This Week in Security News: 15 Billion Credentials Currently Up for Grabs on Hacker Forums and New Mirai Variant Expands Arsenal

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums. Also,...

Notorious Hacker 'Fxmsp' Outed After Widespread Access-Dealing

“Fxmsp,” a notorious hacker who made headlines last year for allegedly stealing and selling source code and customer access from McAfee, Symantec and Trend Micro, has been outed. He’s a Kazakh national named Andrey Turchin, and according to unsealed court documents, he faces hacking charges datin...

15 Billion Credentials Currently Up for Grabs on Hacker Forums

Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the...

Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites

Researchers have identified a credit-card skimming campaign that’s been active since mid-April that has a rather specific and unusual target: ASP.NET-based websites running on Microsoft Internet Information Services IIS servers. New research from Malwarebytes Labs recently uncovered the campaign,...

Vanilla Forums SQL Injection (CVE-2013-3527)

An SQL injection vulnerability exists in Vanilla Forums. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

Thanos Ransomware First to Weaponize RIPlace Tactic

Researchers have uncovered a new ransomware-as-a-service RaaS tool, called Thanos, which they say is increasing in popularity in multiple underground forums. Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique...

Career Choice Tip: Cybercrime is Mostly Boring

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of...

A New Free Monitoring Tool to Measure Your Dark Web Exposure

Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resourc...

bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table

binit discovered a stored XSS issue via the forums list table. The payload is put and can only be triggered by accounts with the Keymaster bbPress role...

Hackers Sell Data from 26 Million LiveJournal Users on Dark Web

A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. The data contained in the files appears to be from a 2014 incident in which 33 million accounts were hacked, according to a published report...

Police arrests man for selling massive combolists on hacker forums

By Deeba Ahmed According to police, the hacker also compiled Collection 1, 2, 3, 4, 5, and Antipublic combolist. This is a post from HackRead.com Read the original post: Police arrests man for selling massive combolists on hacker forums...

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records

The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums. In an official statement released on...

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found. Researchers from Secureworks Counter Threat Unit CTU have observed an...

Troves of Zoom Credentials Shared on Hacker Forums

Hackers have a new favorite topic of conversation on underground forums: How to obtain – and leverage – valuable credentials for Zoom, Skype, Webex and other web conferencing platforms increasingly used by remote workers. That’s what Etay Maor, chief security officer at IntSights, has discovered...

Notorious dark web child abuser arrested after int’l operation

By Deeba Ahmed Authorities have arrested a dark web child abuser known for uploading highly graphic content on several marketplaces and online forums. This is a post from HackRead.com Read the original post: Notorious dark web child abuser arrested after int'l operation...

Announcing the VMware vExpert Security Program!

We’re excited to share that the VMware Security Products Team and Carbon Black is announcing a new Security vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge of VMware technologies with the...

Vanilla Forums Information Disclosure Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . An information disclosure vulnerability exists in Vanilla Forums versions prior to 2.0.17.9. The vulnerability stems from a configuration or other error in the operation of a networked system or product. An...

About the Security Notices category

This is a sub-categrory of Announcements for Security Notices. Older security notices can be found in the archived MODX Forums here: https://forums.modx.com/board/8/security-notices 1 post - 1 participant Read full topic...

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A Stored xss was found in Vanillafor...

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A...