В Череповце был вынесен приговор 19-летнему хакеру. Молодой человек организовал атаку на компьютеры пользователей, используя стиллер для получения паролей и дальнейшей продажи их.
Осенью 2022 года хакер разместил ролик на YouTube добавив в описание ссылку на файл содержащий вирус. Те, кто скачал файл, стали жертвами стиллера. Вирус собирал информацию о логинах, паролях, сетевых адресах пользователей и данных крипто-кошельков. Полученную информацию молодой хакер успешно продавал .
В ходе расследования подозреваемый полностью признал свою вину и сотрудничал со следствием. В результате рассмотрения дела суд вынес решение о наказание в виде 1 года лишения свободы с испытательным сроком в 1 год. Кроме того, все компьютерное оборудование...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
VirusTotal Data Leak Exposes Some Registered Customers' Details
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.
The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. It was acquired by Google in 2012 and became a subsidiary of Google Cloud's Chronicle unit in 2018.
When reached for comment, Google...
A massive data breach of the CoWIN portal, the central platform for COVID-19 vaccination registration in India, has put the personal data of Indian citizens at risk.
The alleged CoWIN data breach has put the personal information of every Indian citizen who is registered with the CoWIN portal available on messaging app @fbi_gov @leakbase_official_v2 . According to the official portal, CoWIN boasts a user base of over one billion registered users.
According to regional political leader Saket Gokhale, when a mobile number registered with the CoWIN portal is entered into a @fbi_gov @leakbase_official_v2 bot, it discloses the number of the ID card used for vaccination, along with details such as gender, year of birth, and the name of...
New hacking forum leaks data of 478,000 RaidForums members
Does anyone have any idea where this is coming from?
The feds released it?
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.
This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool (ADV230004).
This is in addition to 31 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD (CVE-2023-20569 or Inception).
ADV230003 concerns an already known security flaw tracked as...
Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device fraud and possession of child pornography.
BreachForums, launched in March 2022, operated as an illegal marketplace that allowed its members to trade hacked or stolen databases, enabling other criminal actors to gain unauthorized access to target systems. It was shut down in March 2023 shortly after Fitzpatrick's arrest in New York.
As many...
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan.
16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft of credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App, among others.
"Victims typically receive an email with a pdf file or link that redirects to a site requesting the victims' credit card or other personally identifiable information," Interpol said. "This information is then stolen and used to extract money from the victims."
No...
【china asian】Source code data of a large enterprise
contact @fbi_gov information: 282119485436@proton.me
Общие принципы взлома сайтов
По структуре сайты делятся на три больших класса:
самописные (сделанные вручную на HTML, произведенные статическим генератором типа Jekyll или собранные в программе-конструкторе типа Adobe Dreamweaver);
сделанные в онлайновых конструкторах (в основном это сайты-визитки без каких-либо баз данных и передаваемых полей);
работающие на готовых CMS (Content Management System, системах управления контентом).
Встречаются еще самодельные CMS, созданные для конкретного сайта, но это сейчас стало редкостью — позволить себе поддержку своей системы могут только самые крупные ресурсы, и оправдать связанные с этим затраты непросто.
С точки зрения атакующего, движки сайтов ничем не отличаются от других сервисов и служб...
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.
AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors. It has also surpassed QakBot in terms of scale, having infiltrated over 41,000 nodes located across 20 countries worldwide.
"The malware has been used to create residential proxy services to shroud malicious activity such as password spraying, web-traffic proxying, and ad fraud," the...
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an application utilizes user-supplied input or an identifier for direct access to an internal resource, such as a database record, without any additional validations.
"IDOR vulnerabilities are access control vulnerabilities enabling malicious actors to modify or delete data or access sensitive data by issuing requests to a website or a web application...
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.
The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.
"Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers," Western Digital said.
"The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the...
As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin.
The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023.
Ultimate Member is a popular plugin that facilitates the creation of user-profiles and communities on WordPress sites. It also provides account management features.
"This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites," WordPress security firm...
Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
TSMC is one of the world's largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics.
On Wednesday, a threat actor known as Bassterlord, who is affiliated with LockBit, began to live tweet what appeared to be a ransomware attack on TSMC, sharing screenshots with information related to the company.
These screenshots indicated that the threat actor had significant access to systems allegedly belonging to TSMC, displaying email...
Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities and warning that they are not anonymous.
RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling stolen data obtained from breached organizations.
Threat actors who frequented the forum would hack into websites or access exposed database servers to steal customer information. The threat actors would then attempt to sell the data to other threat actors, who use it for their campaigns, such as phishing attacks, cryptocurrency scams, or distributing malware.
In many cases, if data was not sold or some time had passed, the stolen data would be leaked for...
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
The warning comes from AquaSec's security team, 'Nautilus,' who analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% of them to be vulnerable to RepoJacking.
By extrapolating this percentage to GitHub's entire repository base of more than 300 million, the researchers estimate that the issue affects approximately 9 million projects.
What is RepoJacking
Username and repository name changes are frequent on GitHub, as organizations can get new management through acquisition or merger, or they can switch to...
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems.
The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.9), "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," Mandiant said.
UNC3886 was initially documented by the Google-owned threat intelligence firm in September 2022 as a cyber espionage actor infecting VMware ESXi and vCenter servers with backdoors named VIRTUALPITA and VIRTUALPIE.
Earlier this March, the group was linked to the...
The world's largest chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom demand. Taiwan Semiconductor Manufacturing Co. said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.
The LockBit 3.0 ransomware gang on Thursday listed TSMC on its dark web leak site. The extortionist group claims to have confidential data of the chip-making giant and posted four screenshots to support its claim.
LockBit said it will delete all the information and remove the company listing from the leak site if TSMC pays the $70 million ransom. But in case of payment refusal, the gang threatened to...
Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts.
Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet.
Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive.
Yesterday, the hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million...
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.
This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the activity is not known.
CVE-2023-32434 - An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
CVE-2023-32435 - A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
The iPhone maker said it's aware that the two...
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation.
Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers.
The Russian cybersecurity company has codenamed the backdoor TriangleDB.
"The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers said in a new report published today.
"It is deployed in memory, meaning that all traces of the implant are lost when the device...
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild.
The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution.
It impacts VMware Aria Operations Networks versions 6.x, with fixes released in versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10 on June 7, 2023.
Now according to an update shared by the virtualization services provider on June 20, the flaw has been weaponized in real-world attacks, although the exact specifics are unknown as yet.
"VMware has confirmed...
News Ernst & Young, A Member Of The Cısa Assembled Rtf (Ransomware Task Force) Has Been A Victim Of Cl0P Ransomware Group From The Moveıt 0Day Exploit.
Ernst & Young, a member of the CISA assembled RTF (Ransomware Task Force) has been a victim of cl0p ransomware group from the MoveIT 0day exploit.
Information via Brett Callow