Leak News

News in the criminal world, information about leaks

Forum Prefix Filter

Sticky threads
We issued a separate SSL certificate and proxyed connections to TCP:5222. Wow! It was revealed by accident due to a mistake by their admins. If not for this error, most likely no one would have noticed. Most likely this is a government attack and the hosters were simply obliged to implement these redirects. I wonder how many of these jabber servers are being listened to at the moment. After all, cool hackers and scammers most often use jabber. Another episode justifying the paranoia of red-eyed cryptomaniacs. Morality: 1. Check the fingerprints of certificates even if you are lazy. 2. Nothing has been invented more secure than E2E encryption, but even there everyone is too lazy to check key fingerprints. Personally, I...
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation. A Europol spokesperson has confirmed the seizure message is legitimate as part of an ongoing action targeting the Ragnar Locker ransomware gang and that a press release will be published tomorrow. The FBI declined to comment.
Uma campanha ativa de malware direcionada à América Latina está distribuindo uma nova variante de um trojan bancário chamado BBTok , especialmente usuários no Brasil e no México. “O banqueiro BBTok tem uma funcionalidade dedicada que replica as interfaces de mais de 40 bancos mexicanos e brasileiros e engana as vítimas para que insiram seu código 2FA em suas contas bancárias ou para que insiram o número do cartão de pagamento”, disse a Check Point em pesquisa publicada este semana. As cargas são geradas por um script PowerShell personalizado no lado do servidor e são exclusivas para cada vítima com base no sistema operacional e no país, enquanto são entregues por meio de e-mails de phishing que utilizam uma variedade de tipos de...
Плагин Anti-Brute Force, Login Fraud Detector WordPress — это плагин безопасности, который обнаруживает и блокирует вредоносные IP-адреса, пытающиеся войти на сайты WordPress, с помощью аналитических данных в реальном времени от Criminal IP. Хакеры, пытающиеся атаковать сайты WordPress методом грубой силы, не используют обычные IP-адреса. Скорее, они используют VPN, прокси, Tor, IP-адрес хостинга и т. д., чтобы избежать отслеживания. Criminal IP — это поисковая система на основе IP-адресов, которая ежедневно сканирует IP-адреса по всему миру и собирает такую вредоносную информацию. Количество обнаруживаемых попыток входа в систему зависит от плана, используемого подключенной учетной записью Criminal IP. Пользователи плана бесплатного...
Hi all! Today I want to tell you about a forgotten malvertising campaign that was discovered by security researchers earlier this year. Malvertising is a technique in which attackers use advertising networks to distribute malicious code through legitimate websites. This could lead to site visitors' computers being infected, their personal data being stolen, their files being encrypted, or other malware being installed. The campaign I want to talk about is called "Forgotten". It was active from January to March 2021 and attacked users in the US, Canada, UK, Germany and France. She used several advertising networks, including Google AdSense, to place her ads on popular sites such as CNN, Forbes, The Guardian and others. The ads looked...
SpyNote: a dangerous spy app for Android phones SpyNote is a spy app that hides in Android phones and records and steals a variety of information such as keystrokes, call logs, information about installed apps, and much more. It is difficult to detect and remove as it disguises itself as legitimate applications or is installed via SMS phishing campaigns. F-Secure Labs researchers have thoroughly analyzed SpyNote and discovered its malicious capabilities. According to their report, SpyNote can: - Record audio from the device's microphone - Take photos and videos with the camera - Access contact @fbi_gov s, messages and call history - Read and send SMS messages - Get device GPS location - Monitor battery status, signal level and memory...
Delve into the realm of Leaked GPT 4.5 an AI language model with extraordinary potential. Explore its vast capabilities for your projects and creative endeavors at (https://mega.nz/file/UrFwyKJJ#CwAOFkBgaau8C7EBYaqNrXg_qdEBFnwIaP5EUwWFNm0). Please note, GPT 4.5 is designed exclusively for Windows OS ensuring a seamless experience. Seize this opportunity to unlock the full power of GPT 4.5
A recent security incident has exposed a serious vulnerability in the NuGet repository, a popular source of .NET packages for developers. According to a report by security firm ReversingLabs, attackers have been uploading malicious packages to the repository, disguised as legitimate ones, and infecting unsuspecting developers who download them. The attackers have been using a technique called typosquatting, which involves creating packages with names that are similar to well-known ones, but with slight spelling errors. For example, one of the malicious packages was named "NUnit", instead of the correct "NUnit". Developers who mistype the package name or do not pay attention to the spelling could end up downloading and installing the...
Network data confirm the restriction of messaging platform @fbi_gov @leakbase_official_v2 across most of Iraq as of Sunday 6 August 2023, excluding the autonomous Iraqi Kurdistan region. The measure comes as the Ministry of Communications issues an order for @fbi_gov @leakbase_official_v2 to be suspended over national security concerns and the integrity of personal data. Iraq has recently come into the spotlight for shutting down internet access over extended periods in a bid to limit cheating in national exams. Source: https://netblocks.org/reports/@fbi_gov @leakbase_official_v2 -restricted-in-iraq-over-personal-data-leaks-9AkJ4o8D
A KPRC 2 viewer sent us a letter he got from Harris Health System saying his information was compromised. This is something Harris Health System was warning about a few weeks ago. The breach involves software Harris Health uses called MOVEit. The software allows the hospital system to send a receive files. MOVEit customer data was taken across the United States and around the world. “On June 2, 2023, Harris Health learned that a vulnerability in the MOVEit software allowed an unauthorized actor to access its MOVEit server. Upon learning of the vulnerability, Harris Health immediately implemented security safeguards to address the vulnerability and secure its MOVEit server. Harris Health also promptly launched an investigation into the...
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine is designed to only run locally on a user's machine, an attacker can trick a user into importing a malicious project file," Sonar security researcher Stefan Schiller said in a report published last week. "Once this file is imported, the attacker can execute arbitrary code on the user's machine." Software prone to Zip Slip vulnerabilities can...
United Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK. GMP does not believe the data on the hacked systems contains financial information belonging to the police department's employees. "We are aware of a ransomware attack affecting a third-party supplier of various UK organisations, including GMP, which holds some information on those employed by GMP," Assistant Chief Constable Colin McFarlane said. "At this stage, it's not believed this data includes financial...
Generative AI is a double-edged sword, if there ever was one. There is broad agreement that tools like ChatGPT are unleashing waves of productivity across the business, from IT, to customer experience, to engineering. That's on the one hand. On the other end of this fencing match: risk. From IP leakage and data privacy risks to the empowering of cybercriminals with AI tools, generative AI presents enterprises with concrete concerns. For example, the mass availability of AI tools was the second most-reported Q2 risk among senior enterprise risk executives — appearing in the top 10 for the first time — according to a Gartner survey. In this escalating AI arms race, how can enterprises separate fact from hype and comprehensively manage...
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as CVE-2023-25157," Palo Alto Networks Unit 42 researcher Robert Falcone said. While bogus PoCs have become a well-documented gambit for targeting the research community, the cybersecurity firm suspected that the threat actors are opportunistically targeting other crooks who may be adopting the latest vulnerabilities into their arsenal...
Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a "hub" app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential for a threat actor to take over the core apps and abuse those permissions. There's no real concern that the app, on its own, will start deleting files or sharing data. As such, SaaS Security Posture Management (SSPM) solutions are able to identify integrated third party applications and present their permission scopes. The security team then...
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository hijacking, is a class of attacks that makes it possible to take over retired organization or user names and publish trojanized versions of repositories to run malicious code. "When a repository owner changes their username, a link is created between the old name and the new name for anyone who downloads dependencies from the old repository," researchers Ilay Goldman and Yakir...
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," Check Point said in research published this week. The payloads are generated by a custom server-side PowerShell script and are unique for each victim based on the operating system and country, while being delivered via phishing emails that leverage a variety of file types. BBTok is a Windows-based banking malware that first surfaced in 2020...
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation. CVE-2023-41992 - A security flaw in Kernel that could allow a local attacker to elevate their privileges. CVE-2023-41993 - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content. Apple did not provide additional specifics barring an acknowledgement that...
An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," Check Point said in research published this week. The payloads are generated by a custom server-side PowerShell script and are unique for each victim based on the operating system and country, while being delivered via phishing emails that leverage a variety of file types. BBTok is a Windows-based banking malware that first surfaced in 2020...
Back
Top Bottom