Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Accounts Hacked. Show all posts
User Accounts Hacked
Cyber Attacks CyberCriminal data security Hacker attack Linux Malwares ToolKit User Accounts Hacked

Comprehensive Hacker Toolkit Uncovered: A Deep Dive into Advanced Cyberattack Tools

 

Cybersecurity researchers have recently uncovered a vast and sophisticated hacker toolkit that provides a comprehensive suite of tools for executing and maintaining cyberattacks. Found in an open directory in December 2023, the discovery offers a rare glimpse into the methodologies and tools employed by modern cybercriminals. The toolkit includes a range of batch scripts and malware targeting both Windows and Linux systems, showcasing the attackers’ ability to compromise systems, maintain long-term control, and exfiltrate data.  

Among the most significant tools identified were PoshC2 and Sliver, two well-known command and control (C2) frameworks. Although these open-source tools are typically used by penetration testers and red teams to simulate attacks and test security, they have been repurposed by threat actors for malicious purposes. The presence of these frameworks within the toolkit indicates the attackers’ intent to establish persistent remote access to compromised systems, allowing them to conduct further operations undetected. In addition to these frameworks, the toolkit contained several custom batch scripts designed to evade detection and manipulate system settings. 

Scripts such as atera_del.bat and atera_del2.bat were specifically crafted to remove Atera remote management agents, thereby eliminating traces of legitimate administrative tools. Other scripts, like backup.bat and delbackup.bat, were aimed at deleting system backups and shadow copies, a common tactic employed in ransomware attacks to prevent data recovery. Researchers from DFIR Report also noted the presence of clearlog.bat, a script capable of erasing Windows event logs and removing evidence of Remote Desktop Protocol (RDP) usage. This highlights the attackers’ emphasis on covering their tracks and minimizing the chances of detection. 

Additionally, the toolkit included more specialized tools such as cmd.cmd, which disables User Account Control and modifies registry settings, and def1.bat and defendermalwar.bat, which disable Windows Defender and uninstall Malwarebytes. The discovery of this hacker toolkit underscores the growing sophistication of cyberattacks and the need for organizations to adopt robust cybersecurity measures. With tools designed to disable critical services, delete backups, and evade antivirus software, the toolkit serves as a stark reminder of the evolving threat landscape. 

Cybersecurity experts advise organizations to implement comprehensive security strategies, including regular system updates, employee training, and advanced threat detection systems, to protect against such sophisticated attack toolkits. The presence of tools like Sliver and PoshC2 within the toolkit suggests that these servers were likely used in ransomware intrusion activities. Many of the scripts found attempted to stop services, delete backups and shadow copies, and disable or remove antivirus software, further supporting this theory. 

As cyber threats continue to evolve, the discovery of this toolkit provides valuable insights into the methods and tools employed by modern cybercriminals. Organizations must remain vigilant and proactive in their cybersecurity efforts to protect against the increasingly sophisticated tactics used by threat actors.
Read more »
User Security
Gaming Hacking Nintendo hacking User Accounts Hacked User Data User Security

Nintendo Confirms Around 160,000 User Accounts Affected in Recent Hacks


On Friday, the Japanese gaming giant, Nintendo confirms that around 160,000 user accounts of Nintendo Switch users have been affected in the recent hacking attempts.

Nintendo's Switch game console is immensely popular among avid gamers and its demand has risen dramatically amid the lockdown forced by COVID-19 pandemic, making it out of stock almost everywhere. As the number of people turning to Nintendo is rapidly increasing, the number of hackers targeting digital accounts has also increased as a result.

In the wake of the breach, Nintendo has disabled the option of logging into a Nintendo account via Nintendo Network ID (NNID)– login IDs and passwords of the users have been acquired in an unauthentic way by some means other than Nintendo's service, the company confirmed. Notably, these attempts to access accounts illegally have been made since the beginning of April. The information compromised during the breach includes usernames, DOB, email addresses, and country.

The company has notified all the affected users of the breach through an email, alerting them to reset their passwords.
Meanwhile, the company also warned the users in case they have used a common password for their NNID and Nintendo account, and said, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

The company further recommended the users to enable two-factor authentication as some accounts are already being used to make fraudulent purchases. Affected users are advised to contact Nintendo so that the company can examine their purchase history and cancel fraudulent purchases.

"We will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorization," the company said.

While apologizing to the customers, Nintendo said, "We sincerely apologize for any inconvenience caused and concern to our customers and related parties,"

"In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur." the company added.
Read more »
Websites Hacked
Cyber Security Cyberhacking Ixigo User Accounts Hacked Websites Hacked

Websites Including Ixigo Hacked, Leaving 127 Million Accounts Exposed For Sale






Over 127 million accounts were broken into from around 8 separate websites. This is the doing of a hacker who’d stolen records of 620 million people before.

The travel booking site “Ixigo” seems to be one of the major victims from which records were stolen.

Allegedly, these infamous records include the users’ names, email addresses, passwords and other personal details.

According to a research, 18 million user records were wrested from Ixigo and around 40 million were stolen from YouNow which is a live-video streaming site.

1.8 million accounts were wrested from Ge.tt and 57 million records were snatched off from Houzz.

Hakcer’s listings showed that an antiquated “MD5” hashing algorithm was applied to “scramble” passwords which are otherwise easy to “unscramble”.

It was claimed by the hacker themselves that they had user records from mainstream sites like MyFitnessPal and Animoto with declaring number of records to be 151 million and 25 million respectively.

Bitcoin currency of $20,000 could now be used in exchange for databases which make life easier for hackers, from the Dream Market cyber-souk in the Tor network.

The price is pretty hacker-pocket friendly. The major target audience for the deal seem to be spammers and credential stuffers.

These credentials could further be used to hack into other sites and wrest other user details.

The victimized websites have started alerting their users about the hazard and it would only be fit for the users to stay vigilant about it all.

Read more »
User Accounts Hacked
Dark Web Hacking User Accounts Hacked

617 Million Account Details Put On Sale on the Dark Web


Account Details of approximately 617 million accounts including information details, like names of account holders, their passwords and their email address have been put on sale by hackers on the dark web. 16 websites including some well-known ones, like Dubsmash, MyFitnessPal and ShareThis have been a target.

Although there have been no reports of any financial data like the credit card details or banking passwords being undermined however there is a threat of the location data, the social authentication keys and the personal data of the users of being on sale.

A report by The Register, a British technology news and opinion website, states that "The above mentioned information is available for less than $20,000 in Bitcoin.”

Now, while some of the previously mentioned sites, as Animoto, MyHeritage and MyFitnessPal, knew about the security ruptures on their platforms and had already informed their users already about the issue, however the breaches reported on some other sites were new thus they haven't been accounted for beforehand.

Both 500px and EyeEm have taken appropriate measures and informed their users about the break all the while requesting them to change their passwords, as a prudent step.

The list of websites affected by the hack include: Dubsmash (162 million accounts), MyFitnessPal (151 million accounts), ShareThis (41 million accounts), Animoto (25 million accounts), MyHeritage (92 million accounts), 500px (15 million accounts), Artsy (1 million accounts), Armor Games (11 million accounts), BookMate (8 million accounts), Whitepages (18 million accounts), EyeEm (22 million accounts), 8fit (20 million accounts), HauteLook (28 million accounts) and Fotolog (16 million accounts).

Read more »
Subscribe to: Posts (Atom)