23 matches found
Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days
By Deeba Ahmed 100,000+ Reasons to Rethink Vulnerability Management. This is a post from HackRead.com Read the original post: Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days...
A Closer Look at the Snatch Data Ransom Group
Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gangs internal operations. Today, well take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused...
BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum
In a sudden turn of events, Baphomet, the current administrator of BreachForums, said in an update on March 21, 2023, that the hacking forum has been officially taken down but emphasized that "it's not the end." "You are allowed to hate me, and disagree with my decision but I promise what is to...
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
The pay-per-install PPI malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated...
Rogue Marketplace AlphaBay Reboots
The illicit marketplace AlphaBay appears to have resurfaced, four years after a high-profile takedown by international law enforcement agencies. The reboot, according to researchers at Flashpoint, isn’t an exact a replica. Rather, the reconstituted version of the site is described as an homage to...
Kaseya’s ‘Master Key’ to REvil Attack Leaked Online
Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, while the key may be interesting to security researchers, it’s not likely to be of use to any of...
A Closer Look at the DarkSide Ransomware Gang
The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. Heres a closer look at the DarkSide...
WeLeakInfo Leaked Customer Payment Info
A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo.com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to...
Apache Tomcat Exploit Poised to Pounce, Stealing Files
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...
“BriansClub” Hack Rescues 26M Stolen Cards
"BriansClub," one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, includin...
ThreatList: Biggest Cybercrime Developments in 2018, So Far
Despite several successful crackdowns on several cybercriminal underworld gangs, miscreants have been highly active during the first half of 2018, according Flashpoint. According to Flashpoint’s mid-year Business Risk Intelligence report, released last month, the major developments in the...
Boutique Shops Offering Rewards Points Pop Up on the Dark Web
Cybercriminal interest in stolen data is not solely limited to financial or personally identifiable information. The exploitation of rewards-points programs, especially those associated with travel, is also on the radar screen for the bad guys. To cater to this interest, a series of boutique stor...
Rubella Crimeware Kit: Cheap, Easy and Gaining Traction
A crimeware kit dubbed the Rubella Macro Builder is betting on a “dirty deeds done dirt cheap” approach to gain popularity in the criminal underground. The kit does two things: with a point-and-click builder functionality, it generates an initial malware payload for social-engineering spam...
A Mirai Botnet Postscript: Lessons Learned
The fall 2016 Mirai botnet compromised more than 300,000 IoT devices as part of a massive DDoS attack. After the crippling attack, Flashpoint and Akamai worked together with law enforcement to help bring those behind the botnet attack to justice. Threatpost’s Tom Spring sits down with Flashpoint’...
EternalBlue Exploit Used in Retefe Banking Trojan Campaign
Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers a...
The WireX Botnet: An example of cross-organizational cooperation
Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...
WannaCry Inspires Banking Trojan to Add Self-Spreading Ability
Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are...
Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China
It’s been almost four weeks since the outcry of WannaCry ransomware, but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacki...
Dridex Returns With Windows UAC Bypass Method
After a six-month hiatus, the Dridex banking malware is back and targeting large financial institutions in the U.K with a new technique that can bypass Windows User Account Control UAC. Researchers at Flashpoint said they have seen small phishing and spear-phishing campaigns targeting specific...
ShadowBrokers Selling Windows Exploits, Attack Tools
The latest Shadowbrokers dump of alleged NSA tools—a cache of Windows exploits—surfaced over the weekend. And for the first time since these unannounced releases started last summer, analysts don’t have the luxury of a free set of files to dig in to. The group is selling the database for 750...