Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.

Dell Computers Compromised To Hackers; SupportAssist Software To Blame




Reportedly, a vulnerability in Dell’s SupportAssist application could be easily exploited by hackers via which they could access administrative privileges.


The said administrative privileges would then aid the hackers to execute malicious code and take over the users’ entire system.

The victims of this security error haven’t reached a definable number yet but as all the Dell PCs with the latest Windows have the SupportAssist software all of them are open to attacks.

Since the aforementioned application doesn’t come pre-installed the PCs bought without Windows in them are safe.

The software aids Dell automatic driver updates like debugging and diagnostics.

Furthermore, debugging tools happen to have clear access to device’s systems, so when hackers attack, they gain full control of the system itself.

The hackers first try to get the victim to access a malicious web page and later trick them into downloading SupportAssist.

Henceforth the malware starts to run on the system with all the administrative privileges gained by default.

When the victims are on public Wi-Fi or large enterprise networks that’s when they are the most vulnerable to such an attack.

Then on the attacker would launch an Address Resolution Protocol hoaxing attacks and providing hackers the access to legitimate IP addresses within the network.

DNS attacks are also a strong possibility because of the lack of security on the existing routers.

After a young security researcher alerted Dell about the security flaw, the organization has been working on a patch.

Until then it would be the best choice to simply uninstall the application from the device.

Hackers have already exploited this vulnerability and hacked into a few internal devices of Dell owing it to the SupportAssist.


Per sources, a patch has already been released for the issue which is the version 3.2.0.90 of the SupportAssist application.





Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.



NotPetya; a Significantly Greater Danger than Wannacry Malware




With the rising conflict amongst Ukraine and Russia that prompted the killings of more than 10,000 Ukrainians and affected millions more , the Russian hackers, in June 2017 came up with  the most pulverizing cyber security breaches to attack systems of the victims through an encrypted code that ranged from media outlets to railway firms.

Andy Greenberg, author of Sandworm and a senior writer with the WIRED chronicled the birth of this biggest cyber attack , in an excerpt from his book he says,

”For the past four and a half years, Ukraine has been locked in a grinding, undeclared war with Russia that has ultimately led to Ukraine becoming a scorched-earth testing ground for the Russian cyber war tactics. In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They successfully managed to penetrate the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data.”

This thought of obliteration brought forth NotPetya, a significantly greater danger to the world than the scandalous Wannacry malware.

Petya is amongst the family of those encrypting ransomware that was first discovered in 2016. It goes for focusing only on Microsoft Windows-based frameworks, infecting the master boot record in the process to execute a payload that encodes a hard drive's file system table thus keeping Windows from booting. At the same time consequently demanding from the user to make a payment in Bitcoin with a specific end goal to recapture access to the system.

NotPetya is simply one more form originating from Petya as both plan to encode the hard drive of infected computers, there exists enough common features between the two.

Now in spite of the fact that NotPetya was focusing on war-ridden Ukraine, the result was felt by the world. The malware could destruct computers, data and wired machines over the world.

In an excerpt from Sandworm published by WIRED, the writer describes how the spread of the malware influenced not simply its expected casualty, i.e. Ukraine, but also machineries all around the world.

The after-effect of this attack was more than $10 billion in aggregation says the Former Homeland Security advisor Tom Bossert, who amid the investigation and analysis of the malware was US President Donald Trump's most senior cyber security-¬focused official. Indeed, even the scandalous WannaCry, that spread a month before NotPetya in May 2017, is assessed to have taken a toll between $4 billion and $8 billion.

Inevitably the attack, which had begun as an impetus to win the war against Ukraine, unequivocally focusing on a few hardware and computers in lodgings, hospitals, government workplaces and many places of importance in the nation, spread like wildfire, wreaking havoc  and causing tremendous destruction across the world.

In any case, even after over a year, the uncouth demonstrations of the NotPetya malware has not been wiped out totally as a few experts assert that the malware still has the potential to emerge as sessions in various parts of the world or even reoccur taking a much bigger frame.
Since the ransomware is digging in for the long haul the admonition pretty much continues as before for the users i.e. not to click on some obscure connections, use of solid and one of a kind passwords, at the same time staying up with the latest reinforcement which requires keeping an up-to-date backup.