news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- exclusive
- Frog
- Harley-Davidson
- Transportation
- North America
- United States
- Infocert
- Europe
- Southern Europe
- Italy
- Piewithnothing
- Technology
- Vicecoolman
- Government
- Latin America And The Caribbean
- Food And Kindred Products
- Panchovilla
- Retail
- Mexico
- Grupo Bimbo, S.A.B. De C.V
- Eastern Asia
- Japan Airlines
- Japan
- Asia
- Global
- Sivanabel
- G. Energy
- Eastern Europe
- Belarus
- Hikki-Chan
- Miyako
- Finance
- CVE-2024-12686
- Cve-2024-12686
- U.S Department Of The Treasury
- CVE-2024-12356
- Cve-2024-12356
- Noname057(16)
- Intesa Sanpaolo
- Web Ddos
- Exfiltration Over C2 Channel
- Browser Extensions
- Phishing
- Exploitation For Credential Access
- Critical Infrastructures
- Port Network Authority Of The Ionian Sea - Port Of Taranto
- Vulcanair
- Australia
- Meow
- Hisense
- Australia And New Zealand
- Cisco
- Intelbroker
- Germany
- Cariad
- Western Europe
- Zagg
- ddos
- vulnerability
- Cve-2014-2120
- CVE-2014-2120
- Israel
- Handala
- Middle East
- Harel Insurance Investments & Financial Services
- Insurance Agents, Brokers And Service
- Shirbit Insurance
- leak
- South-Eastern Asia
- Philippines
- Klara Polzl
- breach
- Ph.Hunterx
- Philippine Economic Zone Authority (Peza)
- Philippine Cyber Alliance
- Deathnote Hackers
- Coca-Cola Philippines
- Beverage
- Dnh@Klammer
- Venom
- Magecart
- Liminal Panda
- Telecommunications
- Southern Asia
- Africa
- Password Spraying
- Gelsemium
- Wolfsbane
- Taiwan
- Singapore
- Abyss0
- Business Services
- Finastra
- United Kingdom
- Finastra - Breach - 2024-11-08
- CVE-2024-0012
- Cve-2024-0012
- Cve-2024-9474
- CVE-2024-9474
- Grep
- Software
- Portnov Computer School
- United States Of America
- Anonymous For Justice
- Corndb
- Paz Oil Company
- Gr3Ggm3Rc3R
- Egov Ph
- Krypton International Resources
- Ransomhub - Krypton International Resources - Ransom - 2024-09-18
- ransomware
- Ransomhub
- Energy
- Financial Theft
- Armed Forces Of The Philippines (Afp)
- Credentials From Password Stores
- Department Of Information And Communications Technology (Dict)
- Credentials From Web Browsers
- infostealer
- Schneider Electric
- Manufacturing
- France
- Energyweaponuser
- Northern Europe
- Finland
- Nokia
- Impair Defenses
- Play
- Acquire Access
- Compromise Accounts
- Andariel
- Optum
- Unitedhealth Group
- Blackcat Ransomware Group Linked To Cyberattack On Optum'S Change Healthcare Platform
- Alphv
- Healthcare
- Fbi
- Redline Stealer
- Metastealer
- Education
- Darkraas
- Paris 1 Panthéon-Sorbonne University
- Magouilleur
- Sarcoma
- Suntrust Properties
- Real Estate
- Sarcoma - Suntrust Properties - Ransom - 2024-10-09
- Zjj
- global
- Doscast
-
Jan 02, 2025
Major Data Leak Exposes Harley-Davidson Customer Information
In January 2025, "Harley-Davidson" experienced a significant data leak when a threat actor known as "frog" exposed over 66,700 rows of customer information. The compromised data included sensitive details such as customer names, addresses, phone numbers, emails, vehicle information (VIN, make, model, year), sale and warranty dates, and service records. The leak was shared on the dark net forum "leakbase," and links to download the leaked files were included.
-
Jan 01, 2025
A Database of InfoCert is Offered for Sale
A threat actor on BreachForums named PieWithNothing is advertising a database containing 5.5 million records for sale, allegedly including 1.1 million unique phone numbers and 2.5 million unique email addresses, for $1,500. InfoCert, an IT company specializing in identity management services, electronic signature solutions, time stamping, digital archiving, and related services, announced last week that they experienced a data breach. However, the connection between the breach and this advertisement has not been established
-
Jan 01, 2025
Data Leak of USA Local Government Maritime Industry by Threat Actor viceCoolMan
The threat actor "viceCoolMan" leaked data involving a local US government maritime industry portal on the dark web forum "BreachForums." The leak provides access to three commissioner accounts (non-admin) and one read-only database. The threat actor demands $500 to access the accounts and the database.
-
Dec 31, 2024
Data base of Mexico Grupo Bimbo's customers for sale
The threat actor under the name of "PanchoVilla" is claiming to have and selling a customer's data base of the Mexican food company Grupo Bimbo. The thread was posted on the know cybercrime forum "Breachforums". According to the threat actor the data base includes more than 5K customer's records that include Name, Email, State, Token, Skype ID Email ID Apple ID Facebook ID. The threat actor is selling the database at a price of 2,000 USD.
-
Dec 31, 2024
Major Cyber Attack Disrupts Flights at Japan Airlines
On December 26, 2024, a significant cyberattack targeted Japan Airlines, causing widespread flight disruptions during the busy holiday travel season. The airline's computer systems were compromised, leading to delays and cancellations that affected thousands of passengers. Japan Airlines has initiated an investigation into the breach and is collaborating with cybersecurity experts to restore normal operations and enhance system security.
-
Dec 31, 2024
Data Leak from Belarusian Companies in E-Commerce and Energy Sectors
A data leak has been shared involving over 85,947 files (totaling 114GB uncompressed) from multiple Belarusian companies in the e-commerce and energy sectors. The leaked dataset includes sensitive documents, contracts, sales records, bank transfer details, invoices, technical designs, customer transactions, and user databases. Affected companies include "G. Energy" and "Sivanabel," with contents detailing financial transactions, personal data of employees and customers, and confidential corporate information. The data is distributed across various folders, including marketing materials, contracts, and customer account details. The leak was shared by a threat actor known as "Hikki-chan" on the dark net forum "BreachForums."
-
Dec 31, 2024
Data Leak: Large USA Bank Server Access Offered for Sale
A threat actor known as "miyako" has posted an offer on the dark web forum "BreachForums" for unauthorized access to a server hosting a large U.S. bank's firewall and VPN systems. The offer includes root-level privileges, potentially enabling significant exploitation of the bank's infrastructure. The price for this access is fixed at $800.
-
Dec 31, 2024
US Treasury Department Data Leak Caused by Chinese APT via Remote Support Platform
The "US Treasury Department" experienced a significant data leak after a Chinese state-sponsored Advanced Persistent Threat (APT) actor accessed several workstations and unclassified documents through a compromised third-party vendor, "BeyondTrust." The breach, was first reported to the "Treasury" on December 8, 2024, when "BeyondTrust" informed the agency that the APT had stolen a security key used for remote technical support. This unauthorized access allowed the threat actors to override security protocols and remotely access sensitive information. The APT exploited two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, to breach and take over Remote Support SaaS instances. Following the incident, the compromised service was taken offline, and there is currently no evidence that the APT maintains access to "Treasury" systems.
-
Dec 30, 2024
#OpItaly
A series of Distributed Denial of Service (DDoS) attacks, attributed to the pro-Russian hacktivist group "NoName057(16)," has targeted multiple Italian infrastructure entities. The campaign has impacted high-profile targets, including the websites of Milan's Malpensa and "Linate" airports, the Italian Foreign Ministry, and various public transport networks. The group claimed responsibility via their Telegram channel, framing the attacks as a "cyber response" to "Italian Russophobes."
-
Dec 30, 2024
Chrome Extension Phishing Attack Campaign Exposes 600,000 Users
A new Chrome Extension Phishing Attack Campaign has compromised at least 16 Chrome browser extensions, impacting over 600,000 users by exploiting their access to sensitive data like cookies and access tokens. The attack began with a phishing campaign targeting extension publishers, which allowed the threat actor to inject harmful code into legitimate extensions and exfiltrate user data, including Facebook business account credentials. The attack, first identified on December 24, 2024, is part of a larger, ongoing campaign affecting various extensions.
-
Dec 29, 2024
-
Dec 29, 2024
DDoS Attack on Vulcanair, Italian Aircraft Manufacturer
As part of their campaign #OpItaly, the pro-Russian hacker group NoName057(16) claimed responsibility for a Distributed Denial-of-Service (DDoS) attack targeting Vulcanair, an Italian aircraft manufacturer. The group provided a link to verify the attack through check-host.net.
-
Dec 29, 2024
Meow Leaks Data from Hisense Breach Affecting 690K Users
In December 2024, the threat actor "Meow" released data from the October 2024 breach of "Hisense," which impacted 690,000 users. The exposed data includes sensitive customer information such as email addresses, full names, phone numbers, and product details. This breach has been made publicly available for download on the dark net forum "BreachForums."
-
Dec 29, 2024
Cisco Data Leak by Threat Actor IntelBroker on BreachForums
In a recent post on the dark web forum "BreachForums," the threat actor "IntelBroker" provided details of a data breach involving "Cisco," claiming responsibility for stealing 4.5TB of data in October 2024, along with threat actors "zjj" and "EnergyWeaponUser". This leak follows a previous release on December 17, 2024, where "IntelBroker" leaked 2.9GB of "Cisco" data. In the current leak, "IntelBroker" has made 4.84GB of the stolen data available for free, with download links provided to the forum community.
-
Dec 29, 2024
Volkswagen Group Data Leak: 800,000 Electric Cars Exposed
A significant data leak involving "Cariad," "Volkswagen's" automotive software company, exposed information from approximately 800,000 electric vehicles due to misconfigured IT applications. Discovered on November 26, 2024, the leak affected "VW," "Seat," "Audi," and "Skoda" models connected to online services. The exposed data included precise geo-location information for around 460,000 cars, customer names, and personal details. The data could have been accessed by an "Amazon" cloud storage instance containing this sensitive information through exposed access keys, allowing pseudonymized data to be linked to specific users, including two German politicians. "Cariad" responded by closing access immediately after being notified and stated that there is no evidence of data misuse by third parties.
-
Dec 29, 2024
ZAGG Data Leak: FreshClick App Compromise
"ZAGG" Inc., a leading mobile accessories company, experienced a significant data leak involving the "FreshClick" app between October 26 and November 7, 2024. An unauthorized threat actor injected malicious code into the "FreshClick" app, which is a third-party application used on "ZAGG's" BigCommerce-powered e-commerce platform. This malicious code allowed the unknown threat actor to scrape sensitive customer information during checkout transactions on "ZAGG.com", including names, addresses, and credit card details.
-
Dec 03, 2024
Hellcat TA Group Member Launching DDoS Botnet on December 5th
Miyako, an initial access broker and a member of the new threat actor group known as 'Hellcat' on the dark web breachforums, is advertising a new "private" DDoS botnet called "DarkStresser," which is scheduled for launch on December 5th. It is possible that other members of the Hellcat group are also involved in its development. The tool is intended to function under a subscription model, with pricing ranging from $15 to $60. Its relatively low cost and simplicity are anticipated to reduce the barrier to entry for conducting DDoS attacks.
-
Dec 03, 2024
Decade-Old Cisco Vulnerability Exploited in Recent Attacks
Cisco Warns that decade old vulnerability - CVE-2014-2120 - that has no workaround is observed being abused in-the-wild. A cross-site scripting (XSS) vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw, tracked as Bug ID CSCun19025, allows remote attackers to inject arbitrary web scripts or HTML through an unspecified parameter.
-
Dec 03, 2024
Handala Hack Announces Plans for Cyberattack on Israel Next Week
The threat actor group "Handala Hack" has announced plans to launch a cyberattack against Israeli entities next week, claiming it is in retaliation for the death of Reza Avazeh, the former cyber commander of the Hezbollah terror organization.
-
Dec 03, 2024
Handala Hack Claims Shirbit Insurance Data Breach
The threat actor group "Handala Hack" claims to have breached a proxy server belonging to 'Shirbit' insurance company, a subsidiary of 'Harel' insurance company. The group alleges they obtained 154 GB of confidential data, including databases, customer IDs, financial and administrative documents, emails, and more. They have also shared samples containing personal client information, such as names, ID numbers, and insurance policies. Additionally, the group specified that the stolen data pertains exclusively to Shirbit clients.
-
Nov 29, 2024
70,000 Philippine IDs Allegedly Leaked Online
A threat actor named "Klara Polzl" has sparked alarm after claiming to have access to 70,000 valid Philippine IDs. The post includes a screenshot showing a file directory and images of IDs, with the caption suggesting people check if their parents' IDs are included. This potential breach highlights a serious threat to privacy and security, with personal data possibly being misused. Authorities are urged to investigate the incident and take swift action to protect affected individuals.
-
Nov 29, 2024
Alleged Breach on Philippine Economic Zone Authority (PEZA) by Ph.HunterX
On November 27, 2024, a Philippine threat actor - Ph.HunterX - claimed that he gained unauthorized access to sensitive files of Philippine Economic Zone Authority (PEZA) via an issue in one of their web portals. According to the threat actor, sensitive information on ~521 enterprise merchants associated with PEZA has been compromised. Currently, the threat actor shared a screenshot on the Facebook page of Philippine Cyber Alliance group containing sample leaked information.
-
Nov 29, 2024
Coca-Cola Philippines' OutSystems LifeTime Web Portal Breached by DeathNote Hackers
On November 26, 2024, Klammer, the leader of DeathNote Hackers, claimed that they had gained unauthorized access to Coca-Cola Philippines' OutSystems LifeTime Web Portal. The breach has exposed several web environments and servers: - Development = cocacolaph-dev.outsystemsenterprise[.]com - Quality Assurance (QA) = cocacolaph-tst.outsystemsenterprise[.]com - Pre-Production = cocacolaph-tst1.outsystemsenterprise[.]com - Production = axisdms.ccbp.com[.]ph Currently, the threat group did not leak any sensitive information related to the breach. However, they asked Coca-Cola Philippines if they have any bug bounty programs so they can report the issue that led to unauthorized access to their OutSystems LifeTime portal.
-
Nov 28, 2024
Sophisticated Botnet & DDoS Tool Offered for Sale by Venom RAT Operator
A private botnet, supposedly capable of bypassing Cloudflare, CAPTCHA, UAM, and other advanced protections, is being sold for an undisclosed price by the threat actor known as 'Venom' on breachforums. This Threat Actor appears to be associated with the Venom RAT malware-as-a-service operators. The DDoS tool is claimed to incorporate proprietary attack techniques that enhance its effectiveness and reduce detection. The botnet's capabilities reportedly include generating 3.6 million requests per minute, aiming to overwhelm network resources such as firewalls and servers by flooding them with high volumes of traffic. Additionally, these attacks target the application layer, affecting protocols like HTTP and DNS.
-
Nov 27, 2024
Increased Activity of Magecart Attacks Observed in the Wild Skimming Credit Card Data
Recent observations have identified an increase in script injection attacks targeting vulnerable websites in an attempt to skim credit card information of customers. These attacks often exploit stolen third-party credentials of E-Commerce platforms that might have privileged access to the website. In some cases vulnerabilities are exploited to grant access to the vulnerable hosted website instead. Notably, such activities have been prevalent during seasonal marketing campaigns, such as Black Friday and will most likely continue onwards to the holidays. These type of attacks are usually attributed to 'Magecart' - Threat Actor groups that initiated said attacks on Magecart and other E-Commerce platforms, however this type of attack is most likely not attributed to only one group.
-
Nov 26, 2024
china-backed group leverage sigtran, gsm protocols to infiltrate telecom networks
A new cyber espionage group linked to China, "Liminal Panda," which has been conducting targeted cyber attacks against telecommunications entities in South Asia and Africa since at least 2020, was discovered. CrowdStrike attributes these attacks to Liminal Panda, highlighting their expertise in telecommunications networks and their use of custom malware tools for clandestine access and data exfiltration. The group has been known to exploit vulnerabilities in telecom infrastructure, using techniques such as password spraying and emulating GSM protocols for command-and-control communications.
-
Nov 24, 2024
chinese APT gelsemium targets linux systems with new wolfsbane backdoor
A new Linux backdoor named "Wolfsbane," attributed to the China-aligned advanced persistent threat (APT) actor known as Gelsemium was discovered. This malware is part of cyber attacks targeting East and Southeast Asia, as reported by cybersecurity firm ESET. The findings are based on multiple Linux samples uploaded to VirusTotal from Taiwan, the Philippines, and Singapore in March 2023. Wolfsbane is considered a Linux counterpart to Gelsemium's previously known Windows backdoor, "Gelsevirine," which has been in use since 2014. Additionally, another implant called "Firewood" has been linked to Gelsemium, although its attribution is less certain due to potential overlaps with other China-linked hacking groups. The primary goal of these tools is cyber espionage, focusing on sensitive data collection.
-
Nov 22, 2024
Data Breach on Finastra by "abyss0"
On November 08, 2024, a threat actor named "abyss0" claimed that he successfully breached Finastra's ESB system and was able to exfiltrate with an approximate archive size of ~400GB, which mainly consists of internal files along with data backup copies. The threat actor offered the complete data package for sale on BreachForums. Meanwhile, Finastra stated that on November 07, 2024, their Security Operations Center detected suspicious activity on an internal SMTP server running under IBM Aspera. They isolated the affected server and initiated their incident response process. A few days later, the threat actor deleted all his posts related to the breach in underground forums and marketplaces.
-
Nov 21, 2024
As many as 2,000 Palto Alto Network Devices Have Been Estimated of Being Compromised
The management web interface of Palo Alto Networks, associated with CVE-2024-9474 and CVE-2024-0012, is currently being actively exploited in the wild. This exploitation has resulted in an estimated 2,000 network devices being compromised.
-
Nov 20, 2024
Portnov Computer School - Database Leak- 2024-11-20
Portnov Computer school - a career change facility institution has been compromised on November 17th due to the exploitation of a critical vulnerability found within their Confluence data center according to the breachforums Threat Actor 'grep'. The data leak includes a supposed dump of their Atlassian - Confluence source code, configurations, internal logs, attachments, plugins, tools, applications and more.
-
Nov 18, 2024
'Anonymous for Justice' Leaks Alleged Breached Data of Financial Institutions in Israel
'Anonymous for Justice' has leaked what they claim to be breached data from Israeli financial institutions on their Telegram channel. Last week, the group announced plans to carry out a cyberattack on November 15th. Today, they published the allegedly compromised data, reportedly obtained during this attack. The leaked information includes PDF files containing reports and invoices, as well as RAR files and other documents.
-
Nov 14, 2024
Exclusive Access to 'Paz' Oil Company Offered for Sale
Exclusive access to the Israeli oil company 'Paz' is being offered for sale on the cybercrime forum 'BreachForums' by a threat actor known as 'CornDB' for $150,000. According to the threat actor, this access enabled them to acquire a 5TB cache of sensitive data, including proprietary information, financial records, and operational details. The offer is described as a one-time, exclusive sale. The threat actor has not provided any samples.
-
Nov 13, 2024
eGov PH System Breach Exposes 200,000+ User Records
A hacker known as GR3GGM3RC3R claims to have exploited a vulnerability in the Philippine government's eGov PH system, gaining access to sensitive KYC (Know Your Customer) data of over 200,000 users. The attacker reportedly bypassed the system's firewall and obtained root access, which allowed for ongoing data extraction. The compromised data is now being offered for sale online for $100,000 in Bitcoin. This breach has raised significant concerns about the security of government digital services, with critics highlighting the inadequate monitoring of the system. The Department of Information and Communications Technology (DICT) has not yet issued a statement regarding the incident.
-
Nov 13, 2024
Krypton International Resources Hit by Ransomhub
Krypton International Resources Inc., a significant entity in the energy sector, has experienced a major data breach carried out by the RansomHub Ransomware Group. This attack led to the public exposure of 68 GB of sensitive data, which is now available on RansomHub’s website. The breach includes personal information such as high-resolution scans of Philippine driver’s licenses, revealing full names, addresses, and ID numbers, thereby increasing the risk of identity theft. Krypton Resources is recognized for its efforts in developing advanced materials that aim to reduce environmental impact. The full extent of the attack and any potential data loss are still unclear. Authorities are currently investigating the incident, and cybersecurity experts are urging companies to enhance their defenses against similar threats.
-
Nov 11, 2024
UK Scammers Target Seniors with Fake Winter Fuel Payment Texts
Scammers target UK seniors with fraudulent texts, posing as government authorities offering "winter heating allowance" payments. These messages direct recipients to fake government sites that mimic GOV.UK pages, seeking personal and financial details. The campaign capitalizes on recent government cuts to winter fuel payments, making the scam appear more credible to seniors expecting aid. Recipients are advised to avoid clicking links and to report suspicious texts.
-
Nov 08, 2024
Data Breach on Armed Forces of the Philippines
On October 23, 2024, a threat actor who goes by the name "FATHER121" posted on BreachForums regarding exfiltrated sensitive and confidential data from Armed Forces of the Philippines (AFP). The threat actor is claiming that the total size of the documents is over 500MB and being sold for 1.5 BTC (around 4M Philippine Pesos as of this writing) which is a bit overpriced based on Cyberint's perspective. However, if the data package really contains very sensitive military intelligence information, then, this might be interesting for criminals from other countries who wants to target the Philippines.
-
Nov 08, 2024
Several Access for DICT Subdomains Hosting cPanel Offered in the Underground
On November 03, 2024, a threat actor named "GR3GGM3RC3R" posted in BreachForums regarding exposed cPanels for several subdomains of the Department of Information and Communications Technology (DICT) in the Philippines. The threat actor is claiming that he obtained several access to these exposed cPanels via InfoStealer logs. All the credentials are being sold in the underground for 60,000 USD. The following are the affected Subdomains where the cPanel portals are being hosted: - dict.gov.ph - bonifacio.dict.gov.ph - vaslinelist.dict.gov.ph - bahaghari.dict.gov.ph - pmis.dict.gov.ph - r4b.dict.gov.ph - caraga.dict.gov.ph - intranet.dict.gov.ph The threat actor is also the one claiming behind the past breaches on Toyota Makati (October 25, 2024), Office of the Sangguniang Panlungsod of Davao (October 29, 2024), and Cybercrime Investigation and Coordinating Center (November 04, 2024).
-
Nov 05, 2024
grep Claims to have Breached Schneider Electric, Stealing Over 40 GB of Data along with Projects, Plugins and Customer and Employee Information
In November 2024, the threat actor grep claimed to have breached Schneider Electric, a France-based energy industry company, and to have gained access to its Jira Server. According to the threat actor, over 40 GB of data were stolen along with 400 thousand user data rows and 75 thousand unique email addresses and full names of Schneider Electric employees and customers using exposed credentials. The attacker also claimed to have obtained critical project data, issues, and plugins.
-
Nov 05, 2024
Threat Actors IntelBroker and EnergyWeaponUser claim to Have Breached Nokia, Leaking Source Code, SSH and RSA Keys, Along With Credentials
In November 2024, the threat actors named "IntelBroker" and "EnergyWeaponUser" claimed to have breached Nokia and gained access to its database. According to the threat actors, a large collection of data belonging to Nokia was taken, including SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.
-
Nov 03, 2024
North Korean Group Partners with Play Ransomware in Major Cyber Attack
The North Korean threat group "Jumpy Pisces" (aka Andariel) has collaborated with the Play ransomware gang in a significant cyberattack, marking the first known partnership between a state-sponsored actor and Play ransomware. Between May and September 2024, Jumpy Pisces infiltrated systems and leveraged Play ransomware, likely for financial gain amid sanctions. Their approach included credential harvesting and command-and-control tools, with evidence suggesting increased ransomware threats from North Korean actors.
-
Oct 28, 2024
Change Healthcare's February Ransomware Incident Affected 100 Million Victims
Change Healthcare disclosed that at least 100 million people were affected by the February breach. Those affected had their social security numbers and billing information at risk, also including other sensitive PII information
-
Oct 28, 2024
Authorities Seize Redline and Meta Infostealer Operations
The Dutch National Police, in collaboration with the FBI and international partners, seized the infrastructure supporting the Redline and Meta infostealer malware in a major effort called "Operation Magnus." Announced on a dedicated website, authorities confirmed that legal proceedings are underway based on the captured data. The October 28, 2024, operation aimed to warn threat actors that their activities and data are now under law enforcement control.
-
Oct 22, 2024
-
Oct 16, 2024
Data Breach at Sorbonne University Exposes Personal Information of Over 73,000 Users
In a recent post on BreachForums, the TA Magouilleur claimed to have uploaded sensitive data from Université Paris 1 Panthéon-Sorbonne, affecting more than 73,000 users. The data stolen in September 2024 includes login IDs, email addresses, names, studies, photos, and other personal information. The post indicated that 26 files were made available, along with a sample file. According to the post, the data includes easily identifiable personal details, which could be exploited for malicious purposes.
-
Oct 15, 2024
Sarcoma Ransomware Group Attacked Suntrust Properties
A new threat group, known as Sarcoma Ransomware, recently attacked Suntrust Properties in the Philippines. The attack has led to a massive amount of data exfiltrated (around ~1TB in size) by the threat actor. The leaked information includes confidential files and SQL databases. Sample data has been released by the ransomware group, which mainly includes: - Professional Regulation Commission (PRC) Identifications (IDs) of employees and clients - Government-issued Identifications, such as driver’s licenses and police identification cards - Legal Documents, such as property transaction contracts and buyer acceptance forms - SQL databases containing corporate data related to real estate operations
-
Oct 15, 2024
Threat actors IntelBroker and EnergyWeaponUser Claim To Have Breached Cisco, Leaking API Tokens And Data Belonging To Its Customers
On October 6, 2024, the threat actors "IntelBroker," "EnergyWeaponUser," and "zjj" announced the sale of data from a recent Cisco breach. The compromised data includes GitHub and GitLab projects, SonarQube projects, source code, hardcoded credentials, certificates, customer SRCs, confidential Cisco documents, Jira tickets, API tokens, AWS private buckets, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and details on Cisco premium products. Several major companies, including Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron, are reportedly affected.
-
Oct 13, 2024
Access to Compromised Servers of Israeli IT Firm Offered for Sale
A threat actor known as 'DarkRaaS' is offering access to six compromised servers from an Israeli IT and cloud infrastructure company. The servers reportedly have a capacity of 6TB. The access is being sold for $30,000, but the threat actor has not provided any sample data to confirm the breach. The name of the targeted company was not disclosed.
-
Oct 13, 2024
Israeli Municipality Network Access Offered for Sale on Cybercrime Forum
A threat actor known as 'DarkRaaS,' associated with the 'DarkSide Group,' is offering full network access to the cloud infrastructure of an Israeli municipality for sale on the cybercrime forum 'Breached.' The access is priced at $15,000, though no sample data has been provided to verify the breach.
-
Oct 10, 2024
Threat Actors Exploit GitHub Trusted Reputation to Distribute Malware
In a concerning development, threat actors are once again leveraging GitHub’s reputation to bypass security gateways. They are observed distributing malicious GitHub repository links within the comments of trusted repositories to spread malware. Organizations with open-source repositories that permit comments are particularly vulnerable to this attack. Malicious actors can submit comments linking to malicious code , which may then be embedded in a subdirectory of the organization’s main open-source code or archive which can be accessed. Even with the comment removed the file is archived and the link to the malware can remain alive. This also has the opportunity to be a drive-by attack vector for other malware types. Organizations should consider adding additional measures to block Github links that may bypass secure email gateways' security. Add additional warning messages so users are aware of the potential risks, or configure certain policies to protect against unsolicited downloads from GitHub.
-
Oct 10, 2024
'Handala' Claims Breach of Israeli Podcast Website 'Doscast'
The hacker group 'Handala' claims to have breached the Israeli podcast website 'Doscast,' allegedly gaining access to 3 million data entries belonging to over 100,000 users. The compromised data reportedly includes email addresses, names, phone numbers, and other personal details.
