Cyber criminals leak Pfizer, BioNTech COVID-19 vaccine data

By Waqas The leaked vaccine data is now circulating on hacker forums including Russian-speaking ones. Here's what was leaked and some exclusive screenshots. This is a post from HackRead.com Read the original post: Cyber criminals leak Pfizer, BioNTech COVID-19 vaccine data...

Malware vendor returns with yet another nasty Android malware

By Sudais Asif Triangulum, a previously known threat actor is back with new Android malware which is now being sold on dark web hacking forums. This is a post from HackRead.com Read the original post: Malware vendor returns with yet another nasty Android malware...

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan RAT capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook,...

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan RAT capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook,...

Topcoder: IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data

Summary: Hello, A API on apps.topcoder.com/forums/ exposes the email of any user on topcoder.com and some PIIs name, surname, id. Steps To Reproduce: 1 Create a profile at topcoder.com 2 Go to apps.topcoder.com/forums and login forum 3 Entery any topic example:...

Joker's Stash Carding Site Taken Down

Joker’s Stash, the carding site where cybercriminals hawk their payment-card wares, has suffered a blow after law enforcement apparently seized one of its domains. Joker’s Stash is a popular cybercriminal destination that specializes in trading in payment-card data, offering millions of stolen...

The Edge of a Storm?

The SolarWinds element of this breach is likely just the tip of the iceberg as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of acces...

mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting

Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...

mojoPortal Forums 2.7.0.0 Cross Site Scripting

Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

The Dark Web/Darknet continues to be an environment for bad actors to share stolen credentials and discuss successful attacks. In fact, in recent weeks, personal information from places ranging from education organizations to voter databases in the U.S. have been found exposed. Although there hav...

$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail

Authorities have sentenced a hacker to eight years in prison for trafficking stolen personally identifiable information PII and online banking credentials resulting in losses totaling over $100 million. Aleksandr Brovko, 36, formerly of the Czech Republic, pleaded guilty in February to conspiracy...

livres-forums-construction.fr Improper Access Control vulnerability OBB-1411332

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Ransomware Attackers Buy Network Access in Cyberattack Shortcut

For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks...

Stolen Fortnite Accounts Earn Hackers Millions Per Year

UPDATE Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums. With Fortnite’s immense popularity skyrocketing over the past few years – it currently has more than 350 million global players – the game is a...

Confessions of an ID Theft Kingpin, Part I

At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the worlds top data brokers. That is, until his greed and ambition played straight into an elaborate snare se...

This Week in Security News: 15 Billion Credentials Currently Up for Grabs on Hacker Forums and New Mirai Variant Expands Arsenal

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums. Also,...

Notorious Hacker 'Fxmsp' Outed After Widespread Access-Dealing

“Fxmsp,” a notorious hacker who made headlines last year for allegedly stealing and selling source code and customer access from McAfee, Symantec and Trend Micro, has been outed. He’s a Kazakh national named Andrey Turchin, and according to unsealed court documents, he faces hacking charges datin...

15 Billion Credentials Currently Up for Grabs on Hacker Forums

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the...

Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites

Researchers have identified a credit-card skimming campaign that’s been active since mid-April that has a rather specific and unusual target: ASP.NET-based websites running on Microsoft Internet Information Services IIS servers. New research from Malwarebytes Labs recently uncovered the campaign,...

Vanilla Forums SQL Injection (CVE-2013-3527)

An SQL injection vulnerability exists in Vanilla Forums. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...