Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dark Web. Show all posts
Hackers
CVE CVEs Cybersecurity Dark Web Data Breach Data Leak data security FortiGate devices Hackers

Hackers Leak 15,000 FortiGate Device Configs, IPs, and VPN Credentials

 

A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials, significantly increasing security risks for affected organizations. 

Emerging on cybercrime forums and social media just this month, the Belsen Group has been actively promoting itself. As part of its efforts, the group launched a Tor website where it released the stolen FortiGate data, seemingly as a way to establish its presence in the hacking community. In a post on an underground forum, the group claimed responsibility for breaching both government and private-sector systems, highlighting this operation as its first major attack. 

The exposed data is structured within a 1.6 GB archive, organized by country. Each country’s folder contains multiple subfolders corresponding to specific FortiGate device IP addresses. Inside, configuration files such as configuration.conf store FortiGate system settings, while vpn-passwords.txt holds various credentials, some of which remain in plaintext. 

Cybersecurity researcher Kevin Beaumont examined the leak and confirmed that these files include firewall rules, private keys, and other highly sensitive details that could be exploited by attackers. Further analysis suggests that the breach is linked to a known vulnerability from 2022—CVE-2022-40684—which was actively exploited before Fortinet released a security patch. 

According to Beaumont, evidence from a forensic investigation into a compromised device revealed that this zero-day vulnerability provided attackers with initial access. The stolen data appears to have been gathered in October 2022, around the same time this exploit was widely used. Fortinet had previously warned that CVE-2022-40684 was being leveraged by attackers to extract system configurations and create unauthorized super-admin accounts under the name fortigate-tech-support. 

Reports from the German news site Heise further confirm that the leaked data originates from devices running FortiOS firmware versions 7.0.0-7.0.6 or 7.2.0-7.2.2. The fact that FortiOS 7.2.2 was specifically released to address this vulnerability raises questions about whether some systems remained compromised even after the fix was made available. 

Although the leaked files were collected over two years ago, they still pose a significant threat. Configuration details, firewall rules, and login credentials could still be exploited if they were not updated after the original breach. Given the scale of the leak, cybersecurity experts strongly recommend that administrators review their FortiGate device settings, update passwords, and ensure that no outdated configurations remain in use.
Read more »
Yahoo
Astaroth Phishing Authentication Cyber Attacks CyberCrime Cybersecurity CyberThreat Dark Web Gmail PHaas Telegram URL Yahoo

2FA Under Attack as Astaroth Phishing Kit Spreads

 


Astaroth is the latest phishing tool discovered by cybercriminals. It has advanced capabilities that allow it to circumvent security measures such as two-factor authentication (2FA) when used against it. In January 2025, Astaroth made its public debut across multiple platforms, including Gmail, Yahoo, and Office 365, with sophisticated technologies such as session hijacking and real-time credentials interceptions, which compromise user accounts across multiple platforms. 

SlashNext researchers claim Astaroth makes use of a reverse proxy called an evilginx-style proxy to place itself between legitimate login pages and users. As a result, the tool is capable of intercepting and capturing sensitive credentials, such as usernames, passwords, 2FA tokens, and session cookies, without triggering security alerts, thereby making the tool effective. 

It has been demonstrated that attackers who have obtained these session cookies will be able to hijack authenticated sessions, bypass additional security protocols, and gain unauthorized access to user accounts once they have acquired these cookies. Astaroth demonstrates the evolution of cyber threats and the sophistication of phishing techniques that compromise online security. This development highlights how cybercriminals have been evolving their methods of phishing over the years.

Clearly, Astaroth highlights how cybercriminals' tactics have evolved over the last decade, as phishing has evolved into a lucrative business. The sophistication of sophisticated attacks has now reached a point where it is now marketed like commercial software products, with regular updates, customer support, and testing guarantees attached to them. 

The attacker can intercept real-time credentials and use reverse proxy techniques in order to hijack authenticated sessions in order to bypass even the most robust phishing defences, such as Multi Factor Authentication (MFA), which are designed to protect against phishing attacks. Due to the widespread availability of phishing kits such as Astaroth, which significantly reduces the barrier to entry, less experienced cybercriminals are now capable of conducting highly effective attacks given that the barriers to entry have been significantly lowered. 

The key to mitigating these threats is to adopt a comprehensive, multilayered security strategy that is both comprehensive and multifaceted. It must have a password manager, endpoint security controls, real-time threat monitoring, and ongoing employee training to ensure that employees are aware of cybersecurity threats in real time. 

As an additional consideration, implementing Privillege Access Management (PAM) is equally vital, since it prevents unauthorized access to critical systems, even if login credentials are compromised, through the use of PAM. Business owners remain vulnerable to increasingly sophisticated phishing techniques that can circumvent the traditional defenses of their organisations without appropriate proactive security measures. 

The Astaroth phishing kit has been developed to enable a more effective method of bypassing multi-factor authentication (MFA). By using an evilginx reverse proxy, it intercepts authentication processes in real time as they are happening. By using Astaroth, attackers will be able to steal authenticated sessions and hack them seamlessly with no technical knowledge. Astaroth is different from traditional phishing tools, which capture only static credentials; instead, it dynamically retrieves authorization tokens, 2FA tokens, and session cookies. This tool is a man-in-the-middle attack that renders conventional anti-phishing defenses and multi-factor authentication protections ineffective by acting as an intermediary. 

Discovered by SlashNext Threat Researchers on cybercrime marketplaces, Astaroth is marketed as a tool that can be used easily. It is a 2-in-1 solution that sells for $2000 and includes six months of continuous updates, which includes the newest bypass techniques, as well as pre-purchase testing to demonstrate its effectiveness in real-world attacks if the buyer wants to establish credibility within cybercriminal networks. There is no doubt that the sophistication of phishing kits such as Astaroth, as well as the implementation of behaviour-based authentication, endpoint security controls, and continuous threat monitoring, are critical to organizations in order to defend themselves from these ever-evolving cyber threats that are continually evolving. 

As a means of expanding the company's customer base, Astaroth's developers have publicly revealed the methodologies they use to bypass security measures, such as reCAPTCHA or BotGuard, as a way of demonstrating the kit's effectiveness at circumventing automatic security measures. Cybercriminals in cybercrime forums and underground marketplaces are actively promoting Astaroth among their communities and are primarily distributing it through Telegram, leading to its widespread adoption among cybercriminals world-wide. 

There are several advantages to using these platforms, the most important of which is their accessibility, along with the anonymity they provide. This makes monitoring, tracking, and disrupting the sale and distribution of phishing kits very challenging for law enforcement agencies. There is a particular application known as Telegram which is commonly used by cybercriminals to communicate and to distribute their illicit activities due to its end-to-end encryption, private groups, and minimal oversight. This makes it very difficult for law enforcement to trace illicit activities on Telegram. 

It may not only facilitate the proliferation of Astaroth on the dark web, but also on underground marketplaces - both of which allow threat actors to engage in peer-to-peer transactions without disclosing their identities to each other. The fact that these platforms are decentralized, along with the fact that cryptocurrency payments are used in conjunction with them, adds more layers of protection for cybercriminals, making it even more difficult for authorities to take enforcement action against them. Astaroth continue to be embraced by cybercriminal communities and is lowering the barrier to entry for less-experienced attackers, which in turn is promoting phishing-as-a-service (PhaaS) models which are becoming more prevalent as a consequence. 

Due to the complexities posed by sophisticated phishing kits like Astaroth, security professionals emphasize the need for proactive security measures, which include real-time threat intelligence, endpoint detection, and multi-layered authentication strategies, as well as real-time threat intelligence. Aside from offering custom hosting solutions, Astaroth also offers bulletproof hosting, which will make Astaroth more resilient against legal authorities’ efforts to take down its websites. 

Cybercriminals are able to conduct attacks with minimal disruption in jurisdictions with weak regulatory oversight when using the phishing kit since it operates in jurisdictions that lack regulatory oversight. As a Field CTO of SlashNext, J Stephen Kowski believes that the emergence of Astaroth with regards to authentication is one of the most important implication that could be borne out by the fact that even the most robust authentication systems can be compromised if the attackers obtain the two-factor authentication (2FA) codes and session information during the authentication process in real time. 

Thomas Richards, Principal Consultant and Network and Red Team Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, has emphasized the sophistication and severity of the Astaroth phishing kit. According to Richards, this phishing kit demonstrates an advanced level of complexity, making it increasingly difficult for users to identify and avoid such attacks. "Traditional security awareness training often instructs users to recognize phishing attempts by looking for red flags such as suspicious URLs, grammatical errors, or lack of SSL certification. 

However, Astaroth’s highly sophisticated approach significantly reduces these indicators, making detection far more challenging," Richards stated. Furthermore, the infrastructure supporting these attacks is often hosted by providers that do not cooperate with law enforcement agencies, complicating efforts to dismantle these operations. In response to this growing threat, the United States and several European nations have imposed sanctions on countries that provide bulletproof hosting services, which are frequently exploited by cybercriminals to evade legal action. 

Richards advises users to exercise extreme caution when receiving emails that appear to originate from legitimate organizations and contain urgent requests for immediate action. Rather than clicking on embedded links, users should manually navigate to the official website to verify the authenticity of any alerts or account-related issues. This proactive approach is essential in mitigating the risks posed by advanced phishing campaigns like Astaroth. 

Organizations must implement advanced security measures beyond traditional login protections in order to protect themselves from these threats. According to Thomas Richards, a Principal Consultant and Network and Red Team Practice Director for Black Duck, a Burlington-based company that provides applications security solutions, Astaroth's phishing kit is sophisticated and quite severe. As Richards points out, this phishing kit shows a remarkable degree of complexity, which makes it increasingly difficult for users to identify and avoid attacks such as these as they run across them. 

It has always been taught to users during traditional security awareness training to look for red flags, such as suspicious URLs, grammatical errors, or a lack of SSL certification, so they can identify phishing attempts. Although these indicators are largely reduced by Astaroth's highly sophisticated approach, Richards noted that the detection of them is much more challenging as a result. The infrastructure that supports these malicious attacks is typically hosted by providers who do not cooperate with law enforcement agencies, which complicates the process of dismantling these attacks.

Several European countries and the United States have increased sanctions in response to its growing threat, increasing the chance that these countries (including the United States) will use defenseless host hosting services, which are regularly exploited by cybercriminals to avoid legal action and avoid repercussions for their crimes. 

The American scientist Richards urges users to exercise extreme caution if they receive an email that appears to be coming from a legitimate organization and contains urgent requests for action that need to be taken immediately. As a precaution, users should not click on embedded links in emails, but instead should visit the official site to verify the authenticity of any alerts they receive or account-related issues. Taking a proactive approach effectively mitigates the threats posed by advanced phishing campaigns such as Astaroth.
Read more »
Saim Raza
Cyber Crime Dark Web Internet Operation Talent Saim Raza

DoJ Cracks Down Pakistan Linked Dark Web Forums Impacting 17 Million

DoJ Cracks Down Pakistan Linked Dark Web Forums Impacting 17 Million

The US Department of Justice (DoJ) joined forces with international law enforcement to shut down a few Dark Web cybercrime forums, two operations that impacted underground markets associated with the attacks on millions of victims worldwide. 

Pakistani dark web forum shut down

Result? “Cracked” and “nulled” websites are down, along with the Pakistani “Saim Raza” network of dark web forums, also called “HeartSender.” The long-term implications of this operation are not known.

DoJ partnered with international agencies to crack down on cybercrime

First, DoJ with the Dutch National Police captured 39 domains operated by a Pakistani group known as Saim Raza (aka HeartSender). DoJ says Saim Raza has been working since 2020, selling fraud tools and phishing kits to the highest bidder throughout a network of dark websites. 

Criminals purchasing the tools are accountable for global business email compromise (BEC) attacks and other dangerous scams- against victims in the US who were robbed of $3 million. 

The DoJ believes Saim Raza made these “tools widely available on the open Internet” and “also trained end users on how to use the tools against victims by linking to instructional YouTube videos.” 

The group explained, “how to execute schemes using these malicious programs, making them accessible to criminal actors that lacked this technical criminal expertise.” Saim Raza also “advertised its tools as 'fully undetectable' by antispam software,” the agency said in its announcement.

More About "Cracked" & "Nulled" Dark Web Markets 

Called “Operation Talent,” the DoJ and Europol worked together to crack down the two dark web marketplaces, linked to cybercrimes against more than 17 million victims.

In a separate action, the DoJ participated in "Operation Talent," a Europol-backed international operation that disrupted the Cracked and Nulled Dark Web marketplaces. Together, the forums have been linked to cybercrimes against at least 17 million US victims.

The cracked marketplace surfaced in 2018, DoJ believes, having 4 million users, making $4 million in revenue, and hosting over 28 million cybercrime ads in its career.

“The Nulled website domain seizure meanwhile came in tandem with the unsealing of charges against one of its administrators, Lucas Sohn, an Argentinian national living in Spain,” says cybersecurity news portal Dark Reading. Nulled has been in the game since 2016, hosted 5 million users, and made $1 million per year, also listing over 43 million ads.

Read more »
Security System
Cyber Attacks Dark Web leaked credentials OSINT Security System

Dark Web Exposure Increases Risk of Cyber Attacks, Study Finds

 



A new research study has determined that any companies that are ever mentioned on the dark web will be much more vulnerable to cyberattacks. In collaboration with Marsh McLennan's Cyber Risk Intelligence Center, Searchlight Cyber has carried out research on more than 9,000 organizations, revealing that dark web exposure has a strong link to breaches in cybersecurity. This has established a critical urgency for businesses to track their presence online and develop better security protocols.


How the Dark Web Poses a Threat to Businesses  

The dark web is a hidden part of the internet where cybercriminals operate anonymously. It is commonly used for illegal activities, including the sale of stolen data such as passwords, financial records, and personal information. Many businesses are unaware that their sensitive data is already circulating on the dark web, making them prime targets for cyberattacks.

Based on the study, companies that experienced any type of exposure on the dark web suffered a 3.7% breach rate over four years. This simply means that after an organization's information hits underground marketplaces, hacking forums, or leaked databases, the chance of a security breach becomes a lot higher.

The researchers found several routes through which a company's information can find its way to the dark web, each step of which heightens the potential for cyberattacks: 

1. Exposed Employee Credentials  

In case employee login credentials (e.g., email and password) are leaked, the chances of hacking into a company increase by 2.56 times. The hackers use these leaked credentials to infiltrate internal systems without authorization.


2. References on Dark Web Marketplaces  

 Being associated with an underground trading platform increases a company's chance of being targeted by 2.41 times. Mainly, the hackers sell the stolen information to other attackers for use.  

3. Company Network Tied to Dark Web

If an organization's IT systems have activity on the dark web, whether intentional or accidental, an attack will happen 2.11 times more frequently.

4. Paste Sites Data Leaks 

Pastes are commonly used by hackers to share data that they have stolen from an organization. If a company's data is posted on such sites, there is an 88% increase in the possibility of breach.

5. Public Exposure through OSINT  

At times, some companies' information might be published due to either a misconfigured environment or breaches in data storage. If there is a firm's exposure within OSINT reports, then that increases the business's risk level by 2.05 times.

This research also demonstrated that companies featured in five or more of these risk categories had a 77% chance of facing a cyberattack than companies without any. 


How Companies Can Protect Themselves

Cyberattacks have been increasing by the day. Businesses, therefore, have to take proactive steps to ensure the security of their sensitive data. Experts say companies should consider taking the following actions: 


  •  Check the Dark Web Daily

Businesses must employ cybersecurity that scans the dark web for data breaches and responds immediately if data belonging to a company is located. 


  •  Strong Password Policies 

 Employees must be compelled to use strong passwords and to also activate MFA to block hackers from unauthorized access. 


  •  Frequently Update Security Systems

Software updates and system patches keep cybercriminals from exploiting vulnerabilities in outdated technology.


  •  Train Employees on Cybersecurity Risks 

  Human error is one of the biggest causes of cyber breaches. Educating staff on how to identify phishing scams and suspicious activities can significantly reduce security threats.


Why Dark Web Awareness is Crucial

According to Ben Jones, CEO of Searchlight Cyber, companies must be aware of their dark web exposure. Hackers, he explained, plan cyberattacks in underground forums and marketplaces and use leaked credentials to gain access to company systems.

By monitoring their exposure, strengthening their security policies, and educating employees, businesses will be able to minimize their risk and stay one step ahead of cybercriminals. Protect sensitive information before an attack happens and save money on security breaches.


Read more »
Online Privacy
Cyber Security Dark Web Deep Web Financial Scam Online Privacy

Understanding Dark Web Data Risks and Protecting Your Information

 

Are cybercriminals trafficking your private data on the Dark Web? This article provides a comprehensive overview of how data transfers on the Dark Web can impact your privacy and security.

The Dark Web is often portrayed as a mysterious, inaccessible corner of the internet. However, the internet is far more expansive than what most users access daily. The surface web, commonly known as the World Wide Web, represents only about 10% of the internet. The remaining portion primarily consists of the Deep Web, which contains content not indexed by standard search engines due to privacy and security measures.

The Dark Web vs. the Deep Web

Many people unknowingly access the Deep Web every day. This includes password-protected sites like email accounts, social media platforms, banking systems, corporate intranets, and databases for medical and legal records. These platforms are secured to protect sensitive information and are distinct from the Dark Web.

The Dark Web is a specialized segment of the Deep Web. It operates on encrypted networks known as "darknets," accessible only through specific software such as Tor. These networks use multi-layered encryption to conceal users' identities and locations, enabling anonymous communication and data sharing. This anonymity, combined with the untraceability of cryptocurrencies, fosters an environment conducive to illegal activities, including financial fraud and other cybercrimes.

Dark web scanners can help you determine if your credentials are compromised. Services like Keeper's free dark web scan allow users to input their email addresses. The tool then searches a database of billions of compromised login credentials for any matches, alerting users if their data has been exposed.

Steps to Protect Your Data from Dark Web Exposure

Digital identity protection tools offer more than just breach notifications. These tools provide actionable security prompts, such as "change your password" or "enable two-factor authentication." Following these steps can significantly reduce the risk of account takeovers and prevent cybercriminals from creating fraudulent accounts using your personal information.

However, completely removing your data from the Dark Web is not feasible. While laws like the General Data Protection Regulation (GDPR) grant "the right to be forgotten" on the Deep Web and surface web, enforcing this on the Dark Web remains challenging.

Enhancing Your Cybersecurity Measures

To safeguard against Dark Web threats, consider the following measures:

  • Use Strong, Unique Passwords: Avoid reusing passwords across multiple platforms.
  • Enable Two-Factor Authentication (2FA): Adds an extra layer of security to your accounts.
  • Regularly Monitor Accounts: Frequently check for suspicious activities in your financial and personal accounts.
  • Stay Informed: Keep up with cybersecurity best practices and emerging threats.

By taking proactive steps, you can mitigate the risks associated with data exposure on the Dark Web and better protect your digital identity.

Read more »
Shopping Scam
2FA Cyber Security Dark Web dark web breaches Fake Website Hacker attack Malware Attack Online Shopping phishing Shopping Scam

The Dark Web’s Role in Phishing and 2FA Security Breaches

 


Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.

Cybercriminal Tools: A Growing Threat

Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:

  • Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
  • Fake website templates: Start at $50, tricking users into sharing personal information.
  • Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
  • Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.

These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.

The Role of Stolen Cookies in Cybercrime

Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:

  • 154 million authentication cookies, 23.5 million of which remain active.
  • 37 million login cookies, with 6.6 million still usable.
  • 30 million session cookies capable of bypassing 2FA.

These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.

Protecting Yourself from Cyber Threats

Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:

  • Scrutinize links and websites to avoid phishing scams.
  • Switch to advanced authentication methods such as passkeys where available.
  • Stay informed about emerging cyber threats and adopt proactive security practices.

By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.

Read more »
Prison Security
Dark Web Data Breach Data Leak England and Wales Prison Security

Jailbreak Worries as Prison Maps Exposed on the Dark Web

 

The Ministry of Justice has taken immediate action to guarantee the security of prisons in England and Wales, following the discovery that jail blueprints had been leaked online. The government official claimed it was aware of a data leak following a Times report that detailed prison blueprints had been shared on the dark web in the last two weeks. 

Prison officials believe that organised crime groups are behind the leak in order to help them deliver drugs into prison yards and cells via drones, or even to facilitate an escape. 

The locations of cameras and sensors are reportedly included in the plans, and security officials are currently attempting to determine the source of the leak and the potential beneficiaries of the information. However, the Ministry of Justice did not specify which jails were engaged in the breach. 

A Ministry of Justice spokesman stated: "We are not going to comment on the specific detail of security matters of this kind, but we are aware of a breach of data to the prison estate and, like with all potential breaches, have taken immediate action to ensure prisons remain secure.” 

Prevention tips

Employ strong passwords: The most common cause of data breaches continues to be weak passwords, which enable attackers to steal user credentials and give them access to corporate networks. Furthermore, people often reuse or recycle passwords across multiple accounts, which means attackers can launch brute-force attacks to hack into additional accounts. As such, use strong passwords that make it harder for cyber criminals to steal credentials. Also, consider using a password manager. 

Use multi-factor authentication (MFA): Due to the inherent vulnerability of passwords, users and organizations should never rely on passwords alone. MFA forces users to prove their identity in addition to entering their username and password. This increases the likelihood that they are who they say they are, which can prevent a hacker from gaining unauthorized access to accounts and corporate systems even if they manage to steal the user’s password.

Educate and train employees: Organizations must educate employees on the risks they face online and advise them on the common types of cyberattacks and how to detect a potential threat. They also should provide regular training courses and top-up sessions to ensure employees always have cybersecurity at the top of their minds and that they are aware of the latest threats.
Read more »
ransomware builder
BreachForums Cyber Security Cybersecurity Dark Web Ethical Hacking good hacker hacking back honeypot strategy Penetration Testing Ransomware ransomware builder

Security Researcher Outsmarts Hackers with Fake Ransomware Tool

 

The debate surrounding the ethics and practicality of "hacking back" remains a heated topic within the cybersecurity community. When organizations face cyberattacks, is retaliating against the attacker a viable option? While opinions differ, one fact remains clear: breaking the law is breaking the law, regardless of intent.

However, in a fascinating case of strategic ingenuity rather than retaliation, a security researcher and penetration tester successfully infiltrated a notorious dark web criminal marketplace. This was less an act of hacking back and more a bold example of preemptive defense.

Quoting American philosopher Robert Maynard Pirsig, Cristian Cornea, the researcher at the heart of this operation, opened his riveting Medium post with, “Boredom always precedes a period of great creativity.” Inspired by these words, Cornea devised a clever honeypot strategy to target potential ransomware hackers frequenting the BreachForums marketplace on the dark web.

His plan revolved around creating a fake ransomware tool called the "Jinn Ransomware Builder," designed to lure cybercriminals. This supposed tool offered features to help bad actors deploy ransomware attacks. In reality, it was a honeypot—an elaborate trap with some real functionalities but embedded with hardcoded and backdoored command-and-control callbacks.

“Jinn Ransomware Builder is actually a honeypot,” Cornea explained, “but some of the features presented above are real.” For instance, the tool could initiate a remote connection and open a process with a server-hosted “CmD.eXE” executable. Other features, such as multi-language support and AES encryption, were merely designed to make the tool appear more authentic and appealing to malicious actors.

Cornea emphasized that his actions were performed within a controlled and simulated environment, ensuring no laws were broken. “I strictly discourage anyone else from executing such actions themselves,” he warned. He stressed the importance of staying on the ethical side of hacking, noting that the line between good and bad hacking is dangerously thin.

This operation highlights the creativity and strategic thinking ethical hackers use to combat cybercrime, reinforcing that innovation and legality must go hand in hand.
Read more »
SMTP servers
Authentication Cyber Security Cyber Threats Cybersecurity Dark Web Data Privacy email encryption email security Malware Distribution Phishing Attacks SMTP servers

New SMTP Cracking Tool for 2024 Sold on Dark Web Sparks Email Security Alarm

 

A new method targeting SMTP (Simple Mail Transfer Protocol) servers, specifically updated for 2024, has surfaced for sale on the dark web, sparking significant concerns about email security and data privacy.

This cracking technique is engineered to bypass protective measures, enabling unauthorized access to email servers. Such breaches risk compromising personal, business, and government communications.

The availability of this tool showcases the growing sophistication of cybercriminals and their ability to exploit weaknesses in email defenses. Unauthorized access to SMTP servers not only exposes private correspondence but also facilitates phishing, spam campaigns, and cyber-espionage.

Experts caution that widespread use of this method could result in increased phishing attacks, credential theft, and malware distribution. "Organizations and individuals must prioritize strengthening email security protocols, implementing strong authentication, and closely monitoring for unusual server activity," they advise.

Mitigating these risks requires consistent updates to security patches, enforcing multi-factor authentication, and using email encryption. The emergence of this dark web listing highlights the ongoing threats cybercriminals pose to critical communication systems.

As attackers continue to innovate, the cybersecurity community emphasizes vigilance and proactive defense strategies to safeguard sensitive information. This development underscores the urgent need for robust email security measures in the face of evolving cyber threats.
Read more »
Ransomware attack
8Base 8Base Ransomware corporate cyber attacks Cyber Attacks Dark Web Data Leak data security Ransomware attack

Nidec Corporation Ransomware Attack: Data Leak on Dark Web

 

In a recent disclosure, Nidec Corporation, a global leader in precision motors and automotive components, confirmed a significant data breach from a ransomware attack that occurred earlier this year. Hackers, after failing to extort the company, leaked stolen data on the dark web. This breach did not involve file encryption, but the stolen information has raised concerns for employees, contractors, and associates regarding potential phishing attacks. Nidec operates in over 40 countries and has an annual revenue exceeding $11 billion. 

The affected division, Nidec Precision, is based in Vietnam and specializes in manufacturing optical, electronic, and mechanical equipment for the photography industry. An internal investigation revealed that hackers accessed a server using stolen VPN credentials of a Nidec employee. This server contained sensitive documents, including business letters, purchase orders, invoices, health policies, and contracts. Over 50,000 files were compromised in the breach. The company responded by closing the entry point and implementing additional security measures as advised by cybersecurity experts. 

Employees are undergoing further training to reduce future risks, with Nidec notifying business partners who may have been affected. The attack was initially claimed by the 8BASE ransomware group in June, who alleged they stole personal data and a large volume of confidential information from Nidec’s systems. In July, the Everest ransomware group also published stolen data on the dark web, suggesting a connection to 8BASE and initiating a secondary extortion attempt. While Nidec has confirmed the authenticity of the stolen data, it downplayed the potential for direct financial damage to the company or its contractors. 

However, the company remains vigilant and continues to monitor for any unauthorized use of the information. This attack underlines the vulnerability of even the largest corporations to cybercriminals and the importance of robust security measures. As ransomware groups continue to evolve their tactics, companies like Nidec must ensure they are prepared to mitigate threats and protect their sensitive data. 

The Nidec breach is a stark reminder of the ongoing risks in today’s interconnected business environment. In response to this breach, Nidec has implemented stronger security protocols and is actively educating its workforce on how to mitigate cybersecurity risks moving forward.
Read more »
Penetration Testing
Automotive Industry connected technology Customer Data Cybersecurity Dark Web Data Breach Hyundai IoT. IPO Penetration Testing

Hyundai's IPO Documents Reveal Cybersecurity Measures Amid Rising Data Breach Concerns

 

Hyundai’s recent IPO filing sheds light on its cybersecurity stance, offering a detailed look at the obstacles the company has encountered while safeguarding customer data. The red herring prospectus of Hyundai Motor India Ltd (HMIL) not only assesses its financial standing but also exposes past cybersecurity breaches, outlining the company’s risk management strategies.

The IPO launch comes at a time when cybersecurity is a top priority for global businesses, especially in the automotive sector, which increasingly depends on connected technologies. Hyundai's documents disclose two significant data breaches—one in December 2022 and another in February 2023. In both cases, hackers exposed customer information on the dark web.

Hyundai IPO: Key Cybersecurity Disclosures

The first breach, in December 2022, resulted in customer data being leaked online. Following the attack, Hyundai implemented extensive penetration tests to detect vulnerabilities and managed to remove the stolen information from the dark web, according to Autocar Professional. After a second breach in February 2023, the company quickly disabled the vulnerable APIs hackers had used to exploit the system. Hyundai’s prospectus notes the persistent challenge of securing data against cyberattacks, emphasizing that while efforts have been made, the risk of future breaches remains. Hackers may still seek unauthorized access, potentially impacting vehicle operations and customer data, the document warns.

Recognizing these vulnerabilities is vital for investors, especially considering the legal risks the company could face if customer data is compromised. Hyundai has actively outlined its cybersecurity efforts, stressing that protecting customer information is a top priority for the company.

Hyundai’s Next Steps in Cybersecurity

Hyundai’s cybersecurity efforts include assembling a specialized team to manage vulnerabilities and monitor potential cyber threats continuously. This proactive approach is increasingly necessary as cyberattacks become more advanced, particularly with the rise of connected vehicles and IoT technologies.

The automaker adheres to both national and international cybersecurity standards, consistently updating its protocols to align with the evolving threat landscape. This commitment is not just about data protection; it reflects the company’s awareness that consumer trust is key to maintaining its brand reputation as it moves forward with its IPO.

With these cybersecurity incidents in mind, it’s clear that the automotive industry must stay alert in protecting sensitive data. For companies like Hyundai, which handle vast amounts of customer information, the threat of cyber exploitation remains a major concern.
Read more »
North Korea
Andariel APT45 Cyber Attacks Dark Web North Korea

Inside the Dark Web: How Andariel Targets U.S. Organizations

Inside the Dark Web: How Andariel Targets U.S. Organizations

The Andariel hacking group, a notorious entity linked to North Korea, has recently shifted its focus towards financially motivated attacks on U.S. organizations. This pivot, observed in August 2024, marks a significant change in the group's operational strategy, raising concerns among cybersecurity experts and organizations alike.

Background of Andariel

Andariel, considered a sub-cluster of the notorious Lazarus Group, is also known as APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (previously Plutonium), Operation Troy, Silent Chollima, and Stonefly. They’ve been active since at least 2009. 

Operating under North Korea's Reconnaissance General Bureau (RGB), Andariel is notorious for deploying ransomware strains like SHATTEREDGLASS and Maui, and developing custom backdoors such as Dtrack (aka Valefor and Preft), TigerRAT, Black RAT (aka ValidAlpha), Dora RAT, and LightHand.

They also use lesser-known tools like a data wiper called Jokra and an advanced implant named Prioxer for exchanging commands and data with a command-and-control (C2) server. 

In July 2024, a North Korean military intelligence operative from Andariel was indicted by the U.S. Department of Justice (DoJ) for ransomware attacks on healthcare facilities, using the proceeds to conduct further intrusions into defense, technology, and government sectors worldwide.

The Shift in Focus

Symantec, a leading cybersecurity firm, reported that Andariel's recent campaigns have targeted U.S. organizations across various sectors, including finance, healthcare, and retail. 

The group's tactics have evolved to include sophisticated phishing attacks, ransomware deployments, and exploitation of known vulnerabilities in widely used software. This shift is indicative of a broader trend where state-sponsored groups diversify their objectives to include financial motivations alongside traditional espionage.

Techniques and Tactics

Andariel's attack involves a combination of advanced persistent threats (APTs) and financially motivated cybercrime techniques. Some of the key tactics observed include:

1. Phishing Campaigns: Andariel has been leveraging highly targeted phishing emails to gain initial access to corporate networks. These emails often mimic legitimate communications and contain malicious attachments or links that deploy malware upon interaction.

2. Ransomware Attacks: The group has increasingly used ransomware to encrypt critical data and demand hefty ransoms in cryptocurrency. This tactic not only disrupts business operations but also provides a lucrative revenue stream.

3. Exploitation of Vulnerabilities: Andariel has been quick to exploit known vulnerabilities in popular software and systems. By targeting unpatched systems, they can gain unauthorized access and move laterally within networks to exfiltrate sensitive data.

4. Supply Chain Attacks: Another concerning tactic is the compromise of third-party vendors and suppliers to infiltrate larger organizations. This method allows Andariel to bypass direct defenses and gain access through trusted connections.

Read more »
Stolen Data
ALPHV/BlackCat Automotive Industry Cyber Attacks Dark Web Data Leak Ramsomware RansomHub RansomHub ransomware Stolen Data

Kawasaki Motors Europe Targeted by RansomHub Ransomware Attack

 

Kawasaki Motors Europe has been targeted by a ransomware attack orchestrated by the RansomHub gang, causing significant disruption to its services. The company, responsible for distributing and selling Kawasaki’s motorcycles across Europe, swiftly responded by isolating its servers to contain the threat. IT teams collaborated with external cybersecurity experts to analyze and cleanse systems of any lingering malware. Kawasaki aims to have 90% of its server infrastructure back online shortly, ensuring that business operations, including dealerships and supply chains, remain unaffected. 

The RansomHub group, a rising cybercriminal organization, claimed responsibility for the attack and added Kawasaki to its extortion portal on the dark web. According to the threat group, 487 GB of data was stolen, and they threatened to leak this information if their demands weren’t met. The data theft’s scope, particularly whether it includes sensitive customer details, remains unclear. Despite these developments, Kawasaki has not commented on the situation or responded to inquiries from cybersecurity analysts and reporters. 

RansomHub has gained significant traction in recent months, filling the void left by the now-defunct BlackCat/ALPHV ransomware operation. This has resulted in a surge of attacks against high-profile organizations, with RansomHub’s affiliates targeting critical sectors such as healthcare, retail, and manufacturing. The group’s growing notoriety was highlighted in a joint advisory issued by the FBI, CISA, and the Department of Health and Human Services, which reported over 200 victims of the ransomware group in the U.S. alone since February. The attack on Kawasaki emphasizes the evolving threat posed by ransomware groups and the importance of proactive cybersecurity measures. 

For businesses like Kawasaki, robust security protocols, regular updates, and swift incident response are critical in mitigating the risk of data breaches. The company’s efforts to cleanse infected servers highlight the importance of collaboration between internal IT teams and external cybersecurity experts in recovering from attacks. To protect against future breaches, organizations must invest in advanced threat detection technologies, ensure comprehensive patch management, and prioritize employee cybersecurity training. 

With cybercriminal groups like RansomHub becoming increasingly organized and opportunistic, adopting a layered defense strategy is vital for reducing exposure to such attacks. Kawasaki’s situation serves as a reminder of the growing challenges organizations face in safeguarding sensitive data from evolving cyber threats and the need for constant vigilance in a rapidly changing digital landscape.
Read more »
User Priavcy
Cyber Security Dark Web dark web threats data security Tor Browser US Goverment User Priavcy

Dark Web Revealed: The Hidden Internet’s Role in Cybercrime and Digital Privacy

 

The dark web, often shrouded in mystery and fear, is portrayed as a breeding ground for illicit activities and cybercrime. While this image is not entirely unfounded, the dark web’s origins and uses are more nuanced, with surprising ties to the United States government. The dark web represents a portion of the internet not indexed by traditional search engines, accessible only through specialized software such as the Tor Browser, short for The Onion Router. Unlike familiar domains ending in .com or .org, dark web addresses end in .onion, reflecting the layered encryption process that protects user anonymity. 

Tor, which was released to the public as an open-source project in October 2002, routes internet traffic through a series of volunteer-operated servers. This “onion” layering ensures that each relay only knows the previous and next step in the chain, but not the entire route, thus preserving the privacy of users. Interestingly, the dark web’s creation is linked to the U.S. Naval Research Laboratory in the mid-1990s. It was initially designed to secure online communications for U.S. intelligence agencies and military personnel, enabling them to transmit confidential information without revealing their identities or locations. 

Despite its government origins, the dark web has since evolved into a diverse ecosystem. While it is true that it harbors illegal marketplaces for drugs, stolen data, and other contraband, it also serves as a crucial tool for privacy advocates and journalists. Platforms like WikiLeaks and other whistleblowing sites use the dark web to share sensitive information without risking exposure. The U.S. government’s presence on the dark web remains strong, often employing the very technology it helped create to monitor criminal activities. Law enforcement agencies frequently set up “honeypots” – fake websites designed to catch criminals in the act. 

The closure of notorious drug markets like Silk Road and the arrest of its founder, Ross Ulbricht, in 2013, marked a significant victory for these operations. However, as one site is taken down, others often emerge to take its place, illustrating the persistent cat-and-mouse game between authorities and cybercriminals. However, the dark web’s reputation as a lawless zone is somewhat exaggerated. For many, it is a vital tool for escaping censorship and surveillance. In countries like Russia and China, where internet access is heavily restricted, the dark web offers a means to access banned information and communicate freely. 

Even mainstream entities like Facebook and The New York Times maintain dark web versions of their sites to ensure global accessibility. Despite its dark reputation, the dark web is not inherently illegal. In fact, it plays a crucial role in protecting online privacy and freedom. While criminals have exploited its anonymity, it also empowers individuals in repressive regimes to speak out against injustice, report on human rights abuses, and share critical information with the world. As cyber threats continue to evolve, so too does the dark web. 

It remains a double-edged sword – a refuge for both the world’s worst actors and its most vulnerable. Understanding its complexities and the balance between privacy and security is essential as the digital landscape continues to expand.
Read more »
Rhysida
Cyber Attacks Dark Web Double extortion Ransomware Rhysida

Hackers Steal 6 Terabytes Data, Sells on Dark Web

Hackers Steal 6 Terabytes Data, Sells on Dark Web

The City of Columbus faces a major cybersecurity threat due to a hacking group Rhysida’s claims of stealing a massive 6.5 terabytes of sensitive information. The data heist happened after a ransomware attack on July 18 that forced the city to close down various online operations. 

Ransomware attack 

Mayor Andrew Ginther acknowledged the attack but didn’t disclose the group and the type of data compromised, only saying the attack came from an ‘established and sophisticated threat actor operating overseas.” 

Although the IT department was able to stop the hackers from encrypting the data, the hackers still got the most of it. Claiming responsibility for the attack, Rhysida is auctioning the stolen data on a dark website for sale. 

Hackers ask for Bitcoin as ransom

The ransom demand is 30 Bitcoin, which comes to around $1.9 million. The data for sale includes databases and city video camera access. The hackers promise buyers full ownership, and reselling is not allowed. In earlier attacks, if Rhysida couldn't find a buyer, they just leaked the data publicly. 

The mayor’s office is currently mute about the ongoing investigation. However, they have taken measures to save impacted employees by providing Experian credit monitoring services. The safety step extends to the whole city, judge employees, and Franklin County Municipal Court clerk. 

The mayor stressed that the threat actors’ main goal was to churn out as much money as possible, and the city is improving its cybersecurity infrastructure to avoid future attacks.

Use of Double Extortion 

According to experts, Rhysdia’s action aligns with a strategy called “double extortion.” It suggests the threat actors extracted the sensitive data before starting the encryption process. Even after the city stopped the encryption, Rhysida may still have important data. However, experts also said that Rhysida has a history of exaggerating the volume of stolen data they have claimed.

At present, the city is working to limit the crisis, the Columbus city residents await more updates and hope for an answer that prevents their sensitive data. 

“Even before the auction, some city employees were already falling victim to compromised data. Brian Steel, president of the local branch of the Fraternal Order of Police, confirmed to NBC4 that at least 12 Columbus police officers had their bank accounts hacked. However, there’s no evidence to connect this as a direct symptom of Rhysida’s attack,” reports NBC4. 

Read more »
Stolen Data
Dark Web Data Breach data stealing Information Leak Phishing Attack PII Stolen Data

Massive Data Breach Exposes Personal Information of 2.9 Billion People Worldwide

 

No matter how cautious you are online, your personal data can still be vulnerable, as demonstrated by a recent data breach that exposed the information of 2.9 billion people. This alarming incident was brought to light as part of a class action lawsuit filed earlier this month. The lawsuit, submitted to the U.S. District Court for the Southern District of Florida, claims that the personal data, including full names, addresses, and Social Security Numbers, was compromised by a public records data provider named National Public Data, a company specializing in background checks and fraud prevention.  

The stolen data, which includes detailed personal information dating back 30 years, was taken by a cybercriminal group known as USDoD. According to the complaint, these hackers attempted to sell the vast collection of data on the dark web for $3.5 million. Given the enormous number of people affected, it is likely that the data includes individuals not only from the U.S. but from other countries as well. National Public Data allegedly obtained this massive amount of personal information through a process known as scraping, a technique used to collect data from websites and other online sources. The troubling aspect of this case is that the company reportedly scraped personally identifiable information (PII) from non-public sources, meaning many of the individuals affected did not voluntarily provide their data to the company. 

One of the plaintiffs, a California resident, became aware of the breach after receiving a notification from an identity theft protection service that his information had been leaked on the dark web. As part of the lawsuit, this plaintiff is seeking a court order for National Public Data to securely dispose of all the personal information it acquired through scraping. Additionally, the plaintiff is asking for financial compensation for himself and other victims, along with the implementation of stricter security measures by the company. In the wake of such a breach, the exposed data could be used by hackers to commit various forms of identity theft and fraud. While National Public Data has yet to issue a formal statement, it is likely that the company will be required to notify affected individuals of the breach. These notifications are expected to arrive by mail, so it is important to monitor your mailbox closely. 

Typically, companies responsible for data breaches offer affected individuals free identity theft protection or credit monitoring for a period of time. Until such services are offered, it is crucial to be vigilant in checking your emails and messages, as hackers may use the stolen data to conduct phishing attacks. Additionally, carefully monitoring your bank and financial accounts for any signs of unauthorized activity is recommended. 

This breach, which is nearly as significant as the 2013 Yahoo! breach that exposed the data of 3 billion people, is likely to have far-reaching consequences. Tom’s Guide has reached out to National Public Data for further information and will provide updates as the situation develops.
Read more »
User Privacy
Dark Web Data Breach Data Leak Personal Data User Data User Privacy

Dark Web Actor Claims Responsibility of ADT Data Breach

 

A dark web actor has claimed responsibility for a data breach affecting ADT, an American security company known for its residential and commercial alarm monitoring services. On August 1, 2024, an individual or group using the alias "netnsher" publicly admitted their role in this major breach. According to the threat actor's post, the ADT data leak compromised around 30,812 records, including nearly 30,400 unique email addresses. 

Numerous personal details, including email addresses, physical addresses, user IDs, and transaction histories, are included in the hacked data. Along with making these records public, the threat actor "netnsher" also provided a sample of the ADT breach's evidence.

The ADT data leak was first reported on July 31, 2024, and became public the next day. Notably, another data leak concerning ADT occurred earlier on July 8, 2024, when the threat actor identified as "Abu_Al_Sahrif" revealed internal ADT records from 2020 to 2023. 

It is unknown whether the new hack by "netnsher" used data from the earlier leak or was obtained in a different way. It is unknown whether the new hack by "netnsher" used data from the earlier leak or was obtained in a different way. The consequence of this ADT data breach is significant, given that ADT Inc. is a key participant in the security sector with a revenue of almost $5 billion. The disclosed documents contain sensitive information that, if exploited, could result in identity theft or phishing. 

The local media outlet contacted ADT Inc. for comment on the incident. In their response, ADT confirmed their knowledge of the occurrence, saying, "ADT is aware of this claim, and it is under investigation." The company is currently investigating every aspect of the breach and its impact on affected consumers.

This ADT breach comes after a string of similar instances using the threat actor "netnsher." On April 26, 2024, this TA was related to a new data breach accusation involving Kernel Finance, an Indian GST billing solution that allegedly exposed over 7,000 bank account details and other sensitive information. On the same day, "netnsher" disclosed critical access tokens and files from the Law Firm Banking Trustnota, showing their skills and possible threats, according to Constella Intelligence.
Read more »
Threat Landscape
CISOs Cyber Security Dark Web Healthcare Industry Threat Landscape

Dark Web Intel Underutilized by CISOs, Diminishing Healthcare Industry

 

The healthcare industry faces challenges in keeping up with the rapidly evolving healthcare cybersecurity landscape. This is due in part to CISOs failing to take use of dark web intelligence, which leaves the industry with a weaker cyber posture than other sectors. Only 57% of healthcare CISOs have included dark web intelligence in their plans, according to a Searchlight Cyber Report. 

Researchers highlighted that the dark web acts as a hub for cybercriminal activity, with marketplaces for buying and selling malware, exploits, and stolen data. It also provides a forum for threat actors to share skills and discuss strategies. Furthermore, criminals use the dark web to host ransomware leak sites, threatening to reveal stolen data unless a ransom is paid. 

Collecting threat intelligence, pre-attack intelligence, and data from the dark web can help many organisations enhance their cybersecurity posture. This method, known as the "pre-attack phase," allows businesses to detect and mitigate cybersecurity risks before they enter their network. 

A poll titled "Proactive Defence: How Enterprises Are Using Dark Web Intelligence," performed between November 18, 2022, and January 16, 2023, gathered responses from 1,008 CISOs representing large enterprises with revenue in excess of $200 million and more than 2,000 employees. 

While the financial sector leads in the adoption of dark web intelligence, with 85 percent of organisations acquiring it, the healthcare industry lags behind. According to survey results, healthcare CISOs are 20 percentage points behind other industries in gathering data from the dark web, which is harming their cybersecurity posture. Most CISOs in the United States are confident in their ability to comprehend their adversaries' profiles. 

Specifically, 85 percent of US CISOs expressed confidence, while 80 percent of US firms reported acquiring threat intelligence. While researchers see this high level of dark web data awareness and uptake as promising, significant sector differences persist. The healthcare sector has demonstrated a lack of confidence in knowing the profiles of potential adversaries.

Researchers identified that, compared to the industry average of 77 percent, just 60 percent of healthcare CISOs feel confident in understanding their adversaries’ characteristics. A lack of awareness of data intelligence can limit their ability to detect and neutralise legitimate threats before they enter the network. 

In contrast, industries such as manufacturing, financial services, and professional services report higher security postures. Because of increased use of threat intelligence and dark web monitoring, these industries are more confident in recognising and responding to possible threats. 

Every week, millions of dollars in ransoms and protected health information (PHI) are stolen from secure systems and made available on the dark web. This regrettable pattern reveals the tragic fate of many exfiltrated patient data records, emphasising the critical need for the healthcare industry to address its security vulnerabilities and knowledge gaps.
Read more »
Vulnerabilities and Exploits
Account security Account Takeover BreachForums Dark Web Data Safety GitHub NPM Vulnerabilities and Exploits

Critical npm Account Takeover Vulnerability Sold on Dark Web

 

A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337 claims this exploit can enable attackers to hijack npm accounts linked to specific employees within organizations. 

The method involves embedding undetectable backdoors into npm packages used by these employees, potentially compromising numerous devices upon updates. This exploit could have widespread implications for organizational security. Instead of sharing a proof of concept (PoC) publicly, Alderson1337 has invited interested buyers to contact him privately, aiming to maintain the exploit’s confidentiality and exclusivity. If executed successfully, this npm exploit could inject backdoors into npm packages, leading to extensive device compromise. 

However, npm has not yet issued an official statement, leaving the claims unverified. The incident primarily impacts npm Inc., with npmjs.com being the related website. While the potential repercussions are global, the specific industry impact remains undefined. Account takeover (ATO) vulnerabilities represent severe risks where cybercriminals gain unauthorized access to online accounts by exploiting stolen credentials. These credentials are often obtained through social engineering, data breaches, or phishing attacks. 

Once acquired, attackers use automated bots to test these credentials across various platforms, including travel, retail, finance, eCommerce, and social media sites. Users’ reluctance to update passwords and reusing them across different platforms increase the risk of credential stuffing and brute force attacks. Such practices allow attackers to access accounts, potentially leading to identity theft, financial fraud, or misuse of personal information. To mitigate ATO attack risks, experts recommend adopting strong password management practices, including using unique, complex passwords for each account and enabling two-factor authentication (2FA) wherever possible. Regular monitoring for unauthorized account activities and promptly responding to suspicious login attempts are also crucial for maintaining account security. 

While Alderson1337’s claims await verification, this incident underscores the ongoing challenges posed by account takeover vulnerabilities in today’s interconnected digital landscape. Vigilance and collaboration across the cybersecurity community are essential to mitigating these threats and preserving the integrity of online platforms and services.
Read more »
VPNS
Dark Web Email address email masking NordVPN Privacy Spam VPNS

Why You Should Mask Your Email Address


 

In today's digital age, entering your real email address into a website is a risky move. It's all too common for websites to sell your information to data brokers, who then use it for marketing, targeted ads, or even reselling. To safeguard your privacy and security, masking your email address has become a crucial practice.

Email masking is essential not just for avoiding spam but also for protecting your personal information from falling into the wrong hands. If your email address is leaked in a data breach, it could end up on the dark web, accessible to scammers and cybercriminals. These malicious actors store your data in databases for use in scams and hacking attempts. Additionally, there have been instances where government bodies have purchased data broker information for surveillance purposes.

By using masked emails when signing up for services and accounts, you can prevent your details from being leaked. A masked email can be discarded with a single click, rendering it useless to scammers. This proactive measure significantly reduces your risk of being targeted by cyber threats.

Easy Solutions for Email Masking

For those looking to enhance their privacy effortlessly, two services stand out: NordVPN and Surfshark. These VPN providers offer more than just secure internet connections; they also provide simple and effective email masking solutions.

NordVPN integrates email masking with its built-in password manager, NordPass. This service is user-friendly, offering fast speeds and excellent content unblocking capabilities. Priced at $3.39 per month for a two-year plan, NordVPN delivers great value and a range of privacy tools. Plus, it comes with a 30-day money-back guarantee, allowing you to try it risk-free.

Surfshark is another excellent choice, especially for those on a budget. It not only masks your email but also offers phone number masking for users in the US, with plans to expand this feature to other regions. Known for its speed and effectiveness in streaming, Surfshark provides a high-quality VPN service with a 30-day money-back guarantee. This allows you to test the service before committing.

Using a VPN like NordVPN or Surfshark offers several other benefits. These services protect your devices from hackers, enable you to stream content from abroad, and block ads and malware. The comprehensive protection offered by VPNs makes them a valuable tool for maintaining online privacy and security.


Taking Privacy Further with Incogni

For those looking to take their privacy a step further, Incogni is a useful tool. It actively removes your information from data brokers, reducing the chances of being targeted by aggressive marketing and advertisers. Bundling Incogni with a Surfshark subscription can be a cost-effective way to enhance your privacy defences.

Keeping your email address private is a simple yet powerful way to protect yourself from unwanted spam and cyber threats. By utilising services like NordVPN and Surfshark for email masking, and tools like Incogni for data removal, you can enjoy a more secure and private online experience.


Read more »
Subscribe to: Posts (Atom)