news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Caterpillar
- North America
- Zerosevengroup
- Manufacturing
- United States
- Asia
- Government
- Israel
- Middle East
- Kale Savunma
- Sacara
- 888
- Business Services
- Rapid E - Suite
- Intelbroker
- Western Europe
- France
- Cultura
- Europe
- Horrormar44
- Truffaut
- exclusive
- G0Dhand
- Latin America And The Caribbean
- Argentina
- Metro Pacific Tollways
- Philippines
- breach
- Deathnote Hackers
- Mptc - Breach - 2024-09-07
- South-Eastern Asia
- Transportation
- Sonicwall
- CVE-2024-40766
- Cve-2024-40766
- United Kingdom
- Akira
- South Korea
- Eastern Asia
- Spyagent
- Tourism
- Thailand
- Tourism Authority Of Thailand
- Everest
- Chemicals And Allied Products
- Mitsubishi Chemical Group
- Japan
- Indonesia
- Indonesian National Police
- Hikkl-Chan
- Vkontakte
- Vk - Breach - 2024-09-02
- Russia
- Italy
- Elmi Elettromeccanica
- Cybervolk.
- Makati Medical Center
- Wypoondevx
- University Of Makati
- Makati Government
- hacktivist
- Philippines Exodus Security
- Ghost Exodus Ph
- Denial Of Service
- Presidential Communications Office
- Handala
- Appletec Ltd
- Bae Systems
- Just Evil
- Brazil
- Rappi
- Automotive
- Satanic
- Colombia
- Supreme Court Philippines - Breach - 2024-08-27
- Legal Services
- Supreme Court Of The Philippines
- Grep
- Slashie
- Ospital Ng Makati
- Healthcare
- Southern Asia
- Islamic Republic Of Iran
- Spear Phishing
- Apt42
- Turkey
- Energy
- Virgin Mobile Latam
- 576
- Telecommunications
- Philippines' Civil Service Commission
- 🇮🇩 Z-Bl4Cx-H4T 🇮🇩
- Chinese General Hospital And Medical Center
- Senate Of The Philippines
- Deathnote Hackers - Senate Of The Philippines - Breach - 2024-08-20
- Austria
- Switzerland
- Spain
- Xyloenn
- Finance
- Food Stores
- Lotte Mart
- Food And Kindred Products
- Agreindex
- Retail
- Pt Astra Toyota Motor
- Mexico
- Morganbh
- Banshee Stealer
- System Information Discovery
- Scheduled Task/Job
- Microsoft
- Lazarus Group
- Cve-2024-38193
- CVE-2024-38193
- Global
- Ransomhub
- Edrkillshifter
- National Bureau Of Investigation (Nbi)
- arrest
- Dk0M
- Glazkov Cpa
- Darkvault
- Philippine Airlines
- Clark International Airport
- Hikki-Chan
- Israeli Ministry Of Welfare And Social Affairs
- Lulzsec Muslims
- Southern Europe
- Citizengo
- Charity And Non-Profit
- Technology
- CVE-2024-20419
- Cisco
- Cisco Talos
- Cve-2024-20419
- Eastern Europe
- Cloudsorcerer
- Apt27
- Apt31
- Kavim
-
Sep 16, 2024
Threat Actors Claim To Have Exfiltrated 80 GB Of Data Belonging To Caterpillar
In September 2024, the threat actor group ZeroSevenGroup claimed to have breached CAT (Caterpillar Inc.), alleging the theft and release of 80GB of data. This purportedly includes sensitive information such as projects, employee and customer details, financial records, engine and machinery designs, and email communications.
-
Sep 15, 2024
Database of Israeli Defense Companies Offered for Sale on a Cyber Crime Forum
The threat actor group “ZeroSevenGroup" offers for sale a database allegedly related to several Israeli companies from the defense sector. According to the group, the database contains confidential governmental information, such as contracts from secret meetings with governments and companies, reports on organizations purportedly tied to Israel, and sensitive data on diplomatic and military relations, defense technologies, airports, ports, etc. The database is priced at 200K XMR (Monero) and is allegedly being offered exclusively to seven entities: Hamas, Hezbollah, Houthis, the Iranian government, Kata'ib Hizballah, the Russian government, North Korean government, and Chinese government.
-
Sep 15, 2024
Threat Actors Claim Breach Of Turkish Defense Contractor Kale Savunma
On September 14, 2024, the threat actor group “ZeroSevenGroup” announced the sale of a comprehensive data dump from KALE SAVUNMA, a Turkish defense and space manufacturing company. The breach reportedly includes 70 GB of sensitive information, such as backups, database contents, project details, manufacturing designs, and personal data of employees, customers, and partners. Additional exposed data encompasses research, agreements, financial details, applications, photos, IDs, and system schematics. The leak also contains confidential data related to major Turkish defense companies including Aselsan, Havelsan, and Roketsan.
-
Sep 12, 2024
A Threat Actor claims to have breached Israeli-based Sacara
In September 2024, a threat actor named 888 claimed to have breached Sacara and to have gained access to its database. According to the threat actor, nearly 700 thousand rows of user data belonging to Sacara's customers were taken, including club codes, customer names, addresses, phone numbers, dates of birth, and email addresses.
-
Sep 12, 2024
IntelBroker Claims To Have Breached Rapid E-Suite, Stealing Entirety Of Its Source Code
In September 2024, a threat actor named intelbroker claimed to have breached Rapid E-Suite and to have gained access to its database. According to the threat actor, the entire source code, along with PDFs and hardcoded credentials belonging to rapidesuite's customers, was taken.
-
Sep 11, 2024
Database of 'Cultura' Offered for Sale on a Cyber Crime Forum
The French retailer Cultura fell victim to a data breach in which threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44,' claims to have obtained over 2 million records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data, along with a Telegram contact for further inquiries.
-
Sep 11, 2024
Database of 'Truffaut' Offered for Sale on a Cyber Crime Forum
The French company 'Truffaut' has fallen victim to a data breach, where threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44', claims to have obtained over 270,000 records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data and shared a Telegram contact for further inquiries.
-
Sep 10, 2024
Database of the Government of Godoy Cruz, Argentina exposed
The threat actor **GODHAND ** posted on the cybercrime forum, known as "BreachForums," a DataBase related to the "Obras Particulares of Godoy Cruz, Argentina government", mainly related to the Architecture, Construction, and Fire Prevention Plans. According to the threat actor, the information contains multiple plans from different private buildings with electrical, fire prevention, and architectural details, as well as JSON API responses containing emails and user details. Furthermore, They claim to have additional internal files and documents that can be negotiated via PM.
-
Sep 10, 2024
Metro Pacific Tollways Corporation's EasyTrip RFID Systems Breached by DeathNote Hackers
On September 07, 2024, the DeathNote Hackers announced via their official channels that they have breached Metro Pacific Tollways Corporation's (MPTC) EasyTrip RFID systems. Nearly 1 million (~972,848) EasyTrip records were impacted by this breach, including customers' reloading balances, pre-loaded toll accounts, reload transactions, toll card insertion logs, successful and invalid adjustment activities, API logs, OBUID Number,Exit Plaza Name , RFID Numbers, Support Numbers, TID, EPC, Plate Numbers, Account Numbers, Customer Names, Ref Numbers, Balance Amount, Email logs, Extension logs, General logs, Service Action logs, Mobile Request logs, Integration logs, Screen logs, Timer logs, Credentials, and Active Directory Configurations. As Philippine tollway corporations slowly migrate to 100% contactless payment and toll access using RFIDs, this data breach could highly impact EasyTrip customers. Threat actors could use exposed customers' data to conduct malicious campaigns and social engineering attacks.
-
Sep 09, 2024
Akira Ransomware Group exploited SonicWall SSLVPN access control flaw in their attacks
SonicWall has issued a warning that a recently patched access control vulnerability, tracked as CVE-2024-40766, is potentially being exploited in the wild. It urges administrators to apply the necessary updates immediately. The flaw, with a critical CVSS score of 9.3, affects SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices. It allows unauthorized access to resources and potentially crashes the firewall, thus compromising network protections. Initially disclosed in August 2024, the flaw was believed to impact only SonicOS management access, but SonicWall has since confirmed that it also affects the firewall’s SSLVPN feature. The company advises administrators to limit firewall management to trusted sources, restrict SSLVPN access, and implement multi-factor authentication (MFA). Reports suggest that the Akira ransomware group is among the attackers exploiting this vulnerability. SonicWall emphasizes the importance of applying patches promptly to protect against these ongoing threats.
-
Sep 09, 2024
New Android SpyAgent Malware Steal Crypto Wallet Recovery Keys
Android users in South Korea have become the target of a new malware campaign distributing a threat called SpyAgent. This malware, according to McAfee Labs, scans devices for images containing mnemonic keys, which are recovery phrases used to access cryptocurrency wallets. The campaign has expanded beyond South Korea, now affecting users in the U.K. as well. SpyAgent spreads through fake Android apps disguised as legitimate banking, government, streaming, and utility apps, with over 280 such apps detected this year. Users are tricked into downloading the malware via SMS messages containing links to APK files hosted on deceptive websites. Once installed, SpyAgent requests intrusive permissions to access sensitive data like contacts, photos, SMS messages, and other device information. The malware’s key feature is its use of optical character recognition (OCR) to steal mnemonic keys, potentially giving attackers access to victims' cryptocurrency wallets. McAfee Labs also discovered significant security lapses in the malware's command-and-control (C2) infrastructure, including an exposed server hosting victim data and an admin panel for remotely controlling infected devices. Moreover, the malware has shifted its communication method from HTTP to WebSocket connections, making it harder to detect by traditional network monitoring tools.
-
Sep 08, 2024
ASD3312 - Tourism Authority of Thailand - 06-09-2024
On September 6th, a threat actor named "ASD3312" posted regarding a data breach on Breachforums targeting "Polri" - The Tourism Authority of Thailand. The breach contains personal information of Tourism Authority of Thailand customers such as Name, Phone Number, Address, Destination, Planned Duration, Accommodation and more
-
Sep 08, 2024
Everest Ransomware Group has allegedly attacked Mitsubishi Chemical Group - 2024-08-31
Everest Ransomware group has claimed to have attacked Mitsubishi Chemical Group, a chemical manufacturing company based in Tokyo, Japan. The group claims to have gained access to 6TB of organizational data and offers it for sale.
-
Sep 08, 2024
EagleCyber--74 - Polri (Indonesian National Police) - 05-09-2024
On September 5th, a threat actor named "EagleCyber--74" posted regarding a data breach on Breachforums targeting "Polri" - The Indonesian National Police. The breach contains personal information of Polri employees, including ID numbers, rank, first and last names, position, unit, address, phone number, and more.
-
Sep 08, 2024
Database of VK is offered for sale
The threat actor Hikkl-Chan is offering the DB for download on Breached Forums. VKontakte (VK), one of Russia's largest social networking platforms, suffered a significant data breach, exposing personal information belonging to hundreds of millions of users. The leaked data includes user IDs, names, surnames, gender, profile images, countries, and cities. The database, containing 390,425,718 records, is available in a 27.66GB uncompressed file (7.04GB compressed).
-
Sep 08, 2024
Pro-Russian Hacktivist Group CyberVolk Claims Infiltration of Elmi Elettromeccanica
The pro-Russian hacktivist group CyberVolk has claimed responsibility for an alleged infiltration of Elmi Elettromeccanica, an Italian company. In a recent post, the group stated that they had "examined" the company's systems, describing the results as “usual.” The message, shared on their Telegram channel, included a link to the company’s website and was tagged with hashtags like #OpItaly and #Global, suggesting a continued focus on Italian targets.
-
Sep 05, 2024
City of Makati - Under Cyber-Attack by "wypoondevx"
This week, the City of Makati, Philippines experienced multiple cyber-attacks conducted by a threat actor - wypoondevx. The breaches occurred in different sectors within Makati City, namely - Makati Government (makati.gov.ph), Makati Medical Center, and University of Makati. The threat actor is quite new in the Philippine Threat Landscape who started conducting cyber-attacks in May 2024, following the recent April Lulz campaign. He initially used the alias "executivedevx" and later on changed to "wypoondevx." As observed from his nefarious activities, he mainly targets organizations located in Makati City. In June 2024, he attacked Toyota Makati Philippines (TMP) which exposed sensitive customer information.
-
Sep 03, 2024
The Comeback of Philippines Exodus Security (PHEDSS) Gang
In June 2024, a Philippine threat group — Philippines Exodus Security — announced its end of operation. They were behind the Denial-of-Service attacks targeting local banks and government organizations during the "April Lulz 2024" campaign in the Philippines. On September 01, 2024, their Botnet known as "Exodus," is back online. Their comeback was announced on their official Telegram channel, and they started by attacking the Presidential Communications Office (pco.gov.ph). One of their administrators — Ghost Exodus PH (a.k.a. GhostXPH) — has mentioned that new configurations were added to their Botnet tool, namely: Rossetta_SKY, Volcano_V3, and ZMB_POWER.
-
Aug 29, 2024
'Handala' Hacker Group Claims Breach to Israeli Company 'Appletec Ltd'
The 'Handala' hacker group claims to have breached the Israeli company 'Appletec Ltd,' a distributor of electronics, optical components, and value-added services for the communications, industrial/medical, and defense sectors. The group alleges they have acquired 7 TB of confidential company data, including emails, financial and administrative documents, personnel information, and more. No samples have been released so far, but 'Handala' has stated their intention to release the full alleged stolen data soon.
-
Aug 29, 2024
Sensitive Military Data of BAE Systems Allegedly for Sale by Just Evil
A recent post on the Telegram channel "Just Evil" claims to offer highly sensitive data for sale, allegedly stolen from the British multinational defense, security, and aerospace company BAE Systems. The post, written in Russian, advertises "leaky engineering project files" totaling over 150 GB of data. The data reportedly includes comprehensive details on military airfield projects, covering everything from radar systems and air defense to the layouts of facilities, including bathroom dimensions.
-
Aug 29, 2024
Rappi Database Full Database for Download
The threat actor **Satanic** posted on Breachforums 3 Databases for download related to a potential July breach of the Latin American company Rappi as well as their subsidiaries Rappi Carga and Rappi Pay. According to the threat actor, the databases contain customers' information, including names, physical and email addresses, phone numbers, payment and financial information, contracts, etc.
-
Aug 28, 2024
Data Breach on Supreme Court of the Philippines Exposing Sensitive Legal Information
On August 27, 2024, a threat actor named "grep" posted in BreachForums about a data breach information on the Supreme Court of the Philippines. The breach has impacted around ~13,000 rows of sensitive data, which contain Assessment Numbers of legal cases and applications, Full Name of individuals involved in the legal case, Case Categories and Types, Date Files, Payment Date, and Payment Status.
-
Aug 28, 2024
Alleged Data Breach on Vaccine Records from Ospital ng Makati Affecting 19,000 Individuals
Recently, one of the DeathNote Hackers members - Slashie - shared an information that he breached Ospital ng Makati (OSMAK) - located in the Philippines - which impacted vaccine records of 19,000 individuals. According to the threat actor, they have infiltrated the hospital's system by exploiting a vulnerability. The threat actor has not yet posted the data publicly; they just want to deliver this breach information so that the hospital can take immediate action to secure its systems. The exposed information includes vaccine type, vaccination dates, full name of the individuals, and the location of the vaccination site.
-
Aug 26, 2024
Meta Exposes Iranian Threat Actors Targeting Global Political Figures on WhatsApp
Meta Platforms revealed on Friday that it had uncovered the activities of an Iranian state-sponsored threat actor, known as APT42 or Charming Kitten, using a small cluster of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The targets included political and diplomatic figures, some of whom were linked to the Biden and Trump administrations. APT42, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), is notorious for its sophisticated social engineering tactics aimed at stealing credentials through spear-phishing. The WhatsApp accounts, which posed as technical support from companies like AOL and Google, were blocked by Meta after being detected. This revelation aligns with broader concerns about Iran’s efforts to undermine U.S. elections and sow division within the American public.
-
Aug 26, 2024
Breach Forums Listing by ZeroSevenGroup Offers Access to Turkish Defense Firm
A new listing by the threat actor ZeroSevenGroup on Breach Forums offers full access to a defense and space manufacturing company in Turkey. The access, which includes Command and Control (C2) capabilities, shell access, and administrator privileges, is being sold for $20,000, though the price is negotiable. The listing indicates that the compromised network consists of 125 devices, with domain admin access available. Interested buyers are instructed to contact the seller via private message.
-
Aug 26, 2024
XSS Forum Listing by ZeroSevenGroup Sells Access to Brazilian Energy Firm
A post by the TA ZeroSevenGroup on XSS forum is advertising full network access to a Brazilian company in the electricity, oil, and gas industries. The company, which has reported revenue of $5.3 million, is being offered for sale with claimed administrator-level access and Command and Control (C2) capabilities. The asking price is $10,000, and the seller is willing to work with a guarantor to facilitate the transaction.
-
Aug 22, 2024
Virgin Mobile - Breach - 2024-08-21
On August 21, 2024, the threat actor "576" disclosed a massive data breach involving Virgin Mobile LATAM. The breach exposed over 1.7 TB of data from the Mexico, Colombia, and Chile branches. The leaked data includes user and employee information, payment records, CDR data, SIM card details, and subscriber IDs. Additionally, the threat actor offers domain administrator access to approximately 700 hosts, SSH keys, and AWS keys. Sample files include a database with 1.1 million lines detailing user credentials and other sensitive information. In Addition, it seems some of the company's domains have been taken down in the process.
-
Aug 21, 2024
Credentials Associated with Philippines' Civil Service Commission Web-based Portal Leaked Publicly
On August 12, 2024, an Indonesian threat group — Z-BL4CX-H4T — consolidated several exposed credentials associated with the Philippines' Civil Service Commission and posted them on their Telegram channel. Based on Cyberint's sources, the credentials were highly likely exposed due to infection of Infostealer malware on devices where Civil Service Commission credentials have been used or stored. The affected credentials are part of "ighrs.csc.gov.ph."
-
Aug 21, 2024
Alleged Data Breach on Chinese General Hospital and Medical Center
On August 20, 2024, a threat actor — MaPaDedSec — posted data breach information in BreachForums targeting Chinese General Hospital and Medical Center located in the Philippines. It is one of the oldest hospitals in the Philippines, founded during the Spanish occupation of the country with donations from Chinese immigrants. The threat actor has joined BreachForums recently (August 2024) and this breach is his/her only post in the said underground forum. According to the threat actor and the sample data provided, the exfiltrated data contained sensitive information related to Chinese/Filipino doctors and patients in the said hospital. The threat actor has not shared an exposed data count, just sample data that includes information on sixty-five (65) doctors/patients.
-
Aug 21, 2024
Philippine-based Threat Group - DeathNote Hackers - Gained Unauthorized Access to Senate of the Philippines' Web-based Portal and SharePoint Site
On August 20, 2024, DeathNote Hackers posted on their Telegram channel and Facebook page that they have gained access to Senate of the Philippines' SSL VPN Web Portal. This incident was led by the current DeathNote Hackers leader - Klammer. Gaining unauthorized access to the portal had led to exposure of the Senate Legislative Information System and SharePoint Site, which includes Business Sessions documents, Legislative Calendars, Statistical Data on Bills, Senate Agendas, and more. The unauthorized access to the web-based portal highly likely occurred due to the use of weak credentials, as observed by Cyberint. Based on Cyberint's sources, this credential has been exposed on several malware log dumps.
-
Aug 19, 2024
European KYC Data Offered For Sale
The threat actor xyloen on Breached Forums is offering 165,750 records totaling 185 GB, sourced from various European e-commerce platforms. The data claimed to be collected just one month ago, includes personal information from multiple countries, with the largest volumes coming from France (37,220 records), Italy (23,115 records), and Spain (18,965 records). Other affected nations include Germany, the United Kingdom, and several others across Europe. The seller is offering the data for $1,100, accepting cryptocurrency payments, and limiting the sale to just three buyers. Interested parties are directed to contact the seller via Telegram for further details. Proof of data is available upon request.
-
Aug 19, 2024
-
Aug 19, 2024
Indonesia data of Toyota Astra Indonesia is offered for sale on a deep-web forum
A deep-web forum user, agreindex, is offering for sale Toyota Astra Indonesia, a joint venture between Toyota Motor Corporation and PT Astra International's full database, clients, orders, and payment details. In addition, he includes samples of the data offered for sale.
-
Aug 19, 2024
Threat Actor selling Access to Unknown Mexican Organization
The Threat Actor **MorganBH** posted on the "XSS" forum that he is selling access to a Mexican organization/ (Branch) or a Korean company. The threat actors claim that the company is related to the Automotive and Construction industries. Additionally, the post mentions that the access is Domain Admin and that the company has a revenue of $566M. The threat actor is selling the access for $4,000
-
Aug 19, 2024
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
Cybersecurity researchers have identified a new stealer malware called Banshee Stealer, specifically designed to target Apple macOS systems. Sold on the cybercrime underground for $3,000 a month, Banshee Stealer is a versatile threat capable of targeting both x86_64 and ARM64 architectures. It focuses on stealing data from various web browsers, cryptocurrency wallets, and around 100 browser extensions, including Safari, Chrome, Firefox, Brave, and others. The malware also collects system information, iCloud Keychain passwords, and data from specific file types while using anti-analysis techniques to evade detection. Additionally, it avoids infecting systems with Russian as the primary language and employs a fake password prompt to escalate privileges. This discovery highlights the growing focus on macOS-specific malware as cybercriminals increasingly target Apple users.
-
Aug 19, 2024
Microsoft Patches Zero-Day Flaw Exploited by North Korean APT
A newly patched security flaw in Microsoft Windows, tracked as CVE-2024-38193 with a CVSS score of 7.8, was exploited as a zero-day by the North Korean state-sponsored Lazarus Group. This vulnerability, found in the Windows Ancillary Function Driver (AFD.sys) for WinSock, allowed attackers to gain SYSTEM privileges, enabling unauthorized access to sensitive system areas. Discovered by researchers from Gen Digital, the flaw was addressed in Microsoft's August 2024 Patch Tuesday update. The Lazarus Group exploited this bug using a rootkit named FudModule to evade detection, mirroring a similar attack earlier in 2024 that leveraged another privilege escalation vulnerability. Unlike traditional BYOVD attacks, these exploits take advantage of security flaws in drivers already present on the target system, highlighting the group's sophisticated tactics.
-
Aug 19, 2024
RanshomHub deploys new malware to kill security software
RansomHub ransomware operators have started using new malware, dubbed EDRKillShifter, to disable Endpoint Detection and Response (EDR) software through Bring Your Own Vulnerable Driver (BYOVD) attacks. This malware deploys a legitimate but vulnerable driver on targeted devices to escalate privileges, disable security solutions, and gain control of the system. Although popular among various threat actors, the EDRKillShifter tool failed in a May 2024 incident when it attempted to disable Sophos protection, triggering the endpoint agent's CryptoGuard feature. Sophos discovered two malware variants exploiting different vulnerable drivers based on proof-of-concept code available on GitHub.
-
Aug 16, 2024
Another Group of Chinese Nationals Apprehended by National Bureau of Investigation in the Philippines for Cyber-related Scam Operations
On August 14, 2024, the National Bureau of Investigation (NBI) arrested six (6) Chinese Nationals - namely XIAOJUN WANG, XUE FENG ZHANG, KE XIN GE, DIE LIU, YU JIE WANG, and HONG HONG ZHU - in Pampanga, Philippines. According to NBI, these scam operators are involved in conducting scam activities related to romance scam scripts, messaging applications with fictitious accounts, bank accounts, and fraudulent cryptocurrency investment platforms, and are engaged in fraudulent activities globally. NBI retrieved the malicious scripts and tools used by the scam operators, which are being utilized for catfishing scams, credit card scams, cryptocurrency scams, and fake investment scams.
-
Aug 16, 2024
Scam Hubs in Philippines Infiltrated by National Bureau of Investigation (NBI), Twenty-nine (29) Scam Operators, Arrested
On August 09, 2024, the National Bureau of Investigation (NBI) tracked and infiltrated four houses in Cavite, Philippines, which served as Scam Hubs, where twenty-nine (29) scam operators - 3 Chinese Nationals, 2 Malaysians, and 24 Filipinos - got apprehended. According to NBI, these Scam Hubs are where activities like romance scams, investment scams, crypto scams, impersonation scams, and credential stuffing are being prepared and operated.
-
Aug 15, 2024
Threat Actor selling access to multiple Government authorities on different countries
The threat actor **dk0m** is selling access to multiple government institutions in different countries, including Argentina and Brazil. According to the post, the information in question includes access: - Argentina (Police, Ministry Of Security, Mendoza Government Officials, Specific Network Internal Administrator Access (Cisco), Police Campus Account) - Brazil (Police / Military, Panel Access / Data (Gas, Traffic, Suicide Rates, Fuel), Federal Documents Panel, Intranet VPN Accounts) No price was mentioned.
-
Aug 14, 2024
-
Aug 14, 2024
Alleged Data Breach on Clark International Airport and Philippine Airlines Exposing 12+ Million Passengers Data
On August 13, 2024, an alleged data breach involving a Clark International Airport and Philippine Airlines. This was posted in several Telegram channels, such as LockBit, and a Chinese-speaking channel. According to the posts, approximately 12.8 million airline passengers data were impacted by this potential breach. From the sample data provided in one of the Telegram channels, the exposed data includes passenger's passport number, birthdate, full name, phone number, gender, and address.
-
Aug 13, 2024
Database Allegedly Belonging to the Israeli Ministry of Welfare and Social Affairs Leaked
A database allegedly belonging to the Israeli Ministry of Welfare and Social Affairs has been leaked and is currently offered for download on 'BreachForums' by a threat actor known as "HikkI-Chan." According to the threat actor, the database contains over 457,000 records, including personal information such as names, email addresses, dates of birth, gender, ID number, and more.
-
Aug 12, 2024
Alleged Access for a Major Israeli Organization Offered For Sale
The threat actor 'ZeroSevenGroup' is offering alleged full network access with administrator privileges to an Israeli company in the Organization & Foundations sector on 'BreachForums'. According to the threat actor, this company partners with several Israeli government ministries. The asking price for this access has not been disclosed.
-
Aug 12, 2024
LulzSec_Muslims Targets CitizenGO, Spain’s Largest Conservative Organization
The hacktivist group LulzSec_Muslims claims to have breached CitizenGO, one of Spain's most prominent conservative advocacy organizations. Founded in 2013 by the ultra-Catholic group HazteOir, CitizenGO is known for its staunch opposition to gender ideology. The hackers claim to have extracted 95,000 pieces of user data, including names, addresses, phone numbers, documents, and correspondence with businessmen and high-ranking officials in Spain.
-
Aug 12, 2024
Exploit released for Cisco SSM bug allowing admin password changes
Cisco has issued a warning about the availability of exploit code for a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) license servers. This flaw, identified as CVE-2024-20419, allows attackers to remotely change any user password, including administrator accounts, without needing to know the original credentials. The vulnerability arises from an improper implementation in the password-change process, which can be exploited by sending specially crafted HTTP requests to affected devices. While Cisco is aware of the proof-of-concept exploit code, they have not yet found evidence of this flaw being exploited in the wild. Administrators are strongly advised to update their SSM On-Prem servers to the latest patched versions, as no workarounds are available. This warning follows recent patches by Cisco addressing other severe vulnerabilities, including one that allowed attackers to create users with root privileges and another zero-day flaw exploited on MDS and Nexus switches.
-
Aug 12, 2024
Threat actors leak 2.7 billion data records with Social Security numbers
Nearly 2.7 billion personal records of U.S. residents were leaked on a hacking forum, exposing sensitive information such as names, social security numbers, addresses, and possible aliases. The data allegedly originated from National Public Data, a company known for collecting and selling personal information for background checks and investigations. Although the breach was initially linked to the threat actor "USDoD," who claimed to be selling the data for $3.5 million, another hacker named "Fenice" eventually leaked the data for free on August 6, 2024, on the Breached hacking forum. The leaked data includes two text files totaling 277GB. While it doesn't encompass the 2.9 billion records initially claimed, it still contains extensive personal information. Some records are outdated or inaccurate, leading to multiple class action lawsuits against National Public Data. If you live in the U.S., some of your personal information has likely been exposed. It is advised to monitor your credit report for any fraudulent activity and remain cautious of phishing attempts.
-
Aug 12, 2024
Chinese hacking groups APT27 & APT31 target Russian Entities
A series of cyberattacks beginning in late July 2024, targeting Russian government organizations and IT companies, has been linked to Chinese hacker groups APT31 and APT27. The campaign employs an updated version of the CloudSorcerer backdoor, previously seen in a similar cyberespionage operation in May 2024. The attack starts with phishing emails that deploy a backdoor via DLL side loading, allowing attackers to execute commands, exfiltrate data, and introduce additional malware like the GrewApacha trojan and a new backdoor called PlugY. Notably, the campaign highlights the ongoing cyberespionage activities between allied countries with strong diplomatic ties, such as China and Russia, demonstrating the complexity of their relationship.
-
Aug 11, 2024
-
Aug 11, 2024
Kavim Transportation Company Database Leaked on BreachForums
A database belonging to the Israeli transportation company "Kavim" has been leaked and is currently offered for download on 'BreachForums' by a threat actor known as "HikkI-Chan." According to the threat actor, the database contains nearly 29,000 records, including personal information of Kavim's users, such as full names, email addresses, ID numbers, phone numbers, and more.
