Russian hackers | Breaking Cybersecurity News | The Hacker News

According to a Security Analyst ' Maarten Boone ' working  at Fox-IT company, the Developer of notorious Blackhole Exploit Kit  developer ' Paunch ' and his partners were arrested in Russia recently. Blackhole Exploit Kit  which is responsible for the majority of web attacks today, is a crimeware that makes it simple for just about anyone to build a botnet . This Malware kit was developed by a hacker who uses the nickname "Paunch" and his Team, has gained wide adoption and is currently one of the most common exploit frameworks used for Web-based malware delivery. The Blackhole exploit kit is a framework for delivering exploits via compromised or third-party websites, serve up a range of old and new exploits for Oracle's Java, Adobe's Flash and other popular software to take control of victim's machines. It the point of writing No Police Authority or Press has confirmed the claim made by Maarten about the arrest of Malware author. Plea

A Russian Exploit writer and underground Hacker who goes by the handle " fil9 " put up an Android Firefox Zero-Day Exploit for Sale in an open Exploit Market. Author claims a Zero Day vulnerability in Firefox for Android, which works on Firefox versions 23/24/26 (Nightly). The advertisement was spotted by Joshua, Malware Intelligence Analyst at Malwarebytes. Hacker Selling exploit with a starting price of $460 only. According to the proof of concept video uploaded by the Hacker, the exploit forces the mobile Firefox browser to download and execute a malicious app, on just visiting a malicious link only. What's worrisome is that many major websites are compromised frequently and a large number of visitors of those hacked sites can fall victim to this attack. " The biggest problem in this situation is that Firefox automatically executes certain known files once they're downloaded, and doesn't give users an option to disable this. Without some sort of

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Underground sites more commonly offer access to networks of compromised machines or stolen credit card information. Webroot has uncovered a criminal underground store dedicated to selling access to more than tens of thousands of hacked legitimate websites. Their customers can buy an administrator account or shell access in a hacked website, at cheap price i.e. $0.5 to $10 and then allows to perpetrate criminal activities from it, distribute malware, install a botnet  command & control infrastructure, upload illegal content, send spam, and so on. In Screenshots Researchers shows an underground market proposition, whose inventory is currently listing over 6000 compromised/hacked shells internationally. Sites are listed based on the price, page rank, age of the domain, Alexa ranking, language, and number of pages indexed by Google. The site promised access to any number of the compromised websites and the store seems to be quite profitable. The website found to be

A Group of Hackers, Four Russians and a Ukrainian allegedly broke computer networks of more than a dozen major American and international corporations and stole 160 million credit card numbers over the course of seven years, the largest data theft case ever prosecuted in the U.S.  They are accused of stealing usernames and passwords, personal identification information, and credit and debit card numbers. After stealing data, they sold it to resellers, who then sold it through online forums or to individuals and organizations. Since at least 2007, officials said the hackers have been infiltrating computer networks across the globe, including firms in New Jersey, where the first breach was detected. The group would then allegedly install " sniffers " within the networks to automatically obtain electronic data from tens of thousands of credit cards. The network allegedly charged $10 for American credit card information, $50 for European information and $15 for Canadian data.  The defen

The infamous Zeus malware has once again resurfaced as per Symantec and is capable of draining your bank accounts. Zeus propagates through phishing messages that originate from an account that has been phished. Such a phished account will then start automatically sending messages to friends with links to ads telling them to check out a video or product.  Of course, you should not click as doing so will get your account phished as well. The program is sophisticated enough that it can replace a bank's Web site with a mimicked page of its very own. The fake page can then ask for social security number information and other data that is then sold on the black market.  According to Trend Micro the pages are being hosted by the Russian criminal gang known as the Russian Business Network. Zeus was first detected in 2007 and it is spreading online. If you click on the Zeus virus, it is designed to steal your password and drain your bank account. Facebook is aware of the rising issue, but

A Russian hacker who goes by the handle " Barabus " on the GameDev.ru forums illegally crack Xbox Live Arcade game The Dishwasher: Vampire Smile , developed by Ska Studios and port it on PC. He claimed that he was justified in illegal cracking: " This is not piracy, this is restoration of justice. The authors are not very nice to publish the game exclusively for the Xbox 360, making it impossible for PC gamers to play in such a great game ."  The port is currently in beta and has no permissions from Ska Studios to even exist. But this isn't a problem, according to the developer, as they say they're not stealing anything from Ska Studios. In the same forum post, the game's creator Ska Studios founder James Silva said: " I guess you could say my reaction is mixed. I'm flattered that there's this much interest in Vampire Smile on PC. I'm not mad about the crack itself, in fact, I'm actually pretty impressed. But I'm bewildered by the cracker's attempt to jus

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit (Win32/Rootkit.Avatar), advertised in the underground forums by Russian cyber crime . " We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from May to February 2013th 2012go.Now nuclear rootkit AVATAR is available for rental. " Despite the malware was described months ago it was not found and published until now, in March ESET researchers detected two droppers with different C&C servers and having different compilation time stamps as showed in the following pictures: The Avatar rootkit appears very sophisticated, it uses two different infection techniques, the first in the dropper so as to bypass detections by HIPS, and the second one in the rootkit driver to allow the malware to be alive after system reboot, the instance detected works only on x86 systems. The 2 level dropper for Avatar rootkit works in conjunct

Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS IVonline from

Russian hackers have figured out a way to download free games from Ubisoft's servers, exploiting an existing vulnerability in Ubisoft's uPlay launcher. According to reports, the copies of Far Cry 3 Blood Dragon that are available on torrent sites are the result of a hack of Ubisoft's uPlay service. The hack has allowed users to download advance copies of Far Cry 3: Blood Dragon, a game which has yet to be officially released. Blood Dragon will be officially released on 1st May, for Xbox 360, PS3 and PC. As a proof of the exploit, hackers even posted an 1 hour 30 mins long footage of the game. A Ubisoft spokesman said that the company was aware of the issue and was working to resolve it quickly.  An earlier tweet on their account attributed yesterday's outage to hackers as well, saying " Servers were attacked which limited service from 2:30PM to 9:00PM Paris time [8:30AM to 3:00PM EST]. " The hackers developed a piece of software which tricks

Cybercriminals, underground hacking communities, hacker's market and Exploit packs.... Russian  cyberspace is well known for such crazy hacking stuff. Recently, the original Carberp botnet developer   ring that stole millions from bank accounts worldwide has been arrested. According to a report from Russian newspaper, a group of 20 people who served as its malware development team, were arrested by the Sluzhba Bezpeky Ukrayiny and the Federalnaya sluzhba bezopasnosti Rossiyskoy Federatsii (federal security service of Russia, FSB) in cities around Ukraine. Over $250 million has been stolen by the members of the botnet ring, which had roughly 20 members aged between 25 and 30. " Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infectio

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm .  The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments.  vSkimmer agent is able to detect card readers on the victim's machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64). The malware collects the following information from the infected machine and sends it to the control server: Machine GUID from the Registry Locale info Username Hostname OS version The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter

The mastermind Russian Hackers who coded and distributed the Gozi malware,  Nikita Vladimirovich Kuzmin , 25 was charged along with Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28 for infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims. They may face a maximum penalty of 95, 60 and 67 years in prison, respectively. Kuzmin allegedly created the Gozi program in 2005, hiring a programmer to write the source code and then leasing it to other criminal customers. According to latest reports , Nikita has agreed to cooperate with the United States. As potential evidence, the feds have been able to retrieve 51 servers in Romania as well as laptops, desktops and external hard drives. The data seized amounts to 250 terabytes. Paunescu, a Romanian national who went by the name " Virus " operated a bulletproof hosting service that provided criminal customers with servers and IP addresses from which to s

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers . The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. " Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort, " Mr Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre. There have been 11 similar offences in Queensland this year, according to police. David Wood, Miami Family Medical Centre's co-owner said, " We've got all the anti-virus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software ". The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records. IT security exper

A Russian hacker going by name - " kOS " hack into the Bulgarian torrent tracker " Arenabg " website ( https://forum.arenabg.com/ ) and leak the complete database of their forum and accused of collecting IP of users like PirateBay. Hacker said, " Why I hack this tracker? Because they store IP information and NO tracker must do, not on any of their service - blog, forum, custom CMS or else. If ARENABG not fix mistake, I dump main tracker information with all IP/username/pass! " Leaked Database include data of 22675 Users with their name, email, encrypted password and IP address and other forum based information. This Torrent site provide links and tracers for downloading movies, music, games, serials, programs, pictures, mobile applications. Hacker upload the complete SQL database on File sharing site .

Team GhostShell hackers group who was responsible for the recent leak of some millions of records from top universities around the world once again strike back. As the part of " Project Blackstar " Hacking group GhostShell Declares War On Russia and leaks 2.5 millions of accounts belong to  governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations in such fields as energy, petroleum, banks, dealerships and many more. This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses. " The average citizen is forced to live an isolated life from the rest of the world imposed by it's politicians and leaders. A way of thinking outdated for well over 100 years now, " Team GhostShell mem

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-20

We have already seen vulnerability in Remote Desktop Protocol (RDP) is a potential dangers of desktop remote-access tools commonly used by IT departments to handle help-desk issues and by administrators to manage virtualized machines. According to reports from krebsonsecurity, A Russian company called " dedicated express " ( Dedicatexpress.com ) is selling access to private company servers for as little as $4. Cyber criminals have hacked around 17,000 computers worldwide using such insecure applications in server and selling them in underground markets. Although almost 300,000 compromised systems have passed through this service since its inception in early 2010. New customers who contact the service's owner via instant message and pay a $20 registration fee via WebMoney, a virtual currency. The price of any hacked server is calculated based on several qualities, including the speed of its processor and the number of processor cores, the machine's download and up

Gary's 10 years spent living on a knife-edge has been nothing short of cruel and unnecessary punishment. There is another new hope for Gary McKinnon who is fighting extradition after being accused of hacking US military computers. Computer hacker Gary McKinnon will win his 10-year legal battle against extradition have been significantly raised after Home Office-appointed psychiatrists warned that he would be very likely to attempt suicide if sent for trial in the US. It comes as the result of a medical report by two Home Office psychiatrists, which found there is a "significant risk" of suicidal behaviour by Mr McKinnon. The Home Secretary will tell MPs of her final decision on the case on Tuesday. McKinnon's mother, Janis Sharp, has called on government figures to honour their promises to save her son. But despite this it remains unclear if the Home Secretary, Theresa May, will halt his extradition or not, having previously put it on hold to consider new evidence. McKin

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve