news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Makati Medical Center
- South-Eastern Asia
- breach
- Makati Government
- Government
- Wypoondevx
- Philippines
- University Of Makati
- Denial Of Service
- Ghost Exodus Ph
- Presidential Communications Office
- Philippines Exodus Security
- hacktivist
- Israel
- Handala
- Middle East
- Appletec Ltd
- Asia
- United Kingdom
- exclusive
- Europe
- Bae Systems
- Just Evil
- Rappi
- Satanic
- Latin America And The Caribbean
- Brazil
- Colombia
- Automotive
- Legal Services
- Supreme Court Philippines - Breach - 2024-08-27
- Grep
- Supreme Court Of The Philippines
- Deathnote Hackers
- Ospital Ng Makati
- Slashie
- Healthcare
- Southern Asia
- Apt42
- Islamic Republic Of Iran
- United States
- North America
- Spear Phishing
- Turkey
- Zerosevengroup
- Energy
- 576
- Virgin Mobile Latam
- Telecommunications
- Philippines' Civil Service Commission
- 🇮🇩 Z-Bl4Cx-H4T 🇮🇩
- Chinese General Hospital And Medical Center
- Senate Of The Philippines
- Deathnote Hackers - Senate Of The Philippines - Breach - 2024-08-20
- Xyloenn
- Spain
- Austria
- France
- Italy
- Switzerland
- Finance
- Agreindex
- Food And Kindred Products
- Food Stores
- Indonesia
- Lotte Mart
- Retail
- Pt Astra Toyota Motor
- Morganbh
- Mexico
- System Information Discovery
- Scheduled Task/Job
- Banshee Stealer
- Global
- Business Services
- Lazarus Group
- Microsoft
- Cve-2024-38193
- CVE-2024-38193
- Edrkillshifter
- Ransomhub
- National Bureau Of Investigation (Nbi)
- arrest
- Dk0M
- Argentina
- Darkvault
- Glazkov Cpa
- Transportation
- Philippine Airlines
- Clark International Airport
- Hikki-Chan
- Israeli Ministry Of Welfare And Social Affairs
- Lulzsec Muslims
- Citizengo
- Southern Europe
- Charity And Non-Profit
- Cisco Talos
- Cisco
- CVE-2024-20419
- Cve-2024-20419
- Technology
- Apt27
- Eastern Europe
- Apt31
- Cloudsorcerer
- Russia
- Kavim
- CVE-2024-27459
- CVE-2024-27903
- Cve-2024-27459
- CVE-2024-24974
- Cve-2024-27903
- Cve-2024-1305
- CVE-2024-1305
- Cve-2024-24974
- The Réunion Des Musées Nationaux (Rmn)
- Agence Nationale De La Sécurité Des Systèmes D'Information (Anssi)
- Western Europe
- Panchovilla
- Poder Judicial Cdmx
- Sccccd77E7
- Restrepo & Tabares Consultores Sociedad Por Acciones Simplificada
- Sistema Electrónico De Compras Públicas De El Salvador
- Ciberinteligenciasv
- El Salvador
- Personal Services
- Enfit
- South Korea
- Eastern Asia
- 0Xy0Um0M
- Sisacloud
- Thailand
- Education
- Hana
- University Of Indonesia
- Lookiero
- Kryptonzambie
- Alwayslearning
- Phishing
- Muddywater
- Netherlands
- Coin
- Madliberator
- Cve-2024-37085
- CVE-2024-37085
- Scattered Spider
- French National Olympic And Sports Committee
- Lulzsec_Muslims
- French Government
- Northern Europe
- Societatea De Transport București (Stb.Ro)
- Transport
- Romania
- Critical Infrastructures
- Denmark
- Killsec
-
Sep 05, 2024
City of Makati - Under Cyber-Attack by "wypoondevx"
This week, the City of Makati, Philippines experienced multiple cyber-attacks conducted by a threat actor - wypoondevx. The breaches occurred in different sectors within Makati City, namely - Makati Government (makati.gov.ph), Makati Medical Center, and University of Makati. The threat actor is quite new in the Philippine Threat Landscape who started conducting cyber-attacks in May 2024, following the recent April Lulz campaign. He initially used the alias "executivedevx" and later on changed to "wypoondevx." As observed from his nefarious activities, he mainly targets organizations located in Makati City. In June 2024, he attacked Toyota Makati Philippines (TMP) which exposed sensitive customer information.
-
Sep 03, 2024
The Comeback of Philippines Exodus Security (PHEDSS) Gang
In June 2024, a Philippine threat group — Philippines Exodus Security — announced its end of operation. They were behind the Denial-of-Service attacks targeting local banks and government organizations during the "April Lulz 2024" campaign in the Philippines. On September 01, 2024, their Botnet known as "Exodus," is back online. Their comeback was announced on their official Telegram channel, and they started by attacking the Presidential Communications Office (pco.gov.ph). One of their administrators — Ghost Exodus PH (a.k.a. GhostXPH) — has mentioned that new configurations were added to their Botnet tool, namely: Rossetta_SKY, Volcano_V3, and ZMB_POWER.
-
Aug 29, 2024
'Handala' Hacker Group Claims Breach to Israeli Company 'Appletec Ltd'
The 'Handala' hacker group claims to have breached the Israeli company 'Appletec Ltd,' a distributor of electronics, optical components, and value-added services for the communications, industrial/medical, and defense sectors. The group alleges they have acquired 7 TB of confidential company data, including emails, financial and administrative documents, personnel information, and more. No samples have been released so far, but 'Handala' has stated their intention to release the full alleged stolen data soon.
-
Aug 29, 2024
Sensitive Military Data of BAE Systems Allegedly for Sale by Just Evil
A recent post on the Telegram channel "Just Evil" claims to offer highly sensitive data for sale, allegedly stolen from the British multinational defense, security, and aerospace company BAE Systems. The post, written in Russian, advertises "leaky engineering project files" totaling over 150 GB of data. The data reportedly includes comprehensive details on military airfield projects, covering everything from radar systems and air defense to the layouts of facilities, including bathroom dimensions.
-
Aug 29, 2024
Rappi Database Full Database for Download
The threat actor **Satanic** posted on Breachforums 3 Databases for download related to a potential July breach of the Latin American company Rappi as well as their subsidiaries Rappi Carga and Rappi Pay. According to the threat actor, the databases contain customers' information, including names, physical and email addresses, phone numbers, payment and financial information, contracts, etc.
-
Aug 28, 2024
Data Breach on Supreme Court of the Philippines Exposing Sensitive Legal Information
On August 27, 2024, a threat actor named "grep" posted in BreachForums about a data breach information on the Supreme Court of the Philippines. The breach has impacted around ~13,000 rows of sensitive data, which contain Assessment Numbers of legal cases and applications, Full Name of individuals involved in the legal case, Case Categories and Types, Date Files, Payment Date, and Payment Status.
-
Aug 28, 2024
Alleged Data Breach on Vaccine Records from Ospital ng Makati Affecting 19,000 Individuals
Recently, one of the DeathNote Hackers members - Slashie - shared an information that he breached Ospital ng Makati (OSMAK) - located in the Philippines - which impacted vaccine records of 19,000 individuals. According to the threat actor, they have infiltrated the hospital's system by exploiting a vulnerability. The threat actor has not yet posted the data publicly; they just want to deliver this breach information so that the hospital can take immediate action to secure its systems. The exposed information includes vaccine type, vaccination dates, full name of the individuals, and the location of the vaccination site.
-
Aug 26, 2024
Meta Exposes Iranian Threat Actors Targeting Global Political Figures on WhatsApp
Meta Platforms revealed on Friday that it had uncovered the activities of an Iranian state-sponsored threat actor, known as APT42 or Charming Kitten, using a small cluster of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The targets included political and diplomatic figures, some of whom were linked to the Biden and Trump administrations. APT42, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), is notorious for its sophisticated social engineering tactics aimed at stealing credentials through spear-phishing. The WhatsApp accounts, which posed as technical support from companies like AOL and Google, were blocked by Meta after being detected. This revelation aligns with broader concerns about Iran’s efforts to undermine U.S. elections and sow division within the American public.
-
Aug 26, 2024
Breach Forums Listing by ZeroSevenGroup Offers Access to Turkish Defense Firm
A new listing by the threat actor ZeroSevenGroup on Breach Forums offers full access to a defense and space manufacturing company in Turkey. The access, which includes Command and Control (C2) capabilities, shell access, and administrator privileges, is being sold for $20,000, though the price is negotiable. The listing indicates that the compromised network consists of 125 devices, with domain admin access available. Interested buyers are instructed to contact the seller via private message.
-
Aug 26, 2024
XSS Forum Listing by ZeroSevenGroup Sells Access to Brazilian Energy Firm
A post by the TA ZeroSevenGroup on XSS forum is advertising full network access to a Brazilian company in the electricity, oil, and gas industries. The company, which has reported revenue of $5.3 million, is being offered for sale with claimed administrator-level access and Command and Control (C2) capabilities. The asking price is $10,000, and the seller is willing to work with a guarantor to facilitate the transaction.
-
Aug 22, 2024
Virgin Mobile - Breach - 2024-08-21
On August 21, 2024, the threat actor "576" disclosed a massive data breach involving Virgin Mobile LATAM. The breach exposed over 1.7 TB of data from the Mexico, Colombia, and Chile branches. The leaked data includes user and employee information, payment records, CDR data, SIM card details, and subscriber IDs. Additionally, the threat actor offers domain administrator access to approximately 700 hosts, SSH keys, and AWS keys. Sample files include a database with 1.1 million lines detailing user credentials and other sensitive information. In Addition, it seems some of the company's domains have been taken down in the process.
-
Aug 21, 2024
Credentials Associated with Philippines' Civil Service Commission Web-based Portal Leaked Publicly
On August 12, 2024, an Indonesian threat group — Z-BL4CX-H4T — consolidated several exposed credentials associated with the Philippines' Civil Service Commission and posted them on their Telegram channel. Based on Cyberint's sources, the credentials were highly likely exposed due to infection of Infostealer malware on devices where Civil Service Commission credentials have been used or stored. The affected credentials are part of "ighrs.csc.gov.ph."
-
Aug 21, 2024
Alleged Data Breach on Chinese General Hospital and Medical Center
On August 20, 2024, a threat actor — MaPaDedSec — posted data breach information in BreachForums targeting Chinese General Hospital and Medical Center located in the Philippines. It is one of the oldest hospitals in the Philippines, founded during the Spanish occupation of the country with donations from Chinese immigrants. The threat actor has joined BreachForums recently (August 2024) and this breach is his/her only post in the said underground forum. According to the threat actor and the sample data provided, the exfiltrated data contained sensitive information related to Chinese/Filipino doctors and patients in the said hospital. The threat actor has not shared an exposed data count, just sample data that includes information on sixty-five (65) doctors/patients.
-
Aug 21, 2024
Philippine-based Threat Group - DeathNote Hackers - Gained Unauthorized Access to Senate of the Philippines' Web-based Portal and SharePoint Site
On August 20, 2024, DeathNote Hackers posted on their Telegram channel and Facebook page that they have gained access to Senate of the Philippines' SSL VPN Web Portal. This incident was led by the current DeathNote Hackers leader - Klammer. Gaining unauthorized access to the portal had led to exposure of the Senate Legislative Information System and SharePoint Site, which includes Business Sessions documents, Legislative Calendars, Statistical Data on Bills, Senate Agendas, and more. The unauthorized access to the web-based portal highly likely occurred due to the use of weak credentials, as observed by Cyberint. Based on Cyberint's sources, this credential has been exposed on several malware log dumps.
-
Aug 19, 2024
European KYC Data Offered For Sale
The threat actor xyloen on Breached Forums is offering 165,750 records totaling 185 GB, sourced from various European e-commerce platforms. The data claimed to be collected just one month ago, includes personal information from multiple countries, with the largest volumes coming from France (37,220 records), Italy (23,115 records), and Spain (18,965 records). Other affected nations include Germany, the United Kingdom, and several others across Europe. The seller is offering the data for $1,100, accepting cryptocurrency payments, and limiting the sale to just three buyers. Interested parties are directed to contact the seller via Telegram for further details. Proof of data is available upon request.
-
Aug 19, 2024
-
Aug 19, 2024
Indonesia data of Toyota Astra Indonesia is offered for sale on a deep-web forum
A deep-web forum user, agreindex, is offering for sale Toyota Astra Indonesia, a joint venture between Toyota Motor Corporation and PT Astra International's full database, clients, orders, and payment details. In addition, he includes samples of the data offered for sale.
-
Aug 19, 2024
Threat Actor selling Access to Unknown Mexican Organization
The Threat Actor **MorganBH** posted on the "XSS" forum that he is selling access to a Mexican organization/ (Branch) or a Korean company. The threat actors claim that the company is related to the Automotive and Construction industries. Additionally, the post mentions that the access is Domain Admin and that the company has a revenue of $566M. The threat actor is selling the access for $4,000
-
Aug 19, 2024
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
Cybersecurity researchers have identified a new stealer malware called Banshee Stealer, specifically designed to target Apple macOS systems. Sold on the cybercrime underground for $3,000 a month, Banshee Stealer is a versatile threat capable of targeting both x86_64 and ARM64 architectures. It focuses on stealing data from various web browsers, cryptocurrency wallets, and around 100 browser extensions, including Safari, Chrome, Firefox, Brave, and others. The malware also collects system information, iCloud Keychain passwords, and data from specific file types while using anti-analysis techniques to evade detection. Additionally, it avoids infecting systems with Russian as the primary language and employs a fake password prompt to escalate privileges. This discovery highlights the growing focus on macOS-specific malware as cybercriminals increasingly target Apple users.
-
Aug 19, 2024
Microsoft Patches Zero-Day Flaw Exploited by North Korean APT
A newly patched security flaw in Microsoft Windows, tracked as CVE-2024-38193 with a CVSS score of 7.8, was exploited as a zero-day by the North Korean state-sponsored Lazarus Group. This vulnerability, found in the Windows Ancillary Function Driver (AFD.sys) for WinSock, allowed attackers to gain SYSTEM privileges, enabling unauthorized access to sensitive system areas. Discovered by researchers from Gen Digital, the flaw was addressed in Microsoft's August 2024 Patch Tuesday update. The Lazarus Group exploited this bug using a rootkit named FudModule to evade detection, mirroring a similar attack earlier in 2024 that leveraged another privilege escalation vulnerability. Unlike traditional BYOVD attacks, these exploits take advantage of security flaws in drivers already present on the target system, highlighting the group's sophisticated tactics.
-
Aug 19, 2024
RanshomHub deploys new malware to kill security software
RansomHub ransomware operators have started using new malware, dubbed EDRKillShifter, to disable Endpoint Detection and Response (EDR) software through Bring Your Own Vulnerable Driver (BYOVD) attacks. This malware deploys a legitimate but vulnerable driver on targeted devices to escalate privileges, disable security solutions, and gain control of the system. Although popular among various threat actors, the EDRKillShifter tool failed in a May 2024 incident when it attempted to disable Sophos protection, triggering the endpoint agent's CryptoGuard feature. Sophos discovered two malware variants exploiting different vulnerable drivers based on proof-of-concept code available on GitHub.
-
Aug 16, 2024
Another Group of Chinese Nationals Apprehended by National Bureau of Investigation in the Philippines for Cyber-related Scam Operations
On August 14, 2024, the National Bureau of Investigation (NBI) arrested six (6) Chinese Nationals - namely XIAOJUN WANG, XUE FENG ZHANG, KE XIN GE, DIE LIU, YU JIE WANG, and HONG HONG ZHU - in Pampanga, Philippines. According to NBI, these scam operators are involved in conducting scam activities related to romance scam scripts, messaging applications with fictitious accounts, bank accounts, and fraudulent cryptocurrency investment platforms, and are engaged in fraudulent activities globally. NBI retrieved the malicious scripts and tools used by the scam operators, which are being utilized for catfishing scams, credit card scams, cryptocurrency scams, and fake investment scams.
-
Aug 16, 2024
Scam Hubs in Philippines Infiltrated by National Bureau of Investigation (NBI), Twenty-nine (29) Scam Operators, Arrested
On August 09, 2024, the National Bureau of Investigation (NBI) tracked and infiltrated four houses in Cavite, Philippines, which served as Scam Hubs, where twenty-nine (29) scam operators - 3 Chinese Nationals, 2 Malaysians, and 24 Filipinos - got apprehended. According to NBI, these Scam Hubs are where activities like romance scams, investment scams, crypto scams, impersonation scams, and credential stuffing are being prepared and operated.
-
Aug 15, 2024
Threat Actor selling access to multiple Government authorities on different countries
The threat actor **dk0m** is selling access to multiple government institutions in different countries, including Argentina and Brazil. According to the post, the information in question includes access: - Argentina (Police, Ministry Of Security, Mendoza Government Officials, Specific Network Internal Administrator Access (Cisco), Police Campus Account) - Brazil (Police / Military, Panel Access / Data (Gas, Traffic, Suicide Rates, Fuel), Federal Documents Panel, Intranet VPN Accounts) No price was mentioned.
-
Aug 14, 2024
-
Aug 14, 2024
Alleged Data Breach on Clark International Airport and Philippine Airlines Exposing 12+ Million Passengers Data
On August 13, 2024, an alleged data breach involving a Clark International Airport and Philippine Airlines. This was posted in several Telegram channels, such as LockBit, and a Chinese-speaking channel. According to the posts, approximately 12.8 million airline passengers data were impacted by this potential breach. From the sample data provided in one of the Telegram channels, the exposed data includes passenger's passport number, birthdate, full name, phone number, gender, and address.
-
Aug 13, 2024
Database Allegedly Belonging to the Israeli Ministry of Welfare and Social Affairs Leaked
A database allegedly belonging to the Israeli Ministry of Welfare and Social Affairs has been leaked and is currently offered for download on 'BreachForums' by a threat actor known as "HikkI-Chan." According to the threat actor, the database contains over 457,000 records, including personal information such as names, email addresses, dates of birth, gender, ID number, and more.
-
Aug 12, 2024
Alleged Access for a Major Israeli Organization Offered For Sale
The threat actor 'ZeroSevenGroup' is offering alleged full network access with administrator privileges to an Israeli company in the Organization & Foundations sector on 'BreachForums'. According to the threat actor, this company partners with several Israeli government ministries. The asking price for this access has not been disclosed.
-
Aug 12, 2024
LulzSec_Muslims Targets CitizenGO, Spain’s Largest Conservative Organization
The hacktivist group LulzSec_Muslims claims to have breached CitizenGO, one of Spain's most prominent conservative advocacy organizations. Founded in 2013 by the ultra-Catholic group HazteOir, CitizenGO is known for its staunch opposition to gender ideology. The hackers claim to have extracted 95,000 pieces of user data, including names, addresses, phone numbers, documents, and correspondence with businessmen and high-ranking officials in Spain.
-
Aug 12, 2024
Exploit released for Cisco SSM bug allowing admin password changes
Cisco has issued a warning about the availability of exploit code for a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) license servers. This flaw, identified as CVE-2024-20419, allows attackers to remotely change any user password, including administrator accounts, without needing to know the original credentials. The vulnerability arises from an improper implementation in the password-change process, which can be exploited by sending specially crafted HTTP requests to affected devices. While Cisco is aware of the proof-of-concept exploit code, they have not yet found evidence of this flaw being exploited in the wild. Administrators are strongly advised to update their SSM On-Prem servers to the latest patched versions, as no workarounds are available. This warning follows recent patches by Cisco addressing other severe vulnerabilities, including one that allowed attackers to create users with root privileges and another zero-day flaw exploited on MDS and Nexus switches.
-
Aug 12, 2024
Threat actors leak 2.7 billion data records with Social Security numbers
Nearly 2.7 billion personal records of U.S. residents were leaked on a hacking forum, exposing sensitive information such as names, social security numbers, addresses, and possible aliases. The data allegedly originated from National Public Data, a company known for collecting and selling personal information for background checks and investigations. Although the breach was initially linked to the threat actor "USDoD," who claimed to be selling the data for $3.5 million, another hacker named "Fenice" eventually leaked the data for free on August 6, 2024, on the Breached hacking forum. The leaked data includes two text files totaling 277GB. While it doesn't encompass the 2.9 billion records initially claimed, it still contains extensive personal information. Some records are outdated or inaccurate, leading to multiple class action lawsuits against National Public Data. If you live in the U.S., some of your personal information has likely been exposed. It is advised to monitor your credit report for any fraudulent activity and remain cautious of phishing attempts.
-
Aug 12, 2024
Chinese hacking groups APT27 & APT31 target Russian Entities
A series of cyberattacks beginning in late July 2024, targeting Russian government organizations and IT companies, has been linked to Chinese hacker groups APT31 and APT27. The campaign employs an updated version of the CloudSorcerer backdoor, previously seen in a similar cyberespionage operation in May 2024. The attack starts with phishing emails that deploy a backdoor via DLL side loading, allowing attackers to execute commands, exfiltrate data, and introduce additional malware like the GrewApacha trojan and a new backdoor called PlugY. Notably, the campaign highlights the ongoing cyberespionage activities between allied countries with strong diplomatic ties, such as China and Russia, demonstrating the complexity of their relationship.
-
Aug 11, 2024
-
Aug 11, 2024
Kavim Transportation Company Database Leaked on BreachForums
A database belonging to the Israeli transportation company "Kavim" has been leaked and is currently offered for download on 'BreachForums' by a threat actor known as "HikkI-Chan." According to the threat actor, the database contains nearly 29,000 records, including personal information of Kavim's users, such as full names, email addresses, ID numbers, phone numbers, and more.
-
Aug 11, 2024
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Microsoft recently disclosed four medium-severity security flaws in the open-source OpenVPN software, which could be exploited together to achieve remote code execution (RCE) and local privilege escalation (LPE). These vulnerabilities, affecting all OpenVPN versions prior to 2.6.10 and 2.5.10, were detailed at Black Hat USA 2024. Exploiting them requires user authentication and a deep understanding of OpenVPN's internals. The vulnerabilities include a stack overflow (CVE-2024-27459), unauthorized access to the "openvpn\service" named pipe (CVE-2024-24974), a flaw in the plugin mechanism leading to RCE (CVE-2024-27903), and a memory overflow in the Windows TAP driver (CVE-2024-1305). Attackers could combine these flaws to gain full control over targeted systems, potentially leading to data breaches and system compromise. Exploitation would typically involve obtaining OpenVPN credentials, possibly through stolen credentials or network sniffing, and then chaining the vulnerabilities to bypass security measures and maintain control over the system.
-
Aug 07, 2024
French Museum Network Hit by Ransomware Attack Amid Paris 2024 Olympics
The Réunion des Musées Nationaux (RMN), which manages around 40 French museums including key Olympic venues, was targeted by a ransomware attack on Sunday. The affected museums include the Grand Palais in Paris, hosting fencing and taekwondo events, and the Château de Versailles, a venue for equestrian sports and modern pentathlon. Despite the breach, no disruptions to the Olympic events have been reported. The attack targeted the network's central data systems, affecting online operations such as the RMN's online shop, but not impacting the physical museum activities or Olympic events. The French cybercrime authorities have launched an investigation, with the national cybersecurity agency ANSSI assisting in securing and restoring the affected systems.
-
Aug 07, 2024
Breach - Mexico City Poder Judicial - 06/08/2024
After multiple threats, the threat actor **PanchoVilla** posted on the cybercrime forum "breach forums" a potential database and source code related to the Poder Judicial CDMX (Mexico City's Superior Court). The files were leaked and offered for download. The threat actor claims that the information ranges from 2017-2024 and includes access to more than 300,000 accounts (HASH password MD5 easy to crack) Furthermore, he mentions that it is possible to see any type of claim, appointments, actuaries, pensions, vouchers, etc. Based on the sample provided, the exposed information includes user id, location, email, full name, status, password, etc.
-
Aug 07, 2024
Colombian Accounting Firm "RyTConsultores" - Data Breach - 30-07-2024
In July 2024, the Colombian Accounting Firm “Restrepo & Tabares Consultores” suffered a data breach, as claimed by the threat actor "sccccd77e7." According to the threat actor, the compromised data includes Emails, sheets, employee and customer databases, property files, investments, personal and company documents, invoices, etc. The breach is being sold for 100 dollars.
-
Aug 07, 2024
CiberinteligenciaSV group leaks data Electronic Public Procurement System of El Salvador (Comprasal)
The threat actor CiberinteligenciaSV group publishes around 15,000 data from the Electronic Public Procurement System of El Salvador (Comprasal) on their Telegram Channel "Celebrating " their 10K followers in Telegram, the group leaked what they claim to be a list of 15,000 vendors registered in Comprasal. According to the threat actor, the files include personal information and important/potentially sensitive details.
-
Aug 06, 2024
Alleged Access for an Israeli Fintech Company Offered for Sale
A threat actor named "ZeroSevenGroup" is offering alleged full network access with administrator privileges to an Israeli financial software and technology company for $2000. While the company's name is not disclosed, the threat actor claims it is one of the oldest in retail management software, cash registers, computerized sales positions and smart links to multiple systems.
-
Aug 06, 2024
ENfit - Breach - 2024-08-04
In August 2024, the threat actor "0xy0um0m" announced the sale of a substantial data breach involving ENfit, a South Korea-based platform connecting fitness trainers and individuals. The breach exposes a full dump of 18 GB containing information on over 4 million customers and trainers. The compromised data includes IDs, names, emails, passwords, phone numbers, and other personal details. The data is available for $3,500.
-
Aug 06, 2024
SisaCloud - Breach - 2024-07-31
In July 2024, a threat actor known as "Satanic" claimed to have breached the Thailand School Information System, SisaCloud. According to the threat actor, the breach involved over 5 million records, exposing sensitive data including user details, activation statuses, Sisa codes, student IDs, executive reports, emails, phone numbers, ID cards, titles, and full names.
-
Aug 06, 2024
University of Indonesia - Breach - 2024-07-18
On July 18, 2024, the threat actor "Hana" posted a data breach to Breachforums, affecting the Center for Independent Learning (CIL) Universitas Indonesia. The breach compromised the personal information of 10,936 users. The leaked data includes full names, places and dates of birth, gender, physical attributes, residential information, contact details, educational background, employment details, and other personal information
-
Aug 06, 2024
Lookiero.com Database Compromised
In August 2024, the threat actor "KryptonZambie" announced the sale of a full database from Lookiero, a Spain-based retail apparel company with over 5 million records. The leaked data, available in a 4.11 GB CSV file, primarily includes email addresses and passwords. The data is being offered for $1,000.
-
Aug 06, 2024
Spanish Insurance Company Database Leaked
A threat actor identified as "alwayslearning" on BreachForums has uploaded a database containing sensitive information from a Spain-based insurance firm. The leaked database, described as "fresh" and about 1.1GB in size, includes approximately 4,000,000 rows of detailed personal and financial information. The data comprises various columns such as the type of obligation, insured value, name, address, policy number, ID number, telephone number, and more.
-
Aug 05, 2024
'MuddyWater' Phishing Attack Targets Israelis with Malicious Emails
The Iran-affiliated hacker group "MuddyWater" has initiated a phishing attack targeting Israelis within the past 24 hours. The group sent emails masquerading as communications from the IDF, urging recipients to click on a link purportedly containing safety guidelines. This link, however, leads to malicious files designed to grant remote access to the victim's machine.
-
Aug 05, 2024
-
Aug 05, 2024
VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access
A recently patched security flaw in VMware ESXi hypervisors has been actively exploited by multiple ransomware groups to gain elevated permissions and deploy file-encrypting malware. The vulnerability, identified as CVE-2024-37085 with a CVSS score of 6.8, involves an Active Directory integration authentication bypass that allows attackers to obtain administrative access to the host. According to VMware, a malicious actor with sufficient AD permissions can gain full access to an ESXi host configured to use AD for user management by re-creating the "ESXi Admins" group after it was deleted from AD. This exploit makes it easy to escalate privileges by creating or renaming a group to "ESX Admins" and adding a user.
-
Aug 01, 2024
LulzSec_Muslims Claim Responsibility for Breach of French Olympic Games Website
A group named LulzSec_Muslims has claimed responsibility for a cyber attack on the official website of the French Olympic Games- Comité national olympique et sportif français. The group announced the breach in a statement, citing retaliation for perceived offenses against religious figures. According to the group, they were able to extract a portion of the website's database, which they claim contains sensitive information of approximately 3,000 users. The stolen data reportedly includes first and last names, addresses, and email addresses of registered users. In their statement, LulzSec_Muslims shared a sample of the extracted data to support their claims.
-
Aug 01, 2024
