Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Database Dumped. Show all posts
Russian Cyber Security
Data Breach Data Leakage Database Dumped Russia Russian Cyber Security

The source code of the Public Services Portal of the Russian Federation was made publicly available

On December 25, a publication appeared on the Cybersec hacker website, in which the author posted the source code of Public Services Portal in open access. According to him, the data was downloaded from resources from mos.ru subdomains.

The author of Cybersec discovered an open repository containing the source code of Public Services Portal in the format.git and unencrypted. In addition to the source code, the leak contains ESIA certificates that can be used to hack accounts.

After studying the code, it turned out that the Public Services Portal was created on the Bitrix engine, and the ESIA authorization system was based on OpenID. The author noted that his study will help to find other vulnerabilities of the system and close them or wrap them in his side and steal user data.

Also in the article, the author said that before publication he turned to the administration of Public Services Portal to tell about the data leak. However, they only asked him for a detailed description of the leak and its confirmation, and after that they stopped responding at all.

The head of the analytical center specializing in information security, Zecurion, Vladimir Ulyanov, said that most likely the fault is the usual human factor. In such cases, it is always either someone simply made a mistake due to lack of competence or carelessness and allowed the code to be disclosed, or it is a deliberate leak of information from those who have access to the source code.

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that user data did not get into the Network. However, it cannot be ruled out that the compromised code will allow attackers to gain access to them in the future.

 

Read more »
Database Dumped
Darkweb Data Breach Database Breach Database Dumped

The number of Russian bank card sales on the darknet will decline, says Group-IB

Group-IB found out that carding is losing its appeal to cybercriminals. At the same time, sales of magnetic stripe content of bank cards and text data of bank cards decreased in Russia and the CIS, while the market for such data grew worldwide.

According to Hi-Tech Crime Trends Group-IB, the volume of the shadow carding market in Russia and the CIS has decreased by 77%. The number of bank card data posted for sale on the darknet and attributed to banks in Russia and the CIS decreased by 60%.

The market for text data of bank cards (number, expiration date, holder name, address, CVV) decreased by 44%.

A similar trend is typical for the global carding market: its volume decreased by 26%. Group-IB attributed this trend to a decrease in dump sales due to the closure of the largest cardshop Joker's Stash.

At the same time, in the global market, the amount of text data of bank cards in the shadow market increased by 36%.

Group-IB believes that the increase in the number of sold text data is associated with the increase in phishing during the pandemic. The company expects that the number of sales of bank cards will continue to gradually decline.

According to his experts, the activity of skimmers and online stores on the proliferation of these cards in Russia is declining. This is due to the development of banks, for example, introducing systems such as 3-D Secure. Moreover, such protection systems are not widespread in the world. This explains that the market for text data of bank cards has grown worldwide, while in Russia it has decreased.

Experts add that the share of Russian-language messages is growing on shadow forums: in order to minimize personal risks, hackers are trying to steal payment data from customers in other countries, which negatively affects global statistics.

Read more »
Russian Hackers
Data Breach Database Dumped Russian Cyber Security Russian Hackers

Footage from thousands of hacked CCTV cameras sold online in Russia

Thousands of private CCTV cameras have been hacked in Russia, said Igor Bederov, head of the Information and Analytical Research department at T.Hunter. According to him, many of these devices are located in hotels, massage rooms, salons where intimate haircuts and depilation are done.

This is evidenced by the fact that there are many Telegram channels, VK publics and forums on the Web, where they sell access to hacked cameras or videos from them.

One of these channels published an advertisement for the sale of access to video from more than 300 cameras from other people's bedrooms, washrooms, medical offices, salons, changing rooms. Price — 600 rubles ($8). Thousands of screenshots from such cameras have been published as advertisements on the channel: one shows a naked woman on a massage table, the other shows a man doing intimate depilation.

“Owners of hotels, beauty salons and other types of businesses put cameras in their premises for security purposes. Often such cameras are located directly in the rooms or offices where intimate services are carried out. At the same time, they are not always properly protected,” Igor Bederov explained the reason for such leaks.

According to open sources, vulnerable cameras are located all over the world. Accesses are often sold by subscription. But this is not the only way to monetize hacked devices. For example, recently the media wrote about the sale of an archive of video from surveillance cameras in Russian hotels and saunas for 15 TB.

Experts said that in some cases such frames are used to blackmail the heroes of the video or the owners of the cameras. Various services are often used to identify people from photos. If people are not identified, hackers can always find the organization where these cameras are installed by metadata.

Oleg Bakhtadze-Karnaukhov, an independent researcher on the darknet, claims that most often attackers hack cameras with network port 37777.

It is very easy to protect the device at the same time — just change the factory settings. However, according to expert, this basic rule is often ignored.


Read more »
VPN
Data Breach Database Dumped Database Leaked VPN

Data of more than 45 million users of VPN services appeared on the web

Data from 45.5 million users of FreeVPN[.]org and DashVPN[.]io services appeared on the shadow forums. The data was left on an unsecured MongoDB database management system server. Both services belong to the international company ActMobile Networks with headquarters in the USA, only 795.7 thousand records belong to Russia. According to the company's website, more than 75 million people worldwide have used their VPN services.

The database contains user email addresses, encrypted passwords, registration dates, profile updates and last login. The authors of the channel specify that the database stores data from 2017 to 2021.

Information leaks through such services are happening more and more often, previously mobile application data with free VPN GeckoVPN, SuperVPN and ChatVPN appeared on the network, a total of 21 million people were affected.

Before that, in July 2020, the data of more than 20 million users of similar applications UFO VPN, Secure VPN and others were leaked. Experts immediately drew attention to the fact that free mobile VPN services are unsafe, and fraudsters who bought the database can use the data for phishing and hacker attacks.

Experts believe that if a person uses a free service, he should understand that, most likely, he is the product himself. Such companies collect and repeatedly resell information about which sites the user visits, what he is interested in, what purchases he makes. Alexander Dvinskikh, an information security expert at the Krok IT company, is sure that in addition, VPN applications retain information about e-mail and IP addresses of users, which allow identifying directly the owner of this data.

He added that the publicly available information from VPN services can help the special services in investigating cyber incidents in which those who use these services in illegal actions on the Internet were noticed.

Read more »
Russia
Data Leakage Database Dumped Moscow Moscow Cyber Security Russia

Experts reported a possible data leak from the Mosgortrans website

According to their data, more than 1,000 phone numbers with names and more than 30,000 email addresses could have been leaked into the network.

Files containing names, email addresses, phone numbers, as well as usernames and passwords of the Mosgortrans (a state-owned company operating bus and electrical bus networks in Moscow and Moscow region) website users were publicly available. In total, the hacker posted about 1.1 thousand phone numbers and 31 thousand email addresses on the Internet.

The fact that the data appeared on the Network was reported by the Telegram channel “Information Leaks” on Thursday, October 14.

A representative of Kaspersky Lab confirmed that the company's employees found a message on one of the forums about a data leak, which presumably relates to the Mosgortrans website.

“According to a post on the forum, among the leaked data there are a number of configuration files: group, hosts, motd, my.cnf, networks, passwd, protocols, services, sshd_config, as well as files containing presumably user data: mails.txt , mostrans_admins.txt , Names.txt , phones.txt ", reported in the company.

Alexander Dvoryansky, Communications Director of Infosecurity, said that the company has not yet been able to confirm the authenticity of the database. But if the database is still real, the attackers can use the received data for phishing and targeted advertising.

It is noted that there is no possibility to create a personal account on the Mosgortrans website, where users could specify personal data, but there is a feedback form.

The company itself denies the fact of data leakage. “The published documents contain the standard contact information of employees, which is available in any bus depot, branch and office. In fact, this is a phone book, and most of the information is outdated. There was no hacking of the website and the internal database, this was already checked by our IT -specialists“, said the representative of the company.

Read more »
Russian Cyber Security
Data Breach Database Dumped Database Leaked Russia Russian Cyber Security

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Read more »
Russian Cyber Security
Data Breach Data Exposure Database Dumped Moscow Russia Russian Cyber Security

Personal data of one million Moscow car owners were put up for sale on the Internet


On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.
Read more »
hacker news
Bank Hacking Darknet Darkweb Data Breach Database Dumped hacker news

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.
Read more »
Subscribe to: Posts (Atom)