Tag: DARK WEB

Bosowa Berlian Motor Allegedly Breached
Summary: A recent dark web post claims that PT Bosowa Berlian Motor has suffered a significant data breach, involving the compromise of its database and website source code. The exposed data reportedly exceeds 5 GB, including SQL database files and a large number of tables. This incident raises concerns about the security of sensitive information related to one of Indonesia’s major automotive companies.…
Read More
Security Implications of Low-Code/No-Code Platforms: The Unseen Cyberwar
This article provides a thorough analysis of the security vulnerabilities associated with low-code/no-code (LCNC) platforms, exposing architectural flaws and real-world breaches. It outlines case studies involving significant breaches such as Microsoft Power Apps and Airtable, highlighting the negligence of platform providers. A call to action for stronger security practices and vendor accountability concludes the report.…
Read More
Who are Hellcat Ransomware Group? | Bridewell
The Hellcat Ransomware Group is a newly identified Ransomware-as-a-Service (RaaS) threat group, recognized for targeting various organizations, especially in telecommunications and government sectors. Their operations reveal sophisticated tactics, including phishing, exploitation of public-facing applications, and deployment of PowerShell for maintaining persistence. The group has shown strong ties with other ransomware actors and employs unique methods for data exfiltration.…
Read More
Emulating the Relentless RansomHub Ransomware
RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) operation targeting organizations globally, implementing a double-extortion model that encrypts and steals sensitive data. The encryptor, encoded in C++ or Go, presents challenges for security analysis due to its password requirement for execution. Potential links to previous ransomware groups like Knight and BlackCat/ALPHV are noted.…
Read More
[Law] The US sanctions Iranian man behind the Nemesis Dark Web marketplace
Summary: The US Department of the Treasury has sanctioned Behrouz Parsarad, an administrator of the now-defunct Nemesis Dark Web marketplace, which trafficked in illicit goods and services. Parsarad is accused of continuing efforts to relaunch the marketplace despite prior shutdown attempts by authorities. The sanctions have frozen his assets in the US, prohibiting any financial transactions and warning institutions against dealings with his associated cryptocurrency addresses.…
Read More
Dark Web Profile: Ghost (Cring) Ransomware – SOCRadar® Cyber Intelligence Inc.
The Ghost (Cring) ransomware is a critical cybersecurity threat primarily targeting organizations with vulnerable systems, including healthcare, finance, government, and education sectors. This ransomware employs sophisticated techniques such as exploiting vulnerabilities, lateral movement, and advanced evasion methods to encrypt sensitive data and demand ransom payments. Affected: healthcare, financial services, government, critical infrastructure, manufacturing, education, professional services, retail, e-commerce

Keypoints :

Ghost (Cring) ransomware has been active since at least 2021, targeting vulnerable internet-facing systems.…
Read More
Alleged TP-Link Exploit for Sale on Dark Web
Summary: A threat actor has advertised a sophisticated remote code execution exploit targeting TP-Link routers running LuCI-based firmware. The tool allegedly allows for complete control over the devices, exfiltrating sensitive data, and propagating across networks using default credentials. The exploit is offered for sale, with prices starting at ,000, highlighting its advanced capabilities compared to similar tools in underground markets.…
Read More
Unveiling EncryptHub: Analysis of a Multi-Stage Malware Campaign
EncryptHub, a notable cybercriminal organization, has gained increasing attention from threat intelligence teams due to its operational security missteps. These lapses have allowed analysts to gain insights into their tactics and infrastructure. The report details EncryptHub’s multi-stage attack chains, trojanized application distribution strategies, and their evolving killchain, making them a significant threat in the cyber landscape.…
Read More
PrintSteal : Exposing unauthorized CSC-Impersonating Websites Engaging in Large-Scale KYC Document Generation Fraud
The report examines a widespread criminal operation involved in producing and distributing fake Indian KYC (Know Your Customer) documents via platforms like crrsg.site, which has generated over 167,391 fraudulent documents. This operation exploits a network of affiliates and illicit APIs to maintain extensive reach and profitability, with an estimated profit of ₹40 Lakh.…
Read More
Toronto Zoo shares update on last year’s ransomware attack
Summary: The Toronto Zoo experienced a ransomware attack in January 2024, resulting in a data breach affecting personal and financial information of employees, volunteers, and donors. The stolen data includes names, addresses, phone numbers, email addresses, and the last four digits of credit card numbers. The attack was claimed by the Akira ransomware group, which has a history of targeting various organizations worldwide.…
Read More
AI’s Role in Turning Massive Data Leaks into Hacker Paydays: A Look at the Orange Breach
Breaches involving companies like Orange, Schneider Electric, and Telefonica often begin with infostealers acquiring sensitive credentials, leading to substantial internal data leaks. Hackers leverage AI to efficiently analyze and extract valuable information from these massive datasets, turning previously chaotic data into actionable intelligence. Affected: Orange, Schneider Electric, Telefonica

Keypoints :

Recent breaches often start with infostealers that collect JIRA or Confluence credentials.…
Read More
Alleged Sale of Georgian Government Email Access Surfaces on Dark Web
Summary: A dark web forum post claims unauthorized access to an email account linked to Georgia’s National Agency of Public Registry is being sold. This compromised account allegedly has access to Meta’s Law Enforcement Portal, which could enable various cyber exploits. The seller has priced the access at 9 USD, detailing several potential malicious uses, including social engineering attacks and emergency data requests.…
Read More
Hunters International ransomware claims attack on Tata Technologies
Summary: The Hunters International ransomware gang has taken credit for a January cyberattack on Tata Technologies, claiming to have stolen 1.4TB of data. Despite the breach, Tata Technologies reported minimal impact on its operations and no disruption to client services. The gang threatens to release the stolen files unless a ransom is paid, but no specific details about the contents have been provided.…
Read More