On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.…
Tag: DARK WEB
Summary: This content discusses the advertising of a new Android Remote Trojan called Viper RAT on dark web forums and its capabilities.
Threat Actor: Viper RAT | Viper RAT Victim: Android devices | Android devices
Key Point :
The Viper RAT is a new Android Remote Trojan that is being advertised on dark web forums.…MANILA, PHILIPPINES – Within this week, a series of data breaches, personal information from Toyota Makati, a renowned car dealership, Robinsons Malls, a prominent shopping mall chain, and S&R, a popular membership shopping club, has been compromised, affecting hundreds of thousands of customers.
Toyota Makati Data Breach:
An alleged data breach at Toyota Makati, discovered on May 29, 2024, has exposed over a terabyte of data spanning from 2016 to 2024.…
Intro
Read More Resecurity has uncovered a cybercriminal group that is equipping fraudsters with sophisticated phishing kits to target banking customers in the EU. These kits are designed to intercept sensitive information, including credentials and OTP codes. The attackers use various social engineering tactics to trick victims into revealing their sensitive information.…
Published On : 2024-06-03
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the Vidar Stealer, an information stealer operating as a malware-as-a-service. The research explores the tactics employed by threat actor(s) to evade detection on the system and over the network, as well as their techniques for concealing malicious code and activities.…
Threat Actor: Unknown | Unknown Victim: QuoteWizard.com and LendingTree | QuoteWizard.com and LendingTree Price: $2,000,000 Exfiltrated Data Type: Personal information, partial credit card details, auto history and driving records, personal background information, tracking pixel data
Additional Information:
The data allegedly includes full customer details such as names, addresses, emails, phone numbers, and other personal information.…Threat Actor: ShinyHunters | ShinyHunters Victim: Ticketmaster | Ticketmaster Price: $500,000 Exfiltrated Data Type: Names, emails, addresses, phone numbers, ticket sales, and order details
Additional Information :
ShinyHunters, the current administrator of BreachForums, claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000.…Summary: Managed Service Partners (MSPs) highlight cybersecurity as their top concern in staying competitive in the market, with challenges including staying on top of security technologies, employing more security analysts, and maintaining awareness of the latest threats.
Threat Actor: N/A Victim: N/A
Key Point :
MSPs consider cybersecurity as their main concern for staying competitive in the market.…Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.
Threat Actor: phant0m | phant0m Victim: N/A
Key Point :
A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…Key Points
The cyber threat landscape has seen a significant increase in information-stealing (infostealer) malware activity, with a 30.5% rise in marketplace listings for “stealer logs” from Q3 to Q4 of 2023. This malware type has evolved to encompass more sophisticated tools that aim to harvest sensitive information such as usernames, passwords, and credit card details.…This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering reports. Let me introduce you to the Sekoia TDR team.
TL;DRSekoia Threat Detection & Research (TDR) is a multidisciplinary team dedicated to Cyber Threat Intelligence and Detection Engineering for the Sekoia SOC Platform.…Threat Actor: Unknown | Unknown Victim: du.ae (Emirates Integrated Telecommunications Company) | du.ae Price: $3200 USD Exfiltrated Data Type: Employee emails, network logs, customer device data
Additional Information:
The data breach involves du.ae, a prominent telecommunications company in the UAE. The leaked data is being offered for sale on the dark web for $3200 USD.…Published On : 2024-05-29
EXECUTIVE SUMMARYA critical vulnerability, identified as CVE-2024-3273, has been discovered in certain end-of-life (EOL) D-Link NAS devices, presenting a severe threat due to the lack of ongoing support and their high susceptibility to attacks. With a CVSS base score of 9.8, this vulnerability is extremely serious, potentially allowing unauthorized access, data theft, system modifications, or denial of service attacks.…
Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software.…
Intro
Read More During the Hajj season, there is an increased risk of online scams targeting individuals who are planning to make the pilgrimage to Mecca. Fraudsters employ various tactics to deceive and defraud unsuspecting pilgrims.
Hajj is a significant event for Muslims, and many save for years to be able to make the pilgrimage.…
Threat Actor: Unknown | Unknown Victim: Live Nation and Ticketmaster | Live Nation and Ticketmaster Price: Not specified Exfiltrated Data Type: Personal information, financial information, ticket sales, event information, order details, partial credit card details, customer fraud details, and other sensitive information
Additional Information:
The alleged sale involves the personal information of 560 million Live Nation and Ticketmaster users.…Summary: This article discusses the data breach faced by an Australian telecom company and the investigation and potential fines it is facing as a result.
Threat Actor: N/A Victim: Optus | Optus
Key Point :
An Australian telecom company, Optus, is facing an investigation and potential fines from the Office of the Australian Information Commissioner (OAIC) following a data breach in 2022.…Summary: A report has found that a majority of currently exploited software vulnerabilities are missing from the US National Vulnerability Database (NVD).
Threat Actor: N/A Victim: N/A
Key Point :
A VulnCheck report has revealed that 30 out of 59 known exploited vulnerabilities have not yet been analyzed by the NVD team.…In the ever-evolving landscape of cybersecurity threats, new groups like Hunt3r Kill3rs emerge with claims of disruptive capabilities. This analysis aims to provide an initial understanding of their activities, considering the limited timeframe and absence of concrete evidence substantiating their claims.
Hunt3r Kill3rs’ logo
Overview of Hunt3r Kill3rs:Hunt3r Kill3rs, a recently surfaced threat group, assert their prowess in cyber operations, including Industrial Control Systems (ICS) breaches, communication network intrusions, and web application vulnerabilities exploitation.…
Summary: A Morocco-based cybercriminal group known as Atlas Lion or Storm-0539 is targeting large retailers to fraudulently issue gift card codes to themselves, allowing them to generate their own money.
Threat Actor: Atlas Lion or Storm-0539 | Atlas Lion or Storm-0539 Victim: Large retailers | large retailers
Key Point :
A cybercriminal group known as Atlas Lion or Storm-0539 is breaching the systems of large retailers to fraudulently issue gift card codes to themselves.…