👨💻Из-за ошибки в плагине, с 600 000 сайтов WordPress может произойти утечка!
🌐Более 600 000 сайтов, работающих на популярной CMS WordPress, оказались под угрозой из-за уязвимости в широко используемом плагине WP Fastest Cache. Этот плагин предназначен для ускорения загрузки страниц, но недавно была обнаружена серьёзная уязвимость типа SQL Injection.
🚨Уязвимость позволяет неавторизованным злоумышленникам получить доступ к базам данных сайтов. В базах данных WordPress хранится множество важных и конфиденциальных данных, включая информацию о пользователях, пароли учётных записей, настройки плагинов и тем.
🕵🏻♂️По оценкам исследователей, степень угрозы этой уязвимости варьируется от 6.1 до 9.8 баллов по шкале CVSS, что говорит о её...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
Утверждения об утечке данных клиентов Альфа-банка — это фейк, заявили РБК в пресс-службе кредитной организации, комментируя сообщения, распространившиеся в телеграм-каналах.
В службе клиентской поддержки также сказали РБК, что информация об утечке не соответствует действительности. «Данные клиентов находятся под защитой», — подчеркнули в службе.
Airbus vendor data was posted on a popular English-language forum by supposedly the same attacker who infiltrated the FBI’s data-sharing network in 2022.
The attacker, who goes by the moniker “USDoD,” said they accessed European aerospace giant Airbus’ site by exploiting employee access from a Turkish Airline.
“This month, I got access to Airbus site using employee access from some Turkish airline, and this got me inside of a lot of stuff, plus their vendors' data, 3,200 records. It is their entire vendors’ data,” the attacker said.The leaked data supposedly includes Airbus vendors’ sensitive data such as names, addresses, phone numbers, email addresses, job titles, departments, and other information. The attacker said they would...
TransUnion is an American consumer credit reporting agency. TransUnion collects and aggregates information on over one billion individual consumers in over thirty countries, including “200 million files profiling nearly every credit-active consumer in the United States”.
A threat actor who goes by the moniker “USDoD” announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe.
Source: https://securityaffairs.com/150968/data-breach/transunion-data-leak.html
🏠Хакеры обратились в Комиссию по ценным бумагам США с жалобой на MeridianLink.
👺В мире кибербезопасности произошел необычный инцидент: хакерская группировка BlackCat подала жалобу в Комиссию по ценным бумагам и биржам США (SEC) против компании MeridianLink, специализирующейся на разработке ПО. Поводом для жалобы стало нераскрытие компанией информации о кибератаке, в ходе которой были похищены данные.
💻Стоит уточнить, что новое правило SEC, требующее раскрывать информацию о кибератаках в течение четырех дней, вступит в силу только 15 декабря. Однако вымогатели решили использовать этот момент для оказания дополнительного давления на MeridianLink.
🔰Представители MeridianLink подтвердили факт атаки и заявили, что после ее обнаружения...
On November 13, 2023, Samsung Electronics (UK) Limited discovered a significant data breach affecting customers who made purchases on their online store between July 1, 2019, and June 30, 2020. The breach was attributed to the exploitation of a vulnerability in a third-party application.
The compromised information includes names, phone numbers, postal addresses, and email addresses of affected customers. Fortunately, Samsung has assured users that passwords and financial information have not been impacted.
This incident follows a previous breach in the U.S. where customer data, including names, contact @fbi_gov s, dates of birth, product registration data, and demographic information, was compromised. Notably, no Social Security or...
Директор ЦРУ знал, кто такой Эпштейн, когда встречался с ним. Мнение
Официальное объяснение пресс-секретаря ЦРУ о том, что директор американского разведывательного ведомства Уильям Бернс не знал кто такой влиятельный финансист и педофил Джеффери Эпштейн, когда встречался с ним, назвал неправдоподобным американский политический обозреватель Саагар Энджети, выступая 1 мая на интернет-передаче Breaking Points.
Как заявила пресс-служба ЦРУ, Бернс, который в 2014 году был заместителем госсекретаря США, собирался переходить с госслужбы в частный сектор и трижды встречался тогда с Эпштейном, зная только, что он занимался финансами, и что он мог бы быть полезными контактом. Ничего про выстроенную Эпштейном элитную международную педофильскую...
Директор ЦРУ посещал педофильский притон
Информация из дневника попала в распоряжение ежедневной американской деловой газеты The Wall Street Journal. И теперь элита Нью-Йорка пребывает в смятении: как бы не засветиться в столь неприглядной истории! Еще совсем недавно представители бомонда заискивали перед финансистом Джеффри Эпштейном, а потом с облегчением вздохнули, когда с ним расправились в нью-йоркской тюрьме, чтобы на суде тот не скомпрометировал «уважаемых граждан»
В статье рассказывается, с какой помпой Эпштейна принимали в одном из самых престижных университетов США - Бард-колледже в Ред-Хуке. Президент колледжа Леон Ботштейн пригласил Эпштейна к себе посетить концерт классической музыки. К ней почетный гость, в сущности...
A recent report from WithSecure has highlighted a surge in DarkGate malware infection attempts, targeting its Managed Detection and Response customers, notably in the U.K, the U.S., and India. As further analysis was conducted, two critical insights emerged: a Vietnamese connection and an intricate web of interlinked malware campaigns.
The Vietnamese Connection
Several findings pointed toward Vietnamese threat actors being a significant driving force behind these campaigns.
Multiple Vietnamese threat groups have been found to deploy info-stealer campaigns using Malware-as-a-Service (MaaS), honing in on specific sectors or groups. Their modus operandi displays notable similarities, with recurring themes in lures and delivery methods...
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities.
"As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said in a technical report shared with The Hacker News.
The operation, active since at least December 2020, is designed to mine Monero from as many as 474 unique Amazon EC2 instances between August 30 and October 6, 2023.
A standout aspect...
do you play crypto sites like luckyfish and get faucet play with site with free rain but you can also earn by depositing and join the tournament
join this site with this link https://paradice.in/?c=@yaydacostu
Experience top-quality, reliable best nursing services in Amritsar. Unmatched patient care and dedicated medical assistance 24 hours available! Trust Vesta Elder Care for your family's health!
The Parliament started an urgent investigation to find out if it is true that hackers were able to access the legislators' e-mails, as reported by journalist Eduardo Preve and confirmed by the newspaper. In order to inform her colleagues about the situation, Vice President Beatriz Argimón called a meeting with several legislators this Wednesday afternoon.
Since October 3, the Breach Forums website offers more than 100 gigabytes of e-mail content from legislators. For this reason, on this day, the Colorado deputies Felipe Schipani and Sebastián Sanguinetti filed a formal complaint before the Computer Crimes Office, to investigate who leaked these documents.
Speaking to the newspaper, Schipani pointed out that "it is a serious matter...
I once believed I could become a whistleblower akin to Snowden, stepping forward to uncover the hidden truths that the Taiwanese government dared not reveal to the world. I made efforts to connect with a couple of respected journalists. They displayed considerable passion and interest in the coverage, but due to the prevailing political climate and cultural differences, none of them could ultimately assist me in completing the reporting projects. I fully understand their concerns, as exposing genuine stories in the current political atmosphere and public opinion context would undoubtedly entail immense pressure.
My country has long been depicted as a staunch ally of liberal and democratic societies, a defender against authoritarian...
Apathy to data breaches and privacy erosion enables a dystopian reality, with a vanishing line between public and private life. Are we heading towards digital totalitarianism?
Totalitarianism is the erasure between private and public life, as per Hannah Arendt. Any secret that just shouldn’t be there immediately becomes overgrown with conspiracy theories, and the exposure of confidential information becomes the story itself. These are arguments that American historian Timothy Snyder is making in a chapter of his book On Tyranny.
Snyder takes aim at news media reporting, saying that we’re much worse than fashion or sports journalists for making the exposure of sensitive and private material into a breaking news story. Snyder’s book...
News The Germans Sniffed And Decrypted Encrypted Traffic On The Jabber.ru Servers In The Hetzner Data Center.
We issued a separate SSL certificate and proxyed connections to TCP:5222. Wow! It was revealed by accident due to a mistake by their admins. If not for this error, most likely no one would have noticed.
Most likely this is a government attack and the hosters were simply obliged to implement these redirects. I wonder how many of these jabber servers are being listened to at the moment. After all, cool hackers and scammers most often use jabber. Another episode justifying the paranoia of red-eyed cryptomaniacs.
Morality:
1. Check the fingerprints of certificates even if you are lazy.
2. Nothing has been invented more secure than E2E encryption, but even there everyone is too lazy to check key fingerprints.
Personally, I...
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation.
A Europol spokesperson has confirmed the seizure message is legitimate as part of an ongoing action targeting the Ragnar Locker ransomware gang and that a press release will be published tomorrow. The FBI declined to comment.
Uma campanha ativa de malware direcionada à América Latina está distribuindo uma nova variante de um trojan bancário chamado BBTok , especialmente usuários no Brasil e no México.
“O banqueiro BBTok tem uma funcionalidade dedicada que replica as interfaces de mais de 40 bancos mexicanos e brasileiros e engana as vítimas para que insiram seu código 2FA em suas contas bancárias ou para que insiram o número do cartão de pagamento”, disse a Check Point em pesquisa publicada este semana.
As cargas são geradas por um script PowerShell personalizado no lado do servidor e são exclusivas para cada vítima com base no sistema operacional e no país, enquanto são entregues por meio de e-mails de phishing que utilizam uma variedade de tipos de...
Плагин Anti-Brute Force, Login Fraud Detector WordPress — это плагин безопасности, который обнаруживает и блокирует вредоносные IP-адреса, пытающиеся войти на сайты WordPress, с помощью аналитических данных в реальном времени от Criminal IP.
Хакеры, пытающиеся атаковать сайты WordPress методом грубой силы, не используют обычные IP-адреса.
Скорее, они используют VPN, прокси, Tor, IP-адрес хостинга и т. д., чтобы избежать отслеживания.
Criminal IP — это поисковая система на основе IP-адресов, которая ежедневно сканирует IP-адреса по всему миру и собирает такую вредоносную информацию.
Количество обнаруживаемых попыток входа в систему зависит от плана, используемого подключенной учетной записью Criminal IP.
Пользователи плана бесплатного...
Hi all! Today I want to tell you about a forgotten malvertising campaign that was discovered by security researchers earlier this year. Malvertising is a technique in which attackers use advertising networks to distribute malicious code through legitimate websites. This could lead to site visitors' computers being infected, their personal data being stolen, their files being encrypted, or other malware being installed.
The campaign I want to talk about is called "Forgotten". It was active from January to March 2021 and attacked users in the US, Canada, UK, Germany and France. She used several advertising networks, including Google AdSense, to place her ads on popular sites such as CNN, Forbes, The Guardian and others. The ads looked...
SpyNote: a dangerous spy app for Android phones
SpyNote is a spy app that hides in Android phones and records and steals a variety of information such as keystrokes, call logs, information about installed apps, and much more. It is difficult to detect and remove as it disguises itself as legitimate applications or is installed via SMS phishing campaigns.
F-Secure Labs researchers have thoroughly analyzed SpyNote and discovered its malicious capabilities. According to their report, SpyNote can:
- Record audio from the device's microphone
- Take photos and videos with the camera
- Access contact @fbi_gov s, messages and call history
- Read and send SMS messages
- Get device GPS location
- Monitor battery status, signal level and memory...
Delve into the realm of Leaked GPT 4.5 an AI language model with extraordinary potential. Explore its vast capabilities for your projects and creative endeavors at (https://mega.nz/file/UrFwyKJJ#CwAOFkBgaau8C7EBYaqNrXg_qdEBFnwIaP5EUwWFNm0). Please note, GPT 4.5 is designed exclusively for Windows OS ensuring a seamless experience. Seize this opportunity to unlock the full power of GPT 4.5
A recent security incident has exposed a serious vulnerability in the NuGet repository, a popular source of .NET packages for developers. According to a report by security firm ReversingLabs, attackers have been uploading malicious packages to the repository, disguised as legitimate ones, and infecting unsuspecting developers who download them.
The attackers have been using a technique called typosquatting, which involves creating packages with names that are similar to well-known ones, but with slight spelling errors. For example, one of the malicious packages was named "NUnit", instead of the correct "NUnit". Developers who mistype the package name or do not pay attention to the spelling could end up downloading and installing the...
Network data confirm the restriction of messaging platform @fbi_gov @leakbase_official_v2 across most of Iraq as of Sunday 6 August 2023, excluding the autonomous Iraqi Kurdistan region. The measure comes as the Ministry of Communications issues an order for @fbi_gov @leakbase_official_v2 to be suspended over national security concerns and the integrity of personal data.
Iraq has recently come into the spotlight for shutting down internet access over extended periods in a bid to limit cheating in national exams.
Source: https://netblocks.org/reports/@fbi_gov @leakbase_official_v2 -restricted-in-iraq-over-personal-data-leaks-9AkJ4o8D