Tag: DARK WEB

Lab provider for Planned Parenthood discloses breach affecting 1.6 million people
Summary: Laboratory Services Cooperative disclosed a data breach affecting approximately 1.6 million individuals, primarily involving sensitive medical and personal information. The breach, discovered on October 27, involved unauthorized access to files and has led to notifications being filed in multiple states. Victims have been offered one year of credit monitoring services, while concerns arise over the misuse of the sensitive data by various organizations.…
Read More
US lab testing provider exposed health data of 1.6 million people
Summary: The Laboratory Services Cooperative (LSC) has disclosed a data breach affecting approximately 1.6 million individuals, during which sensitive information was stolen from its systems. This incident, which occurred in October 2024, involved unauthorized access to personal and medical data, largely impacting those who received lab tests through select Planned Parenthood centers.…
Read More
Moroccan cybercrime group Atlas Lion hiding in plain sight during attacks on retailers
Summary: Researchers from cybersecurity firm Expel have uncovered a tactic used by the Moroccan cybercrime group Atlas Lion, which targets large retailers and other organizations by enrolling virtual machines into corporate cloud domains using stolen credentials. By mimicking a legitimate system, the group can maintain access and perpetrate fraud, such as issuing gift cards.…
Read More
South African telecom provider serving 7.7 million confirms data leak following cyberattack
Summary: Cell C, South Africa’s fourth-largest mobile network operator, has confirmed a data leak on the dark web following a cyberattack by the hacker group RansomHouse. The breach reportedly involved 2TB of sensitive customer data, including personal and financial information. The company is advising customers to be cautious about potential identity theft as they work with cybersecurity experts to address the situation.…
Read More
The CyberDiplomat’s Daily Report
This report outlines various global cybersecurity incidents, including sophisticated spyware targeting Tibetan and Taiwanese communities, scrutiny over Bangladesh’s Cyber Security Act, a DDoS attack on Indonesia’s Tempo.co, and breaches in Australia’s superannuation sector. Other highlights include malware threats in various regions and ongoing efforts to enhance cybersecurity across nations.…
Read More
Medusa Ransomware Claims NASCAR Breach in Latest Attack
Summary: The Medusa ransomware gang has claimed responsibility for a major data breach involving NASCAR, demanding a million ransom while threatening to release sensitive internal data. The group has already posted proof of their attack, including documents containing employee information and facility details. NASCAR has not yet responded to the allegations, raising concerns about the legitimacy of the claims and the potential implications for the organization.…
Read More
Python & MITRE ATT&CK: Part 2/15
The discussion focuses on the Resource Development phase of a phishing attack, highlighting the suspicious characteristics of a newly created domain intended for malicious purposes. Key indicators include a short domain lifespan, use of a free email address, questionable registration details, and DNS configuration anomalies. Affected: phishing attacks, cybercrime, domain registration.…
Read More
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Summary: The CEO of Aeza Group, a Russian tech company, was arrested in Moscow on charges of leading a criminal organization and drug trafficking. Along with two other employees, he faces allegations related to narcotics and links to state-sponsored disinformation campaigns. Aeza is also implicated in hosting cybercriminal infrastructure, including dark web drug marketplaces.…
Read More
Everest ransomware’s dark web leak site defaced, now offline
Summary: The Everest ransomware gang’s dark web leak site was hacked by an unknown attacker, who replaced its content with a sarcastic message. Security experts suggest a potential WordPress vulnerability may have facilitated the breach, leading to the current inaccessibility of the leak site. The Everest operation, known for its double-extortion tactics, has been active since 2020, targeting numerous organizations.…
Read More
Threat Actor Claims to Leak 600K Records from Spanish Robinson Database
Summary: A threat actor has claimed to have leaked over 600,000 records of sensitive personal data on a dark web forum, allegedly including names, identification numbers, and addresses. The data appears to span multiple years and primarily affects individuals from Spain, particularly those in Madrid. While the authenticity of the breach is yet to be verified, the actor has shared sample entries as evidence of the leak.…
Read More
Alleged Data Breach Targets Yucatán Government Website
Summary: A threat actor has claimed responsibility for a data breach involving the Yucatán government’s transportation website, leaking sensitive information from its system related to vehicles, drivers, and companies. The leaked data reportedly includes personal records such as names, license numbers, and geographic coordinates. Though the authenticity of the leak has not been independently verified, a sample dataset has been shared as proof of access.…
Read More
Alleged Data Breach Claims Surface Against Boulanger on Dark Web Forum
Summary: A threat actor has allegedly breached the French retail giant Boulanger, claiming to sell a database containing over four million user records on a dark web forum. The offered database, purportedly containing sensitive customer information, amounts to approximately 382 megabytes. However, the authenticity of the claim remains unverified, raising concerns about potential fraud in the data offered.…
Read More
Fast Flux is the New Cyber Weapon—And It’s Hard to Stop, Warns CISA
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have issued an advisory on “Fast Flux,” a technique used by cybercriminals to obscure malicious infrastructure. Fast flux involves rapidly rotating IP addresses to evade detection, posing significant challenges for cybersecurity professionals. The advisory calls for proactive measures from cybersecurity service providers to mitigate the rising threat associated with this covert tactic.…
Read More
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
Summary: A harmful PyPi package named ‘disgrasya’ has exploited WooCommerce stores to validate stolen credit cards, achieving over 34,000 downloads before its removal. This malicious script collects data from legitimate sites, simulates the checkout process, and sends card information to the attackers’ server for validation. Its vulnerability highlights the risks associated with open-source package distribution and the sophisticated tactics employed by cybercriminals.…
Read More
HELLCAT Ransomware Group Strikes Again: Four New Victims Breached via Jira Credentials from Infostealer Logs
Summary: The HellCat ransomware group has exploited stolen Jira credentials from infostealer malware to target four organizations: HighWire Press, Asseco, Racami, and LeoVegas Group. Hudson Rock reports that these attacks follow a pattern established by previous incidents, emphasizing the severe implications for the affected entities due to sensitive data exfiltration and the threat of ransom demands.…
Read More
Malloc Privacy Weekly
This week’s analysis highlights various cybersecurity threats, including the targeting of Serbian journalists with Pegasus spyware and the emergence of the Crocodilus mobile banking Trojan, which exploits accessibility services to steal sensitive data. Furthermore, significant privacy breaches have occurred across multiple platforms, including dating apps and financial services, raising alarm over user data security.…
Read More
Texas city warns thousands of utility payment site breach
Summary: Hackers compromised the utility payment website of Lubbock, Texas, stealing sensitive financial information from over 12,000 individuals. This breach affected anyone who made utility payments during the timeframe of December 18, 2024, to January 6, 2025. City officials identified a malicious pop-up window that captured users’ payment card details without breaching the city’s internal network.…
Read More
US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs
Summary: Ransomware gangs and Russian government hackers are increasingly using the “fast flux” technique to conceal the infrastructure used in cyberattacks, making it harder for law enforcement and defenders to track and block them. This method involves rapidly changing DNS records associated with a domain, complicating detection and blocking efforts.…
Read More