Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan.
16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft of credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App, among others.
"Victims typically receive an email with a pdf file or link that redirects to a site requesting the victims' credit card or other personally identifiable information," Interpol said. "This information is then stolen and used to extract money from the victims."
No...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
【china asian】Source code data of a large enterprise
contact @fbi_gov information: 282119485436@proton.me
Общие принципы взлома сайтов
По структуре сайты делятся на три больших класса:
самописные (сделанные вручную на HTML, произведенные статическим генератором типа Jekyll или собранные в программе-конструкторе типа Adobe Dreamweaver);
сделанные в онлайновых конструкторах (в основном это сайты-визитки без каких-либо баз данных и передаваемых полей);
работающие на готовых CMS (Content Management System, системах управления контентом).
Встречаются еще самодельные CMS, созданные для конкретного сайта, но это сейчас стало редкостью — позволить себе поддержку своей системы могут только самые крупные ресурсы, и оправдать связанные с этим затраты непросто.
С точки зрения атакующего, движки сайтов ничем не отличаются от других сервисов и служб...
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021.
AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors. It has also surpassed QakBot in terms of scale, having infiltrated over 41,000 nodes located across 20 countries worldwide.
"The malware has been used to create residential proxy services to shroud malicious activity such as password spraying, web-traffic proxying, and ad fraud," the...
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data.
This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an application utilizes user-supplied input or an identifier for direct access to an internal resource, such as a database record, without any additional validations.
"IDOR vulnerabilities are access control vulnerabilities enabling malicious actors to modify or delete data or access sensitive data by issuing requests to a website or a web application...
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.
The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.
"Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers," Western Digital said.
"The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the...
As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin.
The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023.
Ultimate Member is a popular plugin that facilitates the creation of user-profiles and communities on WordPress sites. It also provides account management features.
"This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites," WordPress security firm...
Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
TSMC is one of the world's largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics.
On Wednesday, a threat actor known as Bassterlord, who is affiliated with LockBit, began to live tweet what appeared to be a ransomware attack on TSMC, sharing screenshots with information related to the company.
These screenshots indicated that the threat actor had significant access to systems allegedly belonging to TSMC, displaying email...
Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities and warning that they are not anonymous.
RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling stolen data obtained from breached organizations.
Threat actors who frequented the forum would hack into websites or access exposed database servers to steal customer information. The threat actors would then attempt to sell the data to other threat actors, who use it for their campaigns, such as phishing attacks, cryptocurrency scams, or distributing malware.
In many cases, if data was not sold or some time had passed, the stolen data would be leaked for...
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
The warning comes from AquaSec's security team, 'Nautilus,' who analyzed a sample of 1.25 million GitHub repositories and found that about 2.95% of them to be vulnerable to RepoJacking.
By extrapolating this percentage to GitHub's entire repository base of more than 300 million, the researchers estimate that the issue affects approximately 9 million projects.
What is RepoJacking
Username and repository name changes are frequent on GitHub, as organizations can get new management through acquisition or merger, or they can switch to...
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems.
The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 (CVSS score: 3.9), "enabled the execution of privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs," Mandiant said.
UNC3886 was initially documented by the Google-owned threat intelligence firm in September 2022 as a cyber espionage actor infecting VMware ESXi and vCenter servers with backdoors named VIRTUALPITA and VIRTUALPIE.
Earlier this March, the group was linked to the...
The world's largest chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom demand. Taiwan Semiconductor Manufacturing Co. said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.
The LockBit 3.0 ransomware gang on Thursday listed TSMC on its dark web leak site. The extortionist group claims to have confidential data of the chip-making giant and posted four screenshots to support its claim.
LockBit said it will delete all the information and remove the company listing from the leak site if TSMC pays the $70 million ransom. But in case of payment refusal, the gang threatened to...
Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts.
Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet.
Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive.
Yesterday, the hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million...
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.
This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the activity is not known.
CVE-2023-32434 - An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
CVE-2023-32435 - A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
The iPhone maker said it's aware that the two...
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation.
Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers.
The Russian cybersecurity company has codenamed the backdoor TriangleDB.
"The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers said in a new report published today.
"It is deployed in memory, meaning that all traces of the implant are lost when the device...
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild.
The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution.
It impacts VMware Aria Operations Networks versions 6.x, with fixes released in versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10 on June 7, 2023.
Now according to an update shared by the virtualization services provider on June 20, the flaw has been weaponized in real-world attacks, although the exact specifics are unknown as yet.
"VMware has confirmed...
News Ernst & Young, A Member Of The Cısa Assembled Rtf (Ransomware Task Force) Has Been A Victim Of Cl0P Ransomware Group From The Moveıt 0Day Exploit.
Ernst & Young, a member of the CISA assembled RTF (Ransomware Task Force) has been a victim of cl0p ransomware group from the MoveIT 0day exploit.
Information via Brett Callow
Security vulnerabilities discovered in Honda's e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information.
"Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account," security researcher Eaton Zveare said in a report published last week.
The platform is designed for the sale of power equipment, marine, lawn and garden businesses. It does not impact the Japanese company's automobile division.
The hack, in a nutshell, exploits a password reset mechanism on one of Honda's sites, Power Equipment Tech Express (PETE), to reset the password associated with any account and obtain full admin-level access.
This is made possible due...
THE UL HOSPITALS Group, which runs six hospitals in the mid-west region, has said it is writing to more than 1,000 patients whose personal and medical information was inadvertently shared with an unknown third party in a major “data breach”.
Over 1,000 patients of UL Hospitals Group affected by data breach involving 'unknown party'
Nice to see Ireland joining the game ;)
Fakes looked exactly like the original, but did not differ in performance, stability and security.
An enterprising American who heads dozens of shell companies pleaded guilty earlier this week to importing tens of thousands of fake Chinese network devices that were pasted with fake Cisco labels and then sold to organizations across America for nearly a decade. Hospitals, schools, government agencies, and even the US army were among the organizations deceived in this large-scale scam. DoJOnur Aksoy, a 39-year-old Miami resident who was arrested last July, imported counterfeit goods from selected suppliers in China and Hong Kong, according to the U.S. Department of Justice (DoJ). Aksoy, who recently...
News Apache Webserver 2.4.57 Remote Zeroday Vulnerability - For Sale 1 Btc/Vulnerability Only / 7Btc With Exploit
Apache Webserver 2.4.57 remote zeroday vulnerability - For Sale 1 BTC/Vulnerability only or 7BTC with exploit
all vulnerability details fully verifiable.
Email: ret20day@skiff.com
Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran's Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran's Islamic Revolutionary Guard Corps).
"The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said.
"Observed CVE-2023-27350 exploitation activity by Mango Sandstorm remains low, with operators using tools from prior intrusions to connect to their C2 infrastructure."
They follow...
Operation Triangulation: iOS devices targeted with previously unknown malware