Author: Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

US Department of Justice accused two Russians of stealing $17,000,000 worth of cryptocurrency

The US Department of Justice brought charges in absentia against two Russian citizens: Daniil Potekhin (aka cronuswar) and Dmitry Karasavidi. The US Department of Justice accused the Russians in organizing a large-scale phishing operation against users of three cryptocurrency exchanges: Poloniex, Binance and Gemini. The two suspects are accused of creating clone sites for the… Continue reading US Department of Justice accused two Russians of stealing $17,000,000 worth of cryptocurrency

Chinese hackers attack US organizations and exploit bugs in F5, Citrix and Microsoft Exchange

The Department of Homeland Security (DHS CISA) Cybersecurity and Infrastructure Protection Agency (DHS CISA) has published security guidelines for the private sector and government agencies. CISA said that Chinese hackers associated with the Ministry of State Security of the Republic of China are attacking organizations in the United States and exploit bugs in F5, Citrix,… Continue reading Chinese hackers attack US organizations and exploit bugs in F5, Citrix and Microsoft Exchange

Qbot Trojan Entered The Top Of The Most Widespread Malware

Check Point has released its monthly Global Threat Index for August 2020. According to the researchers, the updated Qbot Trojan (aka QuakBot, Qakbot, and Pinkslipbot) first entered the TOP of the most widespread malware in the world, where it took tenth place. Experts discovered Qbot in 2008; over the years, it has evolved from an… Continue reading Qbot Trojan Entered The Top Of The Most Widespread Malware

The researcher kept the INVDoS bug in Bitcoin Core secret for many years

Back in 2018, cyber security specialist and engineer Braydon Fuller discovered a dangerous bug in Bitcoin Core (versions 0.16.0 and 0.16.1). The problem appeared in 2017 and was named INVDoS. Shortly after the discovery, CVE-2018-17145 was quietly eliminated, and Fuller kept his find a secret for two years, fearing activity from attackers who might be… Continue reading The researcher kept the INVDoS bug in Bitcoin Core secret for many years

Intel engineers fixed critical bug in AMT and ISM

Intel engineers fixed this week a critical bug with updates to Active Management Technology (AMT) and Intel Standard Manageability (ISM). The AMT and ISM bug was one of the most serious issues the company has addressed this month. The vulnerability is tracked as CVE-2020-8758 and scored 9.8 out of 10 on the CVSS vulnerability rating… Continue reading Intel engineers fixed critical bug in AMT and ISM

Hackers use legitimate Weave Scope tool in attacks on cloud environments

Intezer experts discovered the TeamTNT cybercriminal group, whose hackers use the legitimate Weave Scope tool in their attacks to visualize and monitor cloud infrastructure. According to the researchers, this is the first time that attackers have used a legitimate tool for such attacks. As mentioned above, Weave Scope is usually used for visualizing and monitoring… Continue reading Hackers use legitimate Weave Scope tool in attacks on cloud environments

Researcher Earned $10,000 by Finding XSS Vulnerability in Google Maps

Israeli cybersecurity specialist Zohar Shachar talked about his discovery of XSS vulnerability in Google Maps in 2019, and then found out that Google was unable to fix it from the first time. The issue was related to the Google Maps feature that allows users to create their own maps. Such maps can be exported in… Continue reading Researcher Earned $10,000 by Finding XSS Vulnerability in Google Maps

SWIFT says money is rarely laundered with cryptocurrencies

Specialists of the SWIFT organization, which operates same-named international system or the transfer of financial information, published a report on various money laundering techniques. As it turned out, money is rarely laundered using cryptocurrencies; criminals prefer shell companies, casinos, money mules and other “classic” methods. The report states that most of the stolen bank funds… Continue reading SWIFT says money is rarely laundered with cryptocurrencies

Hackers use .NET library for creating malicious Excel files

Researchers at NVISO Labs noticed that the Epic Manchego group uses unusual Excel files for attacks, created specifically to bypass defense mechanisms. The fact is that these files are not created through Microsoft Office – the hackers use the .NET library EPPlus. Typically, this library is used by application developers, for example, to add features… Continue reading Hackers use .NET library for creating malicious Excel files

Magecart groupings extract stolen cards data via Telegram

An information security specialist known under the pseudonym Affable Kraut discovered that Magecart web skimmer operators extract stolen cards data through Telegram channels. He concluded this based on information obtained by Sansec, which specializes in combating digital skimming and Magecart attacks. Let me remind you that initially the name MageCart was assigned to one hack… Continue reading Magecart groupings extract stolen cards data via Telegram