Tag Archives: Hacking

APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware

Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques.

The hacking group used a piece of advanced malware—dubbed Slingshot—to infect hundreds of thousands of victims in the Middle East and Africa by hacking into their routers.

According to a

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

A years ago when the mysterious hacking group ‘The Shadow Brokers’ dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits.

A group of Hungarian security researchers from CrySyS Lab and Ukatemi has now revealed that the NSA dump doesn’t just contain zero-day exploits used to take control of

Secure VPN Services — Get 91% Off On Lifetime Subscriptions


Since most of us rely upon the Internet for day-to-day activities, hacking and spying have become a prime concern today, and so have online security and privacy.

The governments across the world have been found to be conducting mass surveillance and then there are hackers and cybercriminals who are always looking for ways to steal your sensitive and personal data from the ill-equipped networks, websites, and PCs.

Even most online services and websites today collect your personal data, including search histories, location data, and buying habits, and makes millions by sharing them with advertisers and marketers.

In short, we have no or very little online privacy.

This is why schools, colleges, hospitals and other small and big businesses are moving towards adopting a solution that allows them to store and access their personal data securely. The solution: Virtual Private Network.

Virtual Private Network, or VPN, serves as an encrypted tunnel that secures your computer’s Internet connection and protects you from bad guys getting into your network to steal your sensitive data.

Additionally, the VPN makes you sure that your real identity remains anonymous on the Internet so that no one can track the origin of your Internet connection back to you.

Isn’t it the great reason to use a VPN? Of course, Yes.

So if you are looking for an excellent and secure VPN service to start with, below find some of our best Deals from THN Store, offering popular VPNs at highly discounted prices with lifetime access.

1. VPNSecure: Lifetime Subscription (91% OFF)

If you’re searching for an affordable and reliable VPN service without any bandwidth limits, VPNSecure is a good option.

This premium service is compatible with all operating systems, easy to use and setup offers lightning-fast connection and provides ultimate safeguards against hackers and cyber-thieves.

With strict no-log record policy, VPNSecure has many servers located in more than 41 countries and counting.

The VPNSecure Lifetime Subscription is available for just $39 at THN Deals Store— isn’t this excellent deal, a one-time flat fee for a lifetime VPN subscription.

3. Windscribe VPN: Lifetime Pro Subscription (92%OFF)


Windscribe VPN is a combination of VPN and Browser-Based Privacy Suite, which not only encrypts your Internet activity and protect you from prying eyes but also keep you protected from being tracked by online sites you visit.

Windscribe VPN is the easiest to use and powerful VPN client you will ever use. No need to configure anything, just install and forget about it.

The VPN also includes a Firewall that disables all Internet connectivity, preventing IP leak in case of a disconnect.

Usually the lifetime subscription costs $900 per year, but The Hacker News readers can get Windscribe VPN Lifetime Subscription for just $69 — 92 percent off its retail value.

Intel Releases New Spectre Patch Update for Skylake Processors


After leaving million of devices at risk of hacking and then rolling out broken patches, Intel has now released a new batch of security patches only for its Skylake processors to address one of the Spectre vulnerabilities (Variant 2).

For those unaware, Spectre (Variant 1, Variant 2) and Meltdown (Variant 3) are security flaws disclosed by researchers earlier last month in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft.

Shortly after the researchers disclosed the Spectre and Meltdown exploits, Intel started releasing microcode patches for its systems running Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors.

However, later the chip maker rollbacked the firmware updates and had to tell users to stop using an earlier update due to users complaining of frequent reboots and other unpredictable system behavior after installing patches.

Although it should be a bit quicker, Intel is currently working on new patches and already in contact with hardware companies so that they can include the new microcode patch in their new range of firmware updates.

So far, the new microcode update only addresses devices equipped with mobile Skylake and mainstream desktop Skylake chips, leaving the Broadwell, Haswell, Kaby Lake, Skylake X, Skylake SP, and Coffee Lake processors still vulnerable to Spectre (Variant 2) vulnerability.


So, everyone else still has to wait for the company to release microcode updates for their systems.

“Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days,” the company says in a blog post.

“We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.”

Intel has strongly urged its customers to install this update as soon as possible, because if not patched, these processor vulnerabilities could allow attackers to bypass memory isolation mechanisms and access everything, including memory allocated for the kernel containing sensitive data like passwords, encryption keys, and other private information.

Moreover, after the release of proof-of-concept (PoC) exploit for the CPU vulnerabilities last month, hundreds of malware samples are spotted in the wild, most of which are based on the publicly released exploit and designed to work on major operating systems and web browsers.

Although we have not yet seen any fully-featured malware based on Spectre and Meltdown vulnerabilities, it doesn’t take much time for hackers to develop one.

So, users are urged to always keep a close eye on any update that becomes available on their system, and install them as soon as they become available.

British Hacker ‘Lauri Love’ will not be extradited to US, Court Rules


British citizen and hacker Lauri Love, who was accused of hacking into United States government websites, will not be extradited to stand trial in the U.S., the High Court of England and Wales ruled today.

Love, 33, is facing a 99-year prison sentence in the United States for allegedly carrying out series of cyber attacks against the FBI, US Army, US Missile Defence Agency, National Aeronautics and Space Administration (NASA), and New York’s Federal Reserve Bank between 2012 and 2013.

The High Court ruled Monday that Love should be tried in U.K. after Lord Chief Justice Lord Burnett of Maldon and Justice Ouseley heard he suffered severe mental illness like Asperger syndrome, eczema, asthma, and depression, and may kill himself if extradited.

At Westminster Magistrates’ Court in London in late 2016, District Judge Nina Tempia ordered Love to be extradited to the U.S. to stand trial, although his lawyers appealed the decision, arguing that he should be tried for his alleged crimes in the UK.

The court accepted both of the arguments advanced by Love’s lawyers and ruled that extradition would be “oppressive” due to his serious health conditions and it would be likely that he would be kept in solitary confinement in the American prison system if extradited.

The court burst in applause and cheering when the judgment was handed down by Lord Burnett, who asked Love supporters to be quiet, saying “This is a court, not a theatre.”

The Crown Prosecution Service (CPS), which acts on behalf of the US authorities, said it would read the judgment before deciding whether to appeal the high court decision to the supreme court.

According to US Prosecutors, Love was allegedly involved in #OpLastResort, an online protest linked with the Anonymous collective following the persecution and untimely death of hacktivist Aaron Swartz, who committed suicide in 2013 while under federal charges for data theft.

Love, who lives near Newmarket, was arrested from his home in Stradishall, England in October 2013, when the British police seized his encrypted laptops and hard drives.

Britain’s National Crime Agency (NCA) also asked the courts to force Love to turn over keys to decrypt his encrypted computer’s hard drives, but Love won the case against the agency in early 2016.

If extradited to the United States and found guilty, Love could have sentenced to up to 99 years in prison and a potential fine of up to $9 million (£6.3 million).

Speaking outside the Royal Courts of Justice, Love expressed his thanks to the judges and said: “I’m thankful for all the support we’ve had, without which I’m not sure I would have made it this far.”

WikiLeaks founder Julian Assange, who is also fighting US extradition, congratulate Love in a Tweet, saying: “VICTORY: @LauriLove wins UK appeal against US extradition. Congratulations to Lauri, his lawyers & family, @CourageFound and many supporters on an excellent campaign.”

Right now, it is not clear if Love, who denies all wrongdoings, would face a prison sentence in the UK following his five years of legal battle.

Up to 40,000 OnePlus customers potentially hit by credit card hack

The breach put at risk ‘only’ the customers who entered their payment data on oneplus.net between the middle of November 2017 and January 11, 2018. Those who paid with previously saved credit card details or via PayPal are believed to be out of harm’s way.

The post Up to 40,000 OnePlus customers potentially hit by credit card hack appeared first on WeLiveSecurity

Read More

15-Year-Old Schoolboy Posed as CIA Chief to Hack Highly Sensitive Information


Remember “Crackas With Attitude“?

A notorious pro-Palestinian hacking group behind a series of embarrassing hacks against United States intelligence officials and leaked the personal details of 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers in 2015.

Believe or not, the leader of this hacking group was just 15-years-old when he used “social engineering” to impersonate CIA director and unauthorisedly access highly sensitive information from his Leicestershire home, revealed during a court hearing on Tuesday.

Kane Gamble, now 18-year-old, the British teenager hacker targeted then CIA director John Brennan, Director of National Intelligence James Clapper, Secretary of Homeland Security Jeh Johnson, FBI deputy director Mark Giuliano, as well as other senior FBI figures.

Between June 2015 and February 2016, Gamble posed as Brennan and tricked call centre and helpline staff into giving away broadband and cable passwords, using which the team also gained access to plans for intelligence operations in Afghanistan and Iran.

The teenager also taunted his victims and their families, released their personal details, bombarded them with calls and messages, downloaded and installed pornography onto their computers and took control of their iPads and TV screens.

He also made hoax calls to Brennan’s home and took control of his wife’s iPad.

At one point, Gamble also sent DHS secretary Johnson a photograph of his daughter and said he would f*** her, phoned his wife, leaving a voicemail message which said: “Hi Spooky, am I scaring you?,” and even managed to get the message “I own you” on the couple’s home television.

Gamble was arrested in February 2016 at his council home in Coalville and last October he pleaded guilty to 8 charges of “performing a function with intent to secure unauthorised access” and 2 charges of “unauthorised modification of computer material.”

Gamble said he targeted the US government because he was “getting more and more annoyed about how corrupt and cold-blooded the US Government” was and “decided to do something about it.

Gamble’s defence said he was technically gifted but emotionally immature and has an autistic spectrum disorder, at the time of his offending, he had the mental development of a 12 or 13-year-old.

Also, the defence said, at no point did Gamble attempt to profit from his actions.

Out of 10 counts, Gamble previously admitted 8 charges of performing a function with intent to secure unauthorised access.

The teenager will be sentenced when the hearing resumes at a later date.

Two other members of Crackas With Attitude hacking group, Andrew Otto Boggs and Justin Gray Liverman, were arrested by FBI in September 2016 and had already been sentenced to five years in federal prison.

Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals


The North Korean hacking group has turned greedy.

Security researchers have uncovered a new widespread malware campaign targeting cryptocurrency users, believed to be originated from Lazarus Group, a state-sponsored hacking group linked to the North Korean government.

Active since 2009, Lazarus Group has been attributed to many high profile attacks, including Sony Pictures Hack, $81 million heists from the Bangladesh Bank, and the latest — WannaCry.

The United States has officially blamed North Korea for global WannaCry ransomware attack that infected hundreds of thousands of computers across more than 150 countries earlier this year.

In separate news, security experts have blamed Lazarus group for stealing bitcoins worth millions from the South Korean exchange Youbit, forcing it to shut down and file for bankruptcy after losing 17% of its assets.

Researchers from security firm Proofpoint have published a new report, revealing a connection between Lazarus Group and a number of multistage cyber attacks against cryptocurrency users and point-of-sale systems.

“The group has increasingly focused on financially motivated attacks and appears to be capitalizing on both the increasing interest and skyrocketing prices for cryptocurrencies,” the researchers said. “The Lazarus Group’s arsenal of tools, implants, and exploits is extensive and under constant development.”

After analyzing a large number of spear phishing emails with different attack vectors from multiple spear phishing campaigns, researchers discovered a new PowerShell-based reconnaissance implant from Lazarus Group arsenal, dubbed PowerRatankba.

Encryption, obfuscation, functionality, decoys, and command-and-control servers used by PowerRatankba closely resembles the original Ratankba implant developed by Lazarus Group.

The PowerRatankba implant is being spread using a massive email campaign through the following attack vectors:

  • Windows executable downloader dubbed PowerSpritz
  • Malicious Windows Shortcut (LNK) files
  • Several malicious Microsoft Compiled HTML Help (CHM) files
  • Multiple JavaScript (JS) downloaders
  • Macro-based Microsoft Office documents
  • Backdoored popular cryptocurrency applications hosted on fake websites
PowerRatankba, with at least two variants in the wild, acts as a first-stage malware that delivers a fully-featured backdoor (in this case, Gh0st RAT) only to those targeted companies, organizations, and individuals that have interest in cryptocurrency.

“During our research, we discovered that long-term sandboxing detonations of PowerRatankba not running cryptocurrency related applications were never infected with a Stage2 implant. This may indicate that the PowerRatankba operator(s) were only interested in infecting device owners with an obvious interest in various cryptocurrencies,” reads the 38-page-long report [PDF] published by Proofpoint.

Once installed, Gh0st RAT allows cybercriminals to steal credentials for cryptocurrency wallets and exchanges.

It’s notable that PowerRatankba and Gh0st RAT don’t exploit any zero-day vulnerability; instead, Lazarus Group relies on mixed programming practices, like C&C communication over HTTP, use of Spritz encryption algorithm and the Base64-encoded custom encryptor.

“It is already well-known that Lazarus Group has targeted and successfully breached several prominent cryptocurrency companies and exchanges,” the researchers say. “From these breaches, law enforcement agencies suspect that the group has amassed nearly $100 million worth of cryptocurrencies based on their value today.”

Besides stealing cryptocurrencies, the group was also found infecting SoftCamp point-of-sale (POS) terminals, largely deployed in South Korea, using RatankbaPOS malware for stealing credit card data.

Since RatankbaPOS was sharing same C&C server as the PowerRatankba implant, it is believed that both the implants are linked to Lazarus Group.

The explosive growth in cryptocurrency values has motivated not only traders but also hackers to invest all their time and resources in making digital wealth.

More details about the new malware campaigns run by Lazarus Group can be found in the in-depth report [PDF], titled “North Korea Bitten by Bitcoin Bug—Financially motivated campaigns reveal a new dimension of the Lazarus Group,” published by PowerPoint on Wednesday.

Here’s the NSA Employee Who Kept Top Secret Documents at Home


A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home, which were later stolen by Russian hackers.

In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015.

Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software.

According to authorities, the Kaspersky Labs’ antivirus software was allegedly used, one way or another, by Russian hackers to steal top-secret NSA documents and hacking exploits from Pho’s home PC in 2015.

“Beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information,” the DoJ said in disclosing Pho’s guilty plea. 

“This material was in both hard-copy and digital form, and was retained in Pho’s residence in Maryland.”

For those unaware, the U.S. Department of Homeland Security (DHS) has even banned Kaspersky Labs’ antivirus software from all of its government computers over suspicion of the company’s involvement with the Russian intelligence agency and spying fears.

Kaspersky CEO Says He Would Leave If Russia Asked Him To Spy

Though there’s no substantial evidence yet available, an article published by US news agency WSJ in October claimed that Kaspersky software helped Russian spies steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer’s home PC.

However, Kaspersky Labs has denied any direct involvement with the Russian spies in the alleged incident.

Just last month, Kaspersky claimed that its antivirus package running on the Pho’s home PC detected the copies of the NSA exploits as malicious software, and uploaded them to its cloud for further analysis by its team of researchers.

According to the company, as soon as its analysts realized that its antivirus had collected more than malicious binaries, the company immediately deleted the copy of the classified documents, and also created a special software tweak, preventing those files from being downloaded again.

Even, when asked if Russian intel agency had ever asked him to help it spy on the West at a media briefing at the Kaspersky’s offices in London on Tuesday, CEO Eugene Kaspersky said “They have never asked us to spy on people. Never.”

Kaspersky further added that “If the Russian government comes to me and asks me to anything wrong, or my employees, I will move the business out of Russia.”

NSA Hacker Faces A Prison Sentence Of Up To 10 Years

In Pho’s plea deal with prosecutors, the NSA hacker admitted that he copied information from NSA computers multiple times between 2010 and 2015 and took it all home with him.

Taking classified documents at home is a clear violation of known security procedures—and in this process, Pho eventually exposed the top secret information to Russian spies.

Pho has pleaded guilty in a United States district court in Baltimore to one count of willful removal and retention of national defense information, with no other charges filed against him and there’s no mention of Pho selling or passing off that confidential data.

The retention of national defense information offense carries a possible 10-year prison sentence.

Federal prosecutors said they would seek an eight-year sentence for Mr. Pho. However, his attorney can ask for a more lenient sentence.

Pho remains free while awaiting sentencing on 6th April next year.