You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Leak News
News in the criminal world, information about leaks
Forum Prefix Filter
Filters
Show only:
Loading…
Sticky threads
THE UL HOSPITALS Group, which runs six hospitals in the mid-west region, has said it is writing to more than 1,000 patients whose personal and medical information was inadvertently shared with an unknown third party in a major “data breach”.
Over 1,000 patients of UL Hospitals Group affected by data breach involving 'unknown party'
Nice to see Ireland joining the game ;)
Fakes looked exactly like the original, but did not differ in performance, stability and security.
An enterprising American who heads dozens of shell companies pleaded guilty earlier this week to importing tens of thousands of fake Chinese network devices that were pasted with fake Cisco labels and then sold to organizations across America for nearly a decade. Hospitals, schools, government agencies, and even the US army were among the organizations deceived in this large-scale scam. DoJOnur Aksoy, a 39-year-old Miami resident who was arrested last July, imported counterfeit goods from selected suppliers in China and Hong Kong, according to the U.S. Department of Justice (DoJ). Aksoy, who recently...
News Apache Webserver 2.4.57 Remote Zeroday Vulnerability - For Sale 1 Btc/Vulnerability Only / 7Btc With Exploit
Apache Webserver 2.4.57 remote zeroday vulnerability - For Sale 1 BTC/Vulnerability only or 7BTC with exploit
all vulnerability details fully verifiable.
Email: ret20day@skiff.com
Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
These groups are tracked as Mango Sandstorm (aka Mercury or Muddywater and linked to Iran's Ministry of Intelligence and Security) and Mint Sandstorm (also known as Phosphorus or APT35 and tied to Iran's Islamic Revolutionary Guard Corps).
"The PaperCut exploitation activity by Mint Sandstorm appears opportunistic, affecting organizations across sectors and geographies," the Microsoft Threat Intelligence team said.
"Observed CVE-2023-27350 exploitation activity by Mango Sandstorm remains low, with operators using tools from prior intrusions to connect to their C2 infrastructure."
They follow...
Operation Triangulation: iOS devices targeted with previously unknown malware
AIIMS New Delhi, said that it thwarted a malware attack on its eHospital services and the systems were working normally. The government also denied any cyber breach
Thwarted malware attack on e-Hospital services, no data breach: AIIMS
I believe there was a data breach just that it wasnt of an important information, but leak did happen.
Tell me your thoughts
Data Dump of documents 240 GB of files Croatian Arm selling company internal emails and docs email correspondance with ministries of deffence 6 different countries email corespondance with ministries of internal affairs of 3 different countries Pdf of projects of their weapons IDs of their clients Contracts with governmants List of names and contact @fbi_gov s of employees Confidential contracts Start 2000 Step 200 Blitz 5000
Suspected Chinese hackers allegedly breached the U.S. Navy as part of a broader campaign that cybersecurity experts believe was intended to disrupt communications in the Pacific region ahead of a possible crisis.
U.S. Navy Secretary Carlos Del Toro told CNBC on Thursday that the Navy was impacted by a Chinese state-sponsored hacking group dubbed Volt Typhoon, which has been accused of breaching government, communications, manufacturing and IT organizations. Microsoft Corp., which named the group and warned of the breaches on Wednesday, said the hackers had gained access to targets in the U.S. and Guam, which is home to a key U.S. military installation in the Pacific.
Microsoft said it had “moderate confidence” the breaches were...
I have been doing some research on this and closed source cold storage wallets mean you never know what they can do in the background.
The wallet will only broadcast after the pin has been entered has anyone had any luck working out how to pull out the seed.
not sure if this posted to forum but great site for data from solid group)
ENTOMOJO, AN ONLINE rental furniture start-up, has reported a data breach that has exposed the personal information of some of its subscribers. The start-up informed its customers about the breach through an email and assured them that their financial data is still safe.
The email stated that the attackers gained unauthorised access to customer data by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of the company’s databases. However, it was mentioned that financial information such as credit cards, debit cards or UPI is not affected as the company never stores them in its database.
As part of the investigation process, RentoMojo is securing the database and encrypting all information...
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances.
The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.
The California-headquartered firm said the issue is rooted in a component that screens the attachments of incoming emails.
"The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives)," according to an advisory from the NIST's national vulnerability database.
"The vulnerability stems from incomplete input validation of a...
An Ohio man was sentenced to 51 months in federal prison for stealing over 712 bitcoin that was subject to forfeiture in the Helix admin's case.Gary James Harmon
According to the DoJ, the bitcoin that 31-year-old Gary James Harmon of Cleveland stole, had been seized during the investigation of his brother, Larry Dean Harmon, the creator and admin of Helix, a now-defunct darknet-based bitcoin tumbler.
Larry Harmon admitted he helped dark web users launder funds by operating Helix from 2014 to 2017. Helix helped its users move over 350,000 bitcoin, valued at over $300 million at the time of the transactions. Federal agents arrested Larry Harmon on February 6, 2020, and seized several hardware crypto wallets. The investigators were not...
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.
The ABA is the largest association of lawyers and legal professionals globally, with 166,000 members as of 2022. The organization provides continuing education and services for lawyers and judges, as well as initiatives to improve the legal system in the USA.
Thursday night, the ABA began notifying members that a hacker was detected on its network on March 17th, 2023, and may have gained access to members' login credentials for a legacy member system decommissioned in 2018.
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.
The three security shortcomings are listed below -
CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with improved bounds checks.
CVE-2023-28204 - An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. It was addressed with improved input validation.
CVE-2023-32373 - A use-after free bug in WebKit that could lead to arbitrary code execution when processing maliciously crafted web...
Пророссийская хак-группа «XakNet Team» взломала крупную украинскую страховую компанию oranta.ua и получила доступ к данным всех её клиентов.
Данные трети всех жителей Украины оказались в руках хакеров только в результате одного этого взлома.
В файле metis_faces содержится 12,5 миллионов записей с полями:
Ф.И.О.;
Фамилия Инициалы;
Даты рождения;
Пол;
Адрес регистрации;
Идентификатор клиента;
Код ДРФО клиента.
В файле metis_vehicles содержится 6.996.610 записей с полями:
VIN авто;
ГРЗ авто;
Марка, модель авто;
Регион/Город регистрации.
В файлах osagopolises и stg.Faces содержится 667.756 и 1.121.306 записей соответственно с более детальными данными.
News Бывшего Главу Отдела Безопасности Uber Приговорили К 3 Годам Условно За Молчание Об Утечке Данных
Бывшего главу отдела безопасности Uber приговорили к 3 годам условно за молчание об утечке данных
Как сообщают американские и международные СМИ, Окружной суд США вынес приговор экс-руководителю «безопасников» Uber Джо Салливана к 3 годам условного тюремного срока – он признан виновным в воспрепятствовании правосудию и сокрытии информации о преступлении. Речь идет об утечке данных 57 миллионов клиентов Uber, состоявшейся еще в 2016 году. Как заявил судья, подобные действия в будущем повлекут за собой тюремное заключение – от утечки пострадало большое количество людей.
Как показало расследование, злоумышленники требовали от Uber выкуп в размере 100 тысяч долларов США, и компания пошла на эти условия. При этом многие специалисты по...
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.
The company emailed the data breach notifications late Friday afternoon, warning that customers' data was stored in a Western Digital database stolen during the attack.
"Based on the investigation, we recently learned that, on or around March 26, 2023, an unauthorized party obtained a copy of a Western Digital database that contained limited personal information of our online store customers," Western Digital said.
"The information included customer names, billing and shipping addresses, email addresses, and telephone numbers. As a security measure, the...
Заработал больше 2 миллионов рублей на продаже аккаунтов. Расследование завершено
Следователи установили, (sk.gov.by) что 40-летний житель Минского района несколько лет приобретал в даркнете данные учетных записей и продавал их в два, а то и в три раза дороже.
Для реализации преступного плана он создал интернет-магазин по продаже цифровых продуктов.
Главным следственным управлением разработан алгоритм вывода и конвертации криптовалюты. Благодаря этому, обнаруженные у обвиняемого активы выведены из цифровой среды. Их размер составил около 2 миллионов рублей. В настоящее время решается вопрос об обращении полученных денежных средств в доход государства.
Прокуратура американского штата Мичиган объявила (FBI DISRUPTS VIRTUAL CURRENCY EXCHANGES USED TO FACILITATE CRIMINAL ACTIVITY) о закрытии сразу девяти крупных обменников криптовалюты, которые якобы активно использовались киберпреступниками для отмывания и обналичивания денег. Операция против этих ресурсов проводилась совместными усилиями отделения Федерального бюро расследований Детройта, Генеральной прокуратуры Украины, а также департамента киберполиции и Главного следственного управления Национальной полиции Украины.
Сообщается о том, что в результате действий силовиков были арестованы доменные имена и отключены серверы следующих площадок: 24xbtc.com, 100btc.pro, Pridechange.com, 101crypta.com, uxbtc.com, trust-exchange.org...
CRYPTNET ransomware group added Urban Import, Inc (http://urbanimport.com), to their victim list. They claimed to have published 7GB of company data.]
Does anyone have hold of this data?
RENTOMOJO, AN ONLINE rental furniture start-up, has reported a data breach that has exposed the personal information of some of its subscribers. The start-up informed its customers about the breach through an email and assured them that their financial data is still safe.
The email stated that the attackers gained unauthorised access to customer data by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of the company’s databases. However, it was mentioned that financial information such as credit cards, debit cards or UPI is not affected as the company never stores them in its database.
As part of the investigation process, RentoMojo is securing the database and encrypting all...
Country: Netherlands Rights: VPN User Access: VPN + in the subnet hangs DC in the domain, vulnerable ms-17-010. Revenue: The main company is 500m$+ but has branches, maybe it's a grid of one of them. Field: Major casino chain in the country. Set: 1 credits + DC address with vulnerability MS-17-010. A host called ESX is visible on the subnet, possibly a hypervisor. Purity: Quiet scan, did not use the eternal blue itself. Start: 500$ Step: 100$ Blitz: 1000$ We are happy to make a deal through ** The guarantor's commission is paid by the buyer. Questions and suggestions can be sent to PM. I give zoom and information about the company only to users with a turnip / deposit or in the process of a transaction in a chat with a guarantor, in...
https://beincrypto.com/lockbit-ransomware-attack-strikes-venezuelas-largest-bank/
LockBit 3.0 Ransomware Victim: bancodevenezuela[.]com - RedPacket Security