Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations,

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed « Operation Cookie Monster, » resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI’s warrant here for details specific to this case. In light of these events, I’d like to discuss how OSINT

,

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed « Operation Cookie Monster, » resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI’s warrant here for details specific to this case. In light of these events, I’d like to discuss how OSINT

, ,
https://thehackernews.com/2023/07/exploring-dark-side-osint-tools-and.html

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation,

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks.
The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue.
« By abusing the flaw and enabling

,

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks.
The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue.
« By abusing the flaw and enabling

, ,
https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html

U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage,

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and « threatening the privacy and security of individuals and organizations worldwide. »
This includes the companies’ corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece

,

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and « threatening the privacy and security of individuals and organizations worldwide. »
This includes the companies’ corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece

, ,
https://thehackernews.com/2023/07/us-government-blacklists-cytrox-and.html

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway,

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild.
Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions –

NetScaler ADC and NetScaler Gateway 13.1

,

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild.
Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions –

NetScaler ADC and NetScaler Gateway 13.1

, ,
https://thehackernews.com/2023/07/zero-day-attacks-exploited-critical.html

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware,

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that’s commonly associated with Chinese hacking crews.
Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and

,

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that’s commonly associated with Chinese hacking crews.
Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and

, ,
https://thehackernews.com/2023/07/pakistani-entities-targeted-in.html

VirusTotal Data Leak Exposes Some Registered Customers’ Details

VirusTotal Data Leak Exposes Some Registered Customers’ Details

,

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.
The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Launched in 2004, VirusTotal is a

,

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.
The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.
Launched in 2004, VirusTotal is a

, ,
https://thehackernews.com/2023/07/virustotal-data-leak-exposes-some.html

Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground

Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground,

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web.
Stolen ChatGPT

,

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web.
Stolen ChatGPT

, ,
https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html

FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks

FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks,

The financially motivated threat actor known as FIN8 has been observed using a « revamped » version of a backdoor called Sardonic to deliver the BlackCat ransomware.
According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in

,

The financially motivated threat actor known as FIN8 has been observed using a « revamped » version of a backdoor called Sardonic to deliver the BlackCat ransomware.
According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in

, ,
https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges,

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device

,

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images.
The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was formally charged in the U.S. with conspiracy to commit access device

, ,
https://thehackernews.com/2023/07/owner-of-breachforums-pleads-guilty-to.html

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites,

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

,

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign.
The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

, ,
https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html