Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2025 is out!

It includes the following and much more:

➝ Hewlett Packard Enterprise is Investigating a #Breach

➝ Largest #DDoS Attack Ever Blocked

➝ #Cloudflare's CDN Can Reveal users' Location

➝ #BreachForums Founder to be Resentenced

➝ #Oracle Addresses 318 Flaws;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-042025?r=299go8

This week, the Fourth Circuit heard oral arguments in the government's appeal of Pompompurin's sentence:

https://databreaches.net/2024/11/01/fourth-circuit-hears-oral-arguments-about-the-sentencing-of-pompompurin/

17 days time served plus 20 years supervised release just doesn't seem enough for the crimes he admitted to committing.

@campuscodi @euroinfosec @jgreig @brett

More than 330 Million Email Addresses Allegedly Scraped from Security Platform SOCRadar.io Exposed Online https://thecyberexpress.com/330-million-email-ids-scraped-from-socradar-io/ #TheCyberExpressNews #CybersecurityNews #CyberEssentials #TheCyberExpress #DataBreachNews #BreachForums #DataScraping #databreach #SOCRadario #Hackread #SOCRadar #USDoD

#AWS instance was penetrated by unknown perpetrators; #ShinyHunters is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom.

As we reported yesterday, hackers breached Ticketmaster and stole half a billion records of personal information. Now we know that independent researchers have verified the leaked data, which has been priced at a half-million dollar ransom.

The tale also highlights the return of the notorious #BreachForums despite the FBI’s best efforts. In #SBBlogwatch, here’s what we know now and what people are saying. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/05/ticketmaster-shinyhunters-breachforums-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

An email from the FBI to #NiceNIC that was shared with DataBreaches shows the FBI trying to explain to NiceNIC why they should transfer the #BreachForums domains back to FBI nameservers or at least prevent their use by the criminals.

https://databreaches.net/2024/05/22/did-breachforums-get-its-domain-back-because-nicenic-was-originally-nicer-to-them-than-to-law-enforcement/

And not for nothing, but it has been seven days since BreachForums.st was seized, and the DOJ and its partners in other countries have yet to issue a press release or confirm whether there were any arrests.

@BleepingComputer @zackwhittaker @campuscodi

I haven't posted this on my site yet, but there have been a few developments likely related to the seizure of #BreachForums. As a preview, recall that Kantonspolizei Zürich were one of the cooperating entities in the takedown and that the seizure notice had two avatars behind bars: one was Baphomet, the other was a default avatar that has been used by a number of people, but is not the avatar of the forum owner ShinyHunters.

Law enforcement has yet to issue any press release or answer any questions about the takedown.

Developments:

#ShinyHunters was notified by #CloudFlare that they had received a court order ordering CF to cancel BF's account. CF complied with the court order. (Source: ShinyHunters shared text copy of CF communication with DataBreaches)

CF did not tell ShinyHunters what court had ordered that, so Shiny asked them to provide a copy of the order if there was no gag order with it, or to at least say what court ordered it so it could be appealed. They have not gotten a response from CF as yet to that request.

On May 15, the same day as the takedown, Switzerland Services sent customers a notice stating, in part, that "all our network equipment and servers in Switzerland were confiscated yesterday by Swiss police due to a local prosecutor order and therefore all services in Switzerland are currently unavailable and all data can de considered as lost and compromised."

ShinyHunters had previously told DataBreaches that BF has used servers and services in Switzerland.

ShinyHunters has also claimed to be in Switzerland. DataBreaches does not know if that is true or not.

I'll have this up on databreaches.net soon with the full message from Switzerland Services.

#seizure #FBI #NCA #enforcement #hacking #databreach

@brett @DarkWebInformer @arstechnica @campuscodi @zackwhittaker

#BreachForums has been seized by the #FBI and #DOJ with help from international partners.

The timing of the seizure is interesting. It could be that they decided to move now because of #IntelBroker's sale of data from #Europol, or it could be because a serious Russian TA listed three 0-days for sale.

Or it could be both. Or neither.

The seizure notice shows avatars for the administrator, Baphomet, and owner, ShinyHunters behind bars.

ShinyHunters' telegram account has not been seized and that account has been messaging me since the seizure-- so it's either Shiny or someone from LE who can write like Shiny.

The forum's TG channel has a seizure notice and so does Baphoment's official TG channel.

UPDATE 1: ShinyHunters tells me that Baphomet HAS been arrested.
.

@campuscodi @brett @BleepingComputer

FBI seize #BreachForums hacking forum used to leak stolen data #cybersecurity #infosec https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/#google_vignette @BleepingComputer @lawrenceabrams

For those reporting on the #DellTechnologies #databreach and sales listing on #BreachForums :

The seller "Menelik" is Shiny Hunters and they tell me (without proof so far) that they found a second vulnerability and have already exfiltrated a small amount of data.

https://databreaches.net/dell-notifies-customers-of-breach-seller-menelik-is-shinyhunters/

@campuscodi @zackwhittaker @BleepingComputer @jgreig @lorenzofb

Latest issue of my curated #cybersecurity and #infosec list of resources for week #01/2024 is out! It includes the following and much more:

➝ MAJOR US #MUSEUMS SUFFER #CYBERATTACK FALLOUT
➝ A “ridiculously weak“ password causes disaster for #Spain’s No. 2 mobile carrier
➝ #23andMe tells victims it’s their fault that their data was breached
➝ #OrbitChain loses $86 million in the last #fintech hack of 2023
➝ Europe’s Largest Parking App Provider Informs Customers of Data Breach
➝ #Crypto wallet founder loses $125,000 to fake airdrop website
➝ US Says 19 People Charged Following 2019 Takedown of #xDedic Cybercrime Marketplace
➝ Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks
➝ Hacked #Mandiant X Account Abused for #Cryptocurrency Theft
➝ Nigerian hacker arrested for stealing $7.5M from charities
➝ Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
➝ The FBI is adding more cyber-focused agents to U.S. embassies
➝ Former #BreachForums admin to be jailed until Jan. 19 sentencing
➝ DOJ Slams #XCast with $10 Million Fine Over Massive Illegal Robocall Operation
➝ #Google Contractor Pays Parents $50 to Scan Their Childrens' Faces
➝ Google Settles $5 Billion #Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
➝ #Taiwan to reveal Chinese election interference after Saturday’s vote
➝ #Merck Settles #NotPetya Insurance Claim, Leaving #Cyberwar Definition Unresolved
➝ SpectralBlur: New #macOS Backdoor Threat from North Korean Hackers
➝ 3 Malicious #PyPI Packages Found Targeting #Linux with Crypto Miners
➝ New Bandook #RAT Variant Resurfaces, Targeting #Windows Machines
➝ UAC-0050 Group Using New #Phishing Tactics to Distribute Remcos RAT
➝ CERT-UA Uncovers New #Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
➝ Free Decryptor Released for #BlackBasta Ransomware
➝ #SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof #Emails
➝ #Ivanti warns critical EPM #bug lets hackers hijack enrolled devices
➝ Google Patches Six Vulnerabilities With First #Chrome Update of 2024
➝ Millions still haven’t patched #Terrapin SSH protocol #vulnerability

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-012024

Latest issue of my curated #cybersecurity and #infosec list of resources for week #30/2023 is out! It includes the following and much more:

➝ #BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities
➝ #CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist
➝ #BreachForums database and private chats for sale in hacker data breach
➝ Up to 11 Million People Hit by #MOVEit Hack at Government Services Firm Maximus
➝ Cybersecurity Agencies Warn Against #IDOR Bugs Exploited for Data Breaches
➝ GameOver(lay): Two Severe #Linux Vulnerabilities Impact 40% of Ubuntu Users
➝ #Deloitte denies #Cl0p data breach impacted client data in wake of MOVEit attack
➝ US Senator Wyden Accuses #Microsoft of ‘Cybersecurity Negligence’
➝ #CardioComm, a provider of #ECG monitoring devices, confirms cyberattack downed its services
➝ Fenix #Cybercrime Group Poses as Tax Authorities to Target Latin American Users
➝ #SEC now requires companies to disclose cyberattacks in 4 days
➝ #NATO investigates alleged data theft by #SiegedSec hackers
➝ Russian Cybersecurity Firm Founder Jailed for 14 Years
➝ ️ Maritime Cyberattack Database Launched by Dutch University
➝ Realst Mac #malware targets macOS #Sonoma
➝ #IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
➝ Researchers find deliberate #backdoor in police radio #encryption algorithm
➝ #JumpCloud hack linked to #NorthKorea after #OPSEC mistake
➝ #Ivanti patches MobileIron zero-day bug exploited in attacks
➝ #Norway government ministries hit by cyber attack
➝ #Zenbleed attack leaks sensitive data from #AMD Zen2 processors
➝ #Apple fixes new zero-day used in attacks against iPhones, Macs
➝ #Banking Sector Targeted in Open-Source Software Supply Chain Attacks

#opensource #TETRA #IoT #MIoT #security

This week's recommended reading is: "Evading EDR: A Comprehensive Guide to Defeating Endpoint Detection Systems" by Matt Hand

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-302023

Latest issue of my curated #cybersecurity and #infosec list of resources for week #28/2023 is out! It includes the following and much more:

➝ #BreachForums owner #Pompompurin pleads guilty to hacking charges
➝ PicassoLoader #Malware Used in Ongoing Attacks on #Ukraine and #Poland
➝ #BlackLotus UEFI Bootkit Source Code Leaked on #GitHub ... or not
➝ #WordPress plugin installed on 1 million+ sites logged plaintext #passwords
➝ The Big Brother in your pocket: How a US company secretly tracks and rates half of the world's mobile users
➝ #Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
➝ Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan
➝ Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
➝ Russian submarine commander on Ukraine blacklist assassinated
➝ Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW
➝ #Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
➝ #DeutscheBank confirms provider breach exposed customer data
➝ Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
➝ Two Teens Accused of Masterminding Hacks on Grand Theft Auto and #Uber
➝ HCA #Healthcare reports #breach of 11 million patients’ personal data
➝ Trinidad and Tobago facing outages after #cyberattack
➝ EU adopts more robust data privacy agreement with US
➝ #Apple Ships Urgent #iOS Patch for #WebKit Zero-Day
➝ Liberté, Égalité, #Spyware: France okays cops snooping on phones
➝ PoC Exploit Published for Recent #Ubiquiti EdgeRouter Vulnerability
➝ #RomCom RAT Targeting #NATO and Ukraine Support Groups
➝ Hackers Steal $20 Million by Exploiting Flaw in #Revolut's Payment Systems
➝ Luigi Vanvitelli hospital impacted by ransomware
➝ #Twitter Blue accounts fuel Ukraine War misinformation
➝ Top Suspect in 2015 #AshleyMadison Hack Committed Suicide in 2014

This week's recommended reading is: "Battlefield Cyber: How China and Russia are Undermining Our Democracy and National Security" by Michael McLaughlin and Bill Holstein

Subscribe to the #newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-282023

Latest issue of my curated #cybersecurity and #infosec list of resources for week #27/2023 is out! It includes, but not only:

➝ Vishing Goes High-Tech: New 'Letscall' #Malware Employs Voice Traffic Routing
➝ #BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils
➝ Another Critical Unauthenticated #SQLi Flaw Discovered in #MOVEit Transfer Software
➝ Signal’s Meredith Whittaker: Breaking #encryption while preserving privacy is ‘magical thinking’
➝ #Bangladesh government website leaks citizens’ personal data
➝ 28,000 Impacted by Data Breach at #Pepsi Bottling Ventures
➝ Apps with 1.5M installs on #GooglePlay send your data to #China
➝ #Mastodon fixes critical “TootRoot” #vulnerability allowing node hijacking
➝ ️ Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data
➝ #Android July security updates fix three actively exploited bugs
➝ ️ Actively exploited vulnerability threatens hundreds of solar power stations
➝ #Japan’s largest port stops operations after ransomware attack
➝ Ransomware criminals are dumping kids’ private files online after school hacks
➝ EU Court Deals Blow to #Meta in German Data Case
➝ Swedish Data Protection Authority Warns Companies Against #GoogleAnalytics Use
➝ #CISA issues warning for #cardiacdevice system vulnerability
➝ Mexico-Based Hacker Targets Global #Banks with Android Malware
➝ Data leak affects 425,000 Swiss Abroad
➝ Personal data of magistrates published online by a group of hackers
➝ #Microsoft denies data breach, theft of 30 million customer accounts
➝ #Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by #Spyware Vendor
➝ 300,000+ #Fortinet firewalls vulnerable to critical FortiOS RCE bug
➝ #LockBit Dominates Ransomware World, New Report Finds
➝ Dublin Airport staff affected by cyber attack
➝ Free #Akira ransomware decryptor helps recover your files

#cyberattack #security #privacy #data #software #solarpower #school

This week's recommended reading is: "Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data" by @micahflee

Subscribe to the #newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-272023

The reincarnation of BreachForums: A cyberdrama in three acts

https://www.databreaches.net/the-reincarnation-of-breachforums-a-cyberdrama-in-three-acts/

#BreachForums #ShinyHunters #Exposed

@underthebreach @vxunderground

@campuscodi @aj_vicens @jgreig @BleepingComputer

The Peekskill Herald, which had posted, and then removed, a story about Conor Fitzpatrick (aka "Pompompurin") being taken by ambulance to the hospital, has reuploaded their original story with a note about its removal and restoration.

https://peekskillherald.com/7512/news/accused-peekskill-cybercriminal-hospitalized-wednesday/

#ethics #journalism #BreachForums

@briankrebs

#BreachForums (Breached), der "Nachfolger" des vor einem Jahr hopsgenommenen #RaidForums und großer Marktplatz für Daten-#Leaks, ist seit ca. einer Woche Geschichte. Gerichtsdokumente belegen nun, wie das #FBI den Admin von Breached enttarnen konnte. Sie haben Zugriff auf die Datenbank von Breached und Admin Fitzpatrick aka "Pompompurin" hatte sich unter anderem ein Mal ins Forum mit seiner unverschleierten IP ohne VPN oder Tor eingeloggt.

https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/

MIDTUGE & NY CYBER2GO-udsendelse!

* #BreachForums lukker ned.

* #LockBit tager ansvar for Oakland-angreb

* #Snapchat undrer sig over CFCS-liste

Find den hvor du finder dine #podcasts eller på https://cyber2go.buzzsprout.com!

It appears that #BreachForums may be permanently offline.

Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2023 is out!

It includes, but not only:

• Alleged #BreachForums owner Pompompurin arrested on cybercrime charges
• FakeCalls Vishing #Malware Targets South Korean Users via Popular Financial Apps
• #RAT developer arrested for infecting 10,000 PCs with malware
• Lookalike #Telegram and #WhatsApp Websites Distributing #Cryptocurrency Stealing Malware
• #BianLian ransomware gang shifts focus to pure data extortion
• Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
• Convincing #Twitter 'quote tweet' phone scam targets bank customers
• #Belgium and #UK ban #TikTok from federal government work phones
• #NordVPN open sources its #Linux #VPN client and libraries
• #ChipMixer platform seized for laundering #ransomware payments, drug sales
• #CISA joins forces with #WiCyS to break up the boy's club
• #Microsoft Warns of #Outlook Zero-Day Exploitation, Patches 80 Security Vulns
• @shortridge 's Cyber Startup Buzzword Bingo: 2023 Edition
• Microsoft Warns of Large-Scale Use of #Phishing Kits to Send Millions of Emails Daily
• #FBI reveals that more money is lost to investment fraud than ransomware and business email compromise combined
• #KaliLinux 2023.1 introduces 'Purple' distro for defensive security
• Threat Actors Abuse #AIGenerated Youtube Videos to Spread Stealer Malware

Subscribe to the #newsletter to have it piping hot in your inbox every Sunday

https://0x58.substack.com/p/my-shared-links-week-112023

Was there a rush to arrest Pompompurin, the owner of BreachForums? If so, why?

My Sunday musings and speculation: https://www.databreaches.net/was-there-a-rush-to-arrest-pompompurin-the-owner-of-breachforums-if-so-why/

#databreach #cybercrime #arrest #Pompompurin #BreachForums #FBI #DHS #DCHealthLinks

@briankrebs @BleepingComputer @brett @campuscodi @zackwhittaker

Maybe one of the bigger guns can get some answers when I can't. :)