham Poultry, in Attleborough, which was eventually sold to Chesterfield Poultry.

In 2016 the Boparan Private Office, owned by food tycoon and 2 Sisters Food Group entrepreneur Ranjit Boparan, known as the “Chicken King”, bought the firm in a pre-pack deal in 2016 from Rutland Partners, saving 2,000 jobs after the firm posted pre-tax losses of £5.2m.

Russia asked Georgia to extradite hacker Sumbaev


It became known that on November 26 the Prosecutor General's Office of Russia sent an official request for the extradition of Yaroslav Sumbaev, who was detained in Tbilisi.

As a reminder, Yaroslav Sumbaev is the head of the hacker group, consisting of 29 people, earned 258 thousand dollars on fictitious refunds of tickets of Russian Railways and S7 airlines in 2013-2014. The case of hacker group was conducted by Evgenija Shishkina, the senior investigator of the Ministry of Internal Affairs, who was shot on October 10.

Georgian police detained Sumbaev on November 5, as a result of a special operation. He was accused of illegally acquiring firearms and using a fake passport.

The Prosecutor General's Office of Russia guarantees that Sumbaev will be prosecuted only for those crimes for which his extradition is requested: the creation of a criminal community, theft committed by a group of persons.

However, according to a secret source, the Russian hacker will be interrogated in the case of the murder of the investigator Shishkina. The lawyer of Sumbaev said that his client partially admitted the allegations of cybercrime, however, categorically denied any involvement in the murder of the investigator.

The Prosecutor General's Office was unable to comment on Sumbayev’s extradition request.

It is interesting to note that the Ukrainian hacker Yuri Lysenko, accused of stealing more than a billion rubles (15.15 million $) from commercial Banks in Russia, was sentenced to 13 years in a maximum-security colony.



Android Malware Steals 1,000 Euros In Around 5 Seconds Via PayPal



Another malware discovered in November masked as a battery enhancement application—called Android Optimization is as of late been brought into highlight to have been customized in such a way so as to send 1,000 euros to cyberthieves by means of PayPal in around 5 seconds and all this without the user being able to stop it.

The malware is being circulated by third party applications therefore making it unavailable in the official Google Play Store.

The malware is depicted as one to sagaciously exploit Google's Accessibility Services, intended to assist individuals with disabilities, to trick users into giving the hackers some control of the phone.

After the malware approaches the user for authorization to "Enable Statistics "in the wake of being installed this empowers the cybercriminals to take control of the phone remotely when the user opens certain applications, for the most part some being: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail, and some other banking applications.

ESET researchers found that the malware can demonstrate users overlay phishing pages made to look like legitimate banking applications, or other well-known applications, such as, Gmail, WhatsApp, Skype and Viber, approaching the users for credit card certifications.

 “The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time. The attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.” wrote ESET researcher Lukas Stefanenko in a blog post.

A video by ESET showing how the malware works





BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.


Tamil Rockers websites taken down after admins’ arrest

Over 19 websites owned by Tamil Rockers have been blocked by Google after five admins of these domains were taken into custody by Kerala police for piracy. The websites include tamilrockers.in, tamilrockers.me, tamilrockers.is, tamilrockers.ac, tamilrockers.co, and other similar domain names.

The websites were used for uploading new pirated South Indian movies and members made as much as ₹1 crore over the last few months.

The police had taken the five culprits into custody on Thursday after tracking an email sent by an advertisement company to one Akhil, which had reportedly mentioned having a connection with the piracy website.

“This ad company had sent a mail to Akhil, offering to publish ads on the website he was running. In that email, the company happened to mention that they have ties with Tamil Rockers. We got the information about Tamilrockers through this ad company,” said Anti-Piracy Cell SP B.K. Prasanthan Kani.

The Ad company was connected in a similar case back in 2016.

The accused — TNRockers owner Prabhu, DVD Rockers owner Johnson and his accomplice Maria John, and Karthi from Villupuram along with his accomplice, Suresh — were nabbed by the police by tracing their bank accounts.

Their laptops, mobiles, and such hardware were also confiscated.

“All the gang members were technically qualified. It even included M.Sc. and B.Sc. holders in computer science. They used to record movies in pieces from various parts of the world and join it. We are trying to trace more members of the gang including Karthi’s brothers,” Prasanthan told Deccan Chronicle.

CBI busts child pornography racket internationally operating on WhatsApp

The Central Bureau of Investigation (CBI) on Thursday busted an internationally operating WhatsApp-based child pornography racket, which had 199 members from all over the world.

According to CBI, the racket was being operated from Delhi, Noida, and Uttar Pradesh.

The main WhatsApp group admin and kingpin, Nikhil Verma (20), has been arrested and the police have searched the premises of Verma and four other suspects — Satyendra Chauhan, Nafis Raza, Zahid, and Adarsh — in Delhi, Uttar Pradesh, and Maharashtra.

CBI is investigating whether the videos uploaded on the group were recorded by the admins or were sourced from elsewhere, and whether they were charging money for sharing the clips.

The group (called “KidsXXX”) had 199 members and included nationals from India and various other countries including US, Pakistan, Brazil, Afghanistan, Sri Lanka, Kenya, Nigeria, Mexico, and New Zealand.

After receiving intelligence of the group, CBI tracked the IP addresses of the admins and kept a watch for sometime before carrying out the raids.

CBI has registered a case against the admins and members of the group under section 67-B of the IT Act and law enforcement of other countries involved have also been contacted. Identities of the victims are yet to be confirmed.

Police have seized laptops and hardware of the administrators where child pornographic content was found.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

New Intel Security Flaw Detected

F-Secure, a Finnish cybersecurity firm revealed on Friday that it has discovered another security flaw in the Intel hardware. This flaw could enable hackers to access corporate laptops remotely.

Earlier it was revealed that the Intel chip had flaws that made almost every smartphone, laptop, or tablets vulnerable to hackers. This flaw is allegedly unrelated to Spectre and Meltdown but is rather an issue within Intel Active Management Technology (AMT).

According to F-Secure, AMT is commonly found in most corporate laptops and the flaw will allow an attacker to take complete control over a user's device in a matter of seconds.

“The issue potentially affects millions of laptops globally," the cybersecurity firm said.

The hacker would need physical access to the device at first but once they had re-configured the AMT, they would be able to effectively “backdoor” the machine and access the device using a remote server, just by connecting to the same network as the user.

There is also a possibility that the hacker would be able to programme the AMT to their own server, thus bypassing the need to connect to the user’s network.

The hacker will be able to access all information on the device after exploiting the flaw and will be able to make changes, download malware, etc. quite easily. No solutions or security measures have been found as yet, other than choosing a strong AMT password or disabling the AMT completely.

Hackers Target Winter Olympics to be Held in South Korea

Cybersecurity company McAfee has discovered that hackers have targeted organizations connected to the Winter Olympics that will be held in South Korea, and have tried to access sensitive information.

The hacking campaign ran from December 22 and is still under investigation by the firm. McAfee has stated that the attacks point to “a nation-state adversary that speaks Korean.”

The attacks seem to have been carried out via emails sent to various organizations which contained a malicious document that would create a hidden black channel inside the computer if enabled. These emails are disguised as being sent by South Korea’s National Counter-Terrorism Council.

The emails were sent from a Singapore IP address and told receivers to open a text document in Korean.

Among those sent the messages are individuals associated with the ice hockey tournament at the Olympics. A report can be seen on their website by McAfee Labs here.

It has been reported that at least one of the recipient was infected by the document, according to a senior analyst at McAfee.