Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld.
Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed.
"Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software, and finally ransomware payloads," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical breakdown of the activity.
"The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."
Initial access to the victim host is achieved by brute-forcing the MS SQL server, using it to...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII).
Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023.
"Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver's license number or passport number) and information related to your relationship with Paramount," the mass media giant told impacted people.
After discovering the incident, the...
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S.
"The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said.
Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange...
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.
The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month.
Microsoft's container architecture (and by extension, Windows Sandbox) uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.
It's nothing but an "operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that...
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports.
The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC) became available.
The issues, tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847, reside in the J-Web component of Junos OS on Juniper SRX and EX Series. They could be chained by an unauthenticated, network-based attacker to execute arbitrary code on susceptible installations.
Patches for the flaw were released...
Cybersecurity researchers have discovered malicious Android apps for Signal and @fbi_gov @leakbase_official_v2 distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices.
Slovakian company ESET attributed the campaign to a China-linked actor called GREF.
"Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko said in a new report shared with The Hacker News.
Victims have been primarily detected in...
Risk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack.
The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said.
"Specifically, T-Mobile, without any authority from or contact @fbi_gov with Kroll or its employee, transferred that employee's phone number to the threat actor's phone at their request," it said in an advisory.
This enabled the unidentified actor to gain access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX, and Genesis.
SIM swapping (aka SIM splitting or simjacking), while generally a benign process...
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry.
The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf," Phylum said in a report published last week. The names of the packages, now taken down, are as follows: postgress, if-cfg, xrvrv, serd, oncecell, lazystatic, and envlogger.
It's not clear what the end goal of the campaign was, but the suspicious modules were found to harbor functionalities to capture the operating system information (i.e., Windows, Linux, macOS, or Unknown) and transmit the data to a hard-coded @fbi_gov @leakbase_official_v2...
Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
"An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (CTU) said in a technical report published last week.
"The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges."
Following responsible disclosure on April 5, 2023, the issue was addressed by Microsoft via an update released a day later. Secureworks has also made available an open-source tool...
Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With the rise of remote work, people can now work from virtually anywhere: a cafe close to home, a hotel in a different city, or even while waiting for a plane at the airport. Next, let's explore the risks of connecting to public Wi-Fi, both for you personally and for businesses.
According to the Forbes Advisor the majority of people (56%) connect to public Wi-Fi networks that don't require a password. This convenience comes at a price, and many are unaware that attackers can steal card details, passwords, and other sensitive information.
Man-in-the-Middle (MITM) Attacks: This is one of the most common threats on public...
Швейцарский защищенный почтовый сервис ProtonMail в 2022 году в рамках судебных процедур предоставил данные 5 957 своих пользователей властям. За год к компании поступило 6 995 запросов от правоохранительных органов.
ProtonMail, запущенный в 2014 году, является одним из наиболее популярных безопасных почтовых сервисов в мире. Он акцентирует внимание на высокий уровень конфиденциальности и безопасности, подчеркивая преимущества своей швейцарской юрисдикции. Однако, как подчеркнуто в заявлении компании, это не гарантирует абсолютную безопасность данных.
С 2017 года ProtonMail регулярно публикует отчеты о прозрачности, в которых раскрывается статистика запросов на данные пользователей и их удовлетворения. Forbes ранее сообщал о случае...
Today Microsoft announced they're changing the way they name and label threat groups. The new naming convention now aligns with "the theme of weather"
The new names are absolutely ridiculous and we are having a difficult time taking it seriously
TA505, the group believed to be behind the Dridex Banking Trojan, Locky ransomware, and GlobeImposter ransomware, has been renamed internally at Microsoft Threat Intelligence.
The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people.
"The incident was identified in October 2022 after suspicious activity was detected on our systems," the regulator said. "It became clear that hostile actors had first accessed the systems in August 2021."
The intrusion enabled unauthorized access to the Commission's servers hosting email, control systems, and copies of the electoral registers it maintains for research purposes. The identity of the intruders are presently unknown.
The registers included the name and address of anyone in the U.K. who registered to...
Сначала главное: выключенная биометрия и общение в зашифрованных приложениях — это не пожелание, а необходимость
Включенные Face ID и Touch ID существенно упрощают взлом как для силовиков, так и для хакеров. Так что лучше выключите их.
Полезная привычка — переписываться только в тех мессенджерах, где поддерживается end-to-end шифрование (например, Session или секретные чаты @fbi_gov @leakbase_official_v2 ), а также пользоваться автоудалением сообщений раз в какое-то время.
Если вся важная информация быстро исчезнет, то и предъявлять вам будет нечего.
Стоит еще раз проверить, везде ли (где возможно) настроена двухфакторная аутентификация
С двухфакторной аутентификации начинается, кажется, любая инструкция по цифровой безопасности...
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
"Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer."
Malvertising refers to the use of SEO poisoning techniques to spread malware via online advertising. It typically involves hijacking a chosen set of keywords to display bogus ads on Bing and Google search results pages with the goal of...
Министерство юстиции объявило об обвинениях против гражданина России за его причастность к развертыванию многочисленных программ-вымогателей LockBit и других кибератак на компьютерные системы жертв в США, Азии, Европе и Африке.
20-летний Руслан Магомедович Астамиров (АСТАМИРОВ, Руслан Магомедовичь) из Чеченской Республики, Россия, обвиняется по жалобе, распечатанной сегодня в федеральном суде Ньюарка, в сговоре с целью совершения мошенничества с использованием электронных средств связи и сговоре с целью умышленного повреждения защищенных компьютеров и передачи требований о выкупе. Астамиров был арестован по жалобе в Аризоне, и его первое появление в округе Аризоны запланировано.
«Астамиров — третий обвиняемый, которому этот офис...
Documents from the confidential database of the ministry of labor of Ecuador.
Confidential information exposed.
POC:
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
Imgur: The magic of the Internet
imgur.com
Imgur: The magic of the Internet
Total: 1Gb information
Additional backdoor on a server, further information by @fbi_gov @leakbase_official_v2
@fbi_gov @leakbase_official_v2 : @HagoromoS4v10
В Череповце был вынесен приговор 19-летнему хакеру. Молодой человек организовал атаку на компьютеры пользователей, используя стиллер для получения паролей и дальнейшей продажи их.
Осенью 2022 года хакер разместил ролик на YouTube добавив в описание ссылку на файл содержащий вирус. Те, кто скачал файл, стали жертвами стиллера. Вирус собирал информацию о логинах, паролях, сетевых адресах пользователей и данных крипто-кошельков. Полученную информацию молодой хакер успешно продавал .
В ходе расследования подозреваемый полностью признал свою вину и сотрудничал со следствием. В результате рассмотрения дела суд вынес решение о наказание в виде 1 года лишения свободы с испытательным сроком в 1 год. Кроме того, все компьютерное оборудование...
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.
The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. It was acquired by Google in 2012 and became a subsidiary of Google Cloud's Chronicle unit in 2018.
When reached for comment, Google...
A massive data breach of the CoWIN portal, the central platform for COVID-19 vaccination registration in India, has put the personal data of Indian citizens at risk.
The alleged CoWIN data breach has put the personal information of every Indian citizen who is registered with the CoWIN portal available on messaging app @fbi_gov @leakbase_official_v2 . According to the official portal, CoWIN boasts a user base of over one billion registered users.
According to regional political leader Saket Gokhale, when a mobile number registered with the CoWIN portal is entered into a @fbi_gov @leakbase_official_v2 bot, it discloses the number of the ID card used for vaccination, along with details such as gender, year of birth, and the name of...
New hacking forum leaks data of 478,000 RaidForums members
Does anyone have any idea where this is coming from?
The feds released it?
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.
This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004).
This is in addition to 31 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD (CVE-2023-20569 or Inception).
ADV230003 concerns an already known security flaw tracked as...
Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device fraud and possession of child pornography.
BreachForums, launched in March 2022, operated as an illegal marketplace that allowed its members to trade hacked or stolen databases, enabling other criminal actors to gain unauthorized access to target systems. It was shut down in March 2023 shortly after Fitzpatrick's arrest in New York.
As many...