Security News

Beijing accused the United States of "Slander" on Wednesday after two Chinese nationals were indicted for seeking to steal coronavirus vaccine research and hacking hundreds of companies. "The Chinese government is a staunch defender of cyber security, and has always opposed and cracked down on cyber attacks and cyber crime in all forms," said foreign ministry spokesman Wang Wenbin.

Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application. The security hole, tracked as CVE-2020-8207 and classified as high severity, affects the automatic update service used by the Citrix Workspace app for Windows, and it can be exploited by a local attacker to escalate privileges or by a remote attacker for arbitrary command execution.

The United States Department of Justice on Tuesday announced charges against two individuals for the hacking of hundreds of organizations worldwide, including governments and COVID-19 responders. The two, Li Xiaoyu, 34, and Dong Jiazhi, 33, both nationals and residents of China, are accused to have conducted computer intrusion activities on behalf of the Chinese government for more than 10 years.

This hack targets the firmware on modern power supplies. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device­ - the more juice the power adapter can send, the faster it can charge the phone.

Facebook won a significant legal victory on Thursday when the judge hearing the lawsuit against Israeli spyware maker NSO Group declined to dismiss the case - and allowed the crucial discovery process to move forward. Last October, Facebook and its WhatsApp subsidiary sued NSO Group, and its Q Cyber Technologies affiliate, in the Northern District of California.

The Kremlin on Thursday denied claims by Britain that "Russian actors" sought to meddle in last year's general election and that Russian intelligence services most likely hacked coronavirus vaccine research. "We have no information on who could have hacked pharmaceutical companies and research centres in Britain," Kremlin spokesman Dmitry Peskov told the TASS news agency.

The Kremlin-backed APT29 crew, also known by a variety of other names such as Cozy Bear, Iron Hemlock, or The Dukes, depending on which threat intel company you're talking to that week, is believed by most reputable analysts to be a wholly owned subsidiary of the FSB, modern-day successor to the infamous Soviet KGB. NCSC ops director Paul Chichester said in a statement: "We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic." Foreign Secretary Dominic Raab added: "It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health."

Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity. Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.

The Twitter accounts of Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, and other celebrities were briefly taken over on Wednesday, along with the accounts of various cryptocurrency businesses and affiliated executives, to promote a Bitcoin scam. Twitter also silenced verified blue-tick accounts temporarily to prevent more abuse while it got to the bottom of the kerfuffle.

A Russian national accused of hacking into online platforms LinkedIn, Formspring, and Dropbox was found guilty by a United States jury last week. The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in the Czech Republic, and remained incarcerated there for two years, before being extradited to the U.S. In 2016, U.S. authorities charged Nikulin with accessing without authorization the systems of LinkedIn, Dropbox and Formspring in 2012, using stolen employee credentials.