Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Cloudfare CAPTCHA Page Tricks Users Into Downloading Malware

An advanced but simple phishing tactic is being distributed, it deploys fake Cloudflare CAPTCHA pages to target users with malware.  A recen...

All the recent news you need to know
Scams
Cyber Security data security Fake messages Fradulent Transactions Frauds Identity Theft Scammers Scams

DVLA Scams Target Thousands of UK Drivers with Fake Fines, Car Deals, and Fraudulent Fees

 

A surge in vehicle-related scams across the UK has left thousands of drivers out of pocket, with fraudulent activity disguised as legitimate DVLA communications. In 2023 alone, nearly 20,000 motorists were tricked by fake car tax messages, insurance schemes, and misleading parking fines, according to recent findings. These scams, often presented with a false sense of urgency, have affected drivers of all ages. 

Young drivers between 25 and 34 years old have been found to be prime targets for these scams, particularly for fraudulent vehicle listings and bogus insurance offers. Older motorists, meanwhile, are increasingly falling victim to fake parking fine notices designed to appear official and urgent. 

The scammers’ tactics often involve pressuring the recipient to pay immediately to avoid penalties, leading many to act before verifying the source. John Wilmot, CEO of car leasing comparison platform LeaseLoco, warned that this psychological pressure is what makes these scams so effective. Many people, he explained, rush to settle fines or fees without confirming whether the request is genuine. 

He stressed that official agencies like the DVLA never ask for payments or personal data through text messages or emails. To avoid becoming a victim, Wilmot recommends ignoring any suspicious digital messages and visiting the DVLA’s website only through the official GOV.UK portal. This small precaution could save drivers from significant financial losses and identity theft. 

One notable scam gaining traction involves tampered QR code stickers placed on parking meters, leading users to counterfeit payment websites. Drivers are urged to use only trusted mobile apps like PayByPhone or RingGo for transactions. In most UK cities, councils do not use QR codes for parking payments, further raising suspicion when encountered. 

Online used car scams have also seen a sharp rise. Fraudsters post listings with unrealistically low prices, request payments up front, and then vanish. Victims are lured in by deals that seem too good to be true. Authorities advise never transferring money before viewing a vehicle in person and checking the car’s history via government platforms. 

Scammers have also taken advantage of electronic tolling systems by sending drivers fake notifications for unpaid toll or congestion charges. These messages often include phishing links disguised as urgent payment portals, which can steal both money and sensitive information. 

As digital communication becomes a common part of motoring administration, drivers must stay alert. Verifying the source of any unexpected payment request is essential in avoiding fraud and safeguarding personal data.
Read more »
Ticketmaster
Cyberattacks CyberCrime Cybersecurity CyberThreat data threat Stolen Customer Data Ticketmaster

Stolen Customer Data from Ticketmaster Incident Resurfaces Online

 


Ticketmaster, one of the most prominent ticketing companies in the world, suffered a high-profile cyber-attack in May 2024 that affected the entire digital infrastructure of the company. The incident resulted in the unauthorised exposure of vast amounts of customer data, including personal information and payment details, placing millions of people at risk of harm. There was no doubt that security experts had linked the breach to ShinyHunters, a notorious hacker group known for its involvement in several large-scale data breaches, as well as ransomware attacks. 

Initial investigations suggest that the attackers may have exploited vulnerabilities in cloud-based systems, which reflects the increasing trend for cybercriminals to target third-party platforms and storage systems. Public and regulatory scrutiny has increased as a result of the breach, drawing attention to the increasing frequency and sophistication of cyberattacks on major consumer-facing platforms. 

Ticketmaster's breach serves as a stark warning of the vulnerabilities still present in today's cloud-based digital landscape, as forensic analysis continues and containment efforts are made. This emphasises the need for comprehensive cybersecurity practices and proactive risk mitigation strategies, which are imperative to the success of businesses. As the cybersecurity community went into the weekend, renewed concerns erupted over the claims of a relatively new threat actor operating under the name Arkana Security, which raised alarming concerns. 

Ticketmaster data that was claimed to have just been stolen by a group known as extortion-focused group was reportedly listed on its dark web leak site for sale at over 569 gigabytes, which they claim was newly stolen data. This post, accompanied by screenshots showing internal file directories and database structures, immediately sparked speculation that another large-scale attack had compromised the systems of one of the world's most prominent ticketing platforms, as shown in the screenshots. 

It has been revealed that this misinformation campaign was a deliberate act of misinformation that led to the operation being uncovered. It turns out that cyber analysts have confirmed what initial fears of the public were that the data which is being circulated is not the result of a fresh compromise, but rather is a repackaged version of the same set of data which was exfiltrated during the large-scale attacks of 2024 Snowflake based on credentials.

Previously, these breaches were connected to the notorious ShinyHunters hacking group, which was known for orchestrating numerous coordinated attacks across multiple organisations by utilising weak or poorly managed cloud access credentials to re-activate and monetise previously leaked material.

By misleading potential buyers and reigniting public concern, Arkana Security appears to be trying to revive and monetise previously leaked material. Moreover, this development confirms that public data breaches certainly have a long-tail impact. This also supports the argument that cyber extortion groups are increasingly relying on disinformation and rebranding to prolong the shelf life of stolen assets, thereby making public the fact that data breaches are having a long-tail impact. 

As part of an official statement released by Ticketmaster, it was confirmed that an unauthorised user had accessed a cloud database hosted by a third-party data services provider in an attempt to gain access to it. According to the document submitted to the Maine Attorney General's office, the incident is described as an external system breach, which is explicitly defined as a hacking incident. Following their investigations into Ticketmaster's data, cybersecurity experts determined that Snowflake, a cloud-based data warehouse company that was hosting the data at the time of the intrusion, was the third-party provider responsible for hosting the data. 

The attackers, according to analysts, obtained access by using stolen Snowflake account credentials, which allowed them to access the Ticketmaster database laterally through the platform. These findings suggest that Snowflake's environment may have been compromised; however, Snowflake firmly denied that any platform-level vulnerabilities or misconfigurations led to the breach, asserting that the breach was not due to any weaknesses within its infrastructure. 

Ticketmaster suffered widespread damage from the incident that went well beyond the technical compromise, causing widespread damage across a wide range of aspects of its operations. Financial Repercussions Although the company has not released a public accounting of the financial impact, similar high-profile breaches in the past have shown that significant losses could result. Equifax's 2017 breach, which involved hundreds of millions of users, resulted in a historic $575 million settlement that was the result of similar legal proceedings and regulatory scrutiny, especially given the size and sensitivity of the breached data. 

As a comparison to Equifax's 2017 breach, Ticketmaster's costs could be comparable. Reputational Harm. With Ticketmaster's brand reputation being damaged by this breach, Ticketmaster suffered substantial damage to its brand image. In the aftermath of that breach, the media began to focus on it, sparking a public debate about how such a dominant player in the digital entertainment ecosystem could be so vulnerable. Legal Consequences. 

It was the affected consumers who initiated the class action lawsuit against Ticketmaster and Live Nation Entertainment Inc. after the breach occurred. There is a lawsuit claiming that Ticketmaster did not adopt and implement adequate cybersecurity measures, thereby not fulfilling its duty to protect customer information. According to legal experts, this case could set a precedent in cloud-related breaches involving third-party providers in which responsibility can be given to third parties. Employee Impact.

The breach has not been discussed in public by any Ticketmaster employees, but indirect indicators provide insight into internal sentiment. According to Glassdoor, with over a thousand reviews, the company holds an average rating of 3.9 out of 5, with 83% of employees indicating that they would recommend it to their friends if they were able to find out what was going on. Customer Fallout. In today's interconnected digital environment, where cyberattacks have a wide range of impacts, this multifaceted fallout illustrates just how widespread the consequences of a cyberattack are, where a single breach can impact users, employees, legal entities, and even public trust as a whole. 

As the Ticketmaster breach has grown in importance over the past several years, it has been connected to a wave of coordinated cyberattacks connected with the Snowflake credential compromise incident, which occurred in 2024. As a result of the series of intrusions, a wide range of high-profile organisations, including Santander, AT&T, Neiman Marcus, Advance Auto Parts, Pure Storage, Cylance, and even the Los Angeles Unified School District, were all affected.

There was a well-known cybercriminal organisation called ShinyHunters at the centre of these attacks, a well-known cybercriminal organisation with a long history of obtaining and utilising stolen data to make money for its own. In the investigation that followed, it was discovered that Snowflake, one of the most popular cloud data warehousing services available, was compromised with the credentials used to launch these attacks. 

Once these credentials had been acquired, they could be used to access cloud environments and exfiltrate large volumes of sensitive corporate data from unprotected or poorly monitored endpoints, which had been exploited by infostealer malware. Several ransoms were demanded from victims for the theft of their confidential information, forcing them to choose between paying ransoms or revealing their private information to the public. A high-profile and widely extorted entity was Ticketmaster out of all those that had been affected.

There was unauthorised access gained by the attackers to databases that contained personal user information as well as ticketing records, which were listed on underground forums shortly after being accessed by the attackers. Ticketmaster took action to rectify the situation in late May 2024, and by data protection regulations, they notified affected customers of the breach. 

In order to increase pressure and maximise attention, the attackers published what they alleged to be "print-at-home" tickets, which allegedly included tickets associated with Taylor Swift concerts. This was a move that was clearly intended to arouse public interest and exert reputational pressure upon the attackers. In spite of Arkana Security, a relatively new group in the cyber extortion space, later surfacing with claims that it had fresh data from Ticketmaster, forensic analysis quickly uncovered inconsistencies despite the claim. 

In the file names and metadata, Arkana made reference to earlier leaks associated with ShinyHunters, suggesting that they repackaged and attempted to resell previously stolen data under the guise of a new breach, which is a sign that Arkana was trying to resell stolen data. The exact nature of Arkana’s involvement remains unclear. As far as I know, there is no way to tell whether the group acquired the data by purchasing it previously, whether they are acting as intermediaries for ShinyHunters, or if they are acting as part of the original threat operation, using a new alias. 

Whatever the role of the cybercriminals involved in the situation is, they remain a persistent and ever-evolving threat to the cyber community because they constantly recycle stolen information in order to reap the rewards of their efforts. Additionally, this reflects a broader trend where cybercriminals thrive on misinformation, duplication of data, and psychological manipulations aimed at both potential victims as well as buyers. 

In light of the Ticketmaster incident as well as the broader Snowflake-linked cyberattacks, it is imperative that organizations reevaluate their security posture concerning their cloud-based ecosystems and third-party services integrations in light of the Ticketmaster incident. It is important to realise that even industry giants are susceptible to persistent and well-planned cyber attacks, which have been demonstrated by this breach. 

As threat actors become more proficient at repackaging stolen data, leveraging digital supply chains to intensify extortion, and utilising misinformation to intensify extortion, businesses have to go beyond reactive containment as they become more agile. There is no longer a need for optional measures such as continuous credential hygiene, endpoint hardening, zero-trust architectures, and transparent vendor risk management; they have now become fundamental to security. 

Additionally, all companies must have a strategy in place to respond to cyber crises that ensures clear communication with stakeholders, timely disclosure of incidents, and legal preparedness. It's no secret that cybersecurity is changing very quickly. Only organisations that treat cybersecurity as a dynamic, business-critical function - and not as a checkbox - will be able to withstand attacks in the future.
Read more »
Vulnerabilities and Exploits
Command Injection Linux Mirai botnet Netsecfish Vulnerabilities and Exploits

Mirai Botnet Variant is Building Swarm by Exploiting DVR Flaw

 

A command injection flaw in internet-connected digital video recorders used for CCTV monitoring is the target of a Mirai botnet malware variant, which allows hackers to take over the devices and add them to a botnet. 

Cybersecurity researchers at Russian cybersecurity firm Kaspersky discovered a CVE-2024-3721 exploit while analysing logs from their Linux honeypot system. The issue is a command injection vulnerability found in internet-connected digital video recorders used for CCTV surveillance. Further analysis revealed that the activity was related to a form of the Mirai botnet, which exploited this issue in TBK-manufactured DVR devices to compromise and control them. 

The vulnerability was initially discovered by security researcher "netsecfish" in April 2024. By adjusting parameters like mdb and mdc, the researcher released a proof-of-concept showing how a carefully designed post request to a specific URL can trigger shell command execution. Kaspersky confirmed that this precise technique is being utilised in the wild, with its Linux honeypots catching ongoing exploitation attempts linked to a Mirai botnet variant that uses netsecfish's proof-of-concept to compromise vulnerable DVRs. 

Nearly a decade ago, an anonymous source made the Mirai source code available online. It continues to act as the foundation for other evolving botnet efforts. The variant aimed at DVR systems expands on Mirai's initial foundation with extra features such as RC4-based string obfuscation, checks to avoid virtual machine environments, and anti-emulation methods. 

The exploit is used by the attackers to transmit a malicious ARM32 program to the target device, which then connects to a command-and-control server and joins the botnet. The infected device can be used to launch distributed denial-of-service attacks, forward malicious traffic, and engage in other malicious actions.

This Mirai variation uses a basic RC4 technique to decode its internal strings, with the decryption key disguised using XOR. After decryption, the strings are saved in a global list and used throughout runtime. To evade analysis, the virus runs anti-virtualization and anti-emulation checks on active processes for indicators of environments such as VMware or QEMU.

Last year, Netsecfish reported that around 114,000 DVR devices were vulnerable to CVE-2024-3721. Kaspersky estimates the figure to be closer to 50,000. The majority of infections associated with this Mirai variation are found in Brazil, Russia, Egypt, China, India, and Ukraine.
Read more »
Sensata Technologies data breach
Cyber Attacks employee data exposed ransomware attack April 2025 Sensata cybersecurity incident Sensata Technologies data breach

Sensata Technologies Confirms Data Breach After April Ransomware Attack, Notifies Employees of Exposed Personal Information

 

Sensata Technologies has begun notifying current and former employees of a data breach following the conclusion of an internal investigation into a ransomware attack that took place in April 2025.

A global leader in industrial technology, Sensata specializes in mission-critical sensors, controls, and electrical protection systems, serving sectors such as automotive, aerospace, and defense. The company generates annual revenues exceeding $4 billion.

The breach was initially disclosed in an 8-K filing with the U.S. Securities and Exchange Commission (SEC) after a ransomware attack occurred on Sunday, April 6. At the time, Sensata confirmed that the incident included data exfiltration and disrupted its shipping, manufacturing, and other operations.

While early findings verified that data had been accessed without authorization, the specifics of the stolen information remai5ned unclear. A detailed investigation, supported by external cybersecurity experts, later revealed that the attackers infiltrated Sensata’s systems on March 28, 2025.

"The evidence showed that there was unauthorized activity in our network between March 28, 2025, and April 6, 2025," reads the notice sent to impacted persons.

"During that time, an unauthorized actor viewed and obtained files from our network. We conducted a careful review of the files and, on May 23, 2025, determined that one or more of them may have contained your information."

According to the company, the compromised data may include sensitive personal details such as:
  • Full name
  • Address
  • Social Security Number (SSN)
  • Driver’s license number
  • State ID card number
  • Passport number
  • Financial account and payment card details
  • Medical and health insurance information
  • Date of birth
The breach has affected both current and former employees, as well as their dependents, with the nature of the exposed data varying from person to person.

To support those affected, Sensata is offering one year of complimentary credit monitoring and identity theft protection services.

BleepingComputer has contacted the company to clarify the scale of the breach and the number of individuals impacted, but no response was received as of publication time.

So far, no ransomware group has claimed responsibility for the attack on Sensata Technologies.
Read more »
Social Engineering
Cyber Attacks Extortion FBI Luna Moth Ransomware attack Social Engineering

FBI Warns of Luna Moth Ransomware Attacks Targeting U.S. Law Firms

 

The FBI said that over the last two years, an extortion group known as the Silent Ransom Group has targeted U.S. law firms through callback phishing and social engineering tactics. 

This threat outfit, also known as Luna Moth, Chatty Spider, and UNC3753, has been active since 2022. It was also responsible for BazarCall campaigns, which provided initial access to corporate networks for Ryuk and Conti ransomware assaults. Following Conti's shutdown in March 2022, the threat actors broke away from the cybercrime syndicate and created their own operation known as the Silent Ransom Group.

In recent attacks, SRG mimics the targets' IT help via email, bogus websites, and phone conversations, gaining access to their networks via social engineering tactics. This extortion group does not encrypt victims' systems and is infamous for demanding ransoms in order to keep sensitive information stolen from hacked devices from being leaked online. 

"SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight," the FBI stated in a private industry notification.

"Once in the victim's device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through 'WinSCP' (Windows Secure Copy) or a hidden or renamed version of 'Rclone.'” 

After acquiring the victims' data, they use ransom emails to blackmail them, threatening to sell or publish the information. They frequently call employees of breached organisations and force them into ransom negotiations. While they have a dedicated website for disclosing their victims' data, the FBI claims the extortion ring does not always followup on its data leak promises. 

To guard against these attacks, the FBI recommends adopting strong passwords, activating two-factor authentication for all employees, performing regular data backups, and teaching personnel on recognising phishing efforts.

The FBI's warning follows a recent EclecticIQ report detailing SRG attacks targeting legal and financial institutions in the United States, with attackers observed registering domains to "impersonate IT helpdesk or support portals for major U.S. law firms and financial services firms, using typosquatted patterns.”

A recent EclecticIQ report about SRG attacks against American legal and financial institutions revealed that the attackers were registering domains to "impersonate IT helpdesk or support portals for major U.S. law firms and financial services firms, using typosquatted patterns." The FBI issued the warning in response to this information. 

Malicious emails with fake helpdesk numbers are being sent to victims, prompting them to call in order to fix a variety of non-existent issues. On the other hand, Luna Moth operators would try to deceive employees of targeted firms into installing remote monitoring & management (RMM) software via phoney IT help desk websites by posing as IT staff.

Once the RMM tool is installed and started, the threat actors have direct keyboard access, allowing them to search for valuable documents on compromised devices and shared drivers, which will then be exfiltrated via Rclone (cloud syncing) or WinSCP (SFTP). According to EclecticIQ, the Silent Ransom Group sends ransom demands ranging from one to eight million USD, depending on the size of the hacked company.
Read more »
Online Security
Cyber Scammers Cyber Security Dark Web Dark web malware Dark web marketplace Dark Web Monitoring Illegal Sites Malwares Online Security

Why Exploring the Dark Web Can Lead to Legal Trouble, Malware, and Emotional Harm

 

Venturing into the dark web may seem intriguing to some, but even well-intentioned users are exposed to significant risks. While many people associate the dark web with illegal activity, they may not realize that just browsing these hidden spaces can lead to serious consequences, both legal and emotional. Unlike the regulated surface web, the dark web operates with little to no oversight, which makes stumbling across disturbing or illicit content dangerously easy.

A simple click on an unfamiliar link can redirect users to graphic or illegal material. This content is not always clearly labeled, and visitors may not realize what they’re seeing until it’s too late. In several jurisdictions, merely viewing certain types of content—whether or not you meant to—can have legal repercussions. Users may also experience lasting psychological impact after encountering explicit or violent media. Reports of anxiety, stress, and trauma are not uncommon, even among casual users who were simply exploring out of curiosity.  

Malware, spyware, and keyloggers are often disguised as legitimate downloads or hidden in popular tools. Many websites host dangerous files designed to infect your device as soon as they are opened. Even privacy-focused platforms like Tor can’t fully shield users from malicious code or phishing attempts, especially when browsers are misconfigured or when users interact with suspicious content. 

Technical errors—like enabling JavaScript, resizing your browser window, or leaking DNS requests—can also expose your identity, even if you’re using encrypted tools. Cybersecurity professionals warn that mistakes like these are common and can be exploited by attackers or even government agencies. Law enforcement agencies actively monitor known dark web nodes and can use advanced techniques to track user behavior, collect metadata, and build profiles for surveillance. 

Additionally, scammers thrive in the anonymous environment of the dark web. Fake login portals, spoofed forums, and crypto wallet traps are rampant. And if you’re scammed, there’s little you can do—there are no refund options or customer service teams to help you recover lost funds or data. 

The dark web is often underestimated, constant exposure to unsettling content and the need to stay hyper-aware of threats can wear down a person’s sense of safety and trust. In many cases, the psychological damage can linger far longer than the browsing session itself. 

In short, exploring the dark web without a thorough understanding of the dangers can backfire. It’s a space where curiosity offers no protection, and the consequences—ranging from infections and identity loss to legal charges and emotional distress—can affect even the most cautious users.
Read more »
WhatsApp hacking Italy
COPASIR report Giorgia Meloni surveillance Italian intelligence Italy spyware scandal malware Paragon spyware Italy WhatsApp hacking Italy

Italy Ends Spyware Deal with Israeli Firm Paragon Amid Surveillance Allegations

 

Italy and Israeli surveillance tech company Paragon have terminated their partnership after accusations surfaced that the Italian government misused the spyware to target critics, according to a parliamentary report released Monday and a statement from Paragon.

While both parties confirmed the cessation of their collaboration, their accounts differ, sparking backlash from opposition lawmakers in Italy. The National Federation of the Italian Press (FNSI) urged prosecutors to investigate the matter thoroughly.

In January, a WhatsApp representative from Meta revealed that the spyware had been used to target several individuals in Italy, including a journalist and members of the Mediterranea migrant rescue organization, known for criticizing Prime Minister Giorgia Meloni.

The Italian government acknowledged in February that seven mobile users had been affected by the spyware, but denied any wrongdoing. It also claimed to have tasked the National Cybersecurity Agency with investigating the issue.

A recent report by the parliamentary security oversight committee, COPASIR, indicated that Italian intelligence agencies initially paused and later terminated their use of Paragon’s technology after public backlash. The exact timing of the contract’s termination remains unclear, especially since the government had stated on February 12 that the agreement was still active.

COPASIR also noted it found no proof that journalist Francesco Cancellato, the editor of Fanpage and an alleged spyware target, had actually been surveilled using Paragon’s tools, as he had reported to Reuters and other media.

Paragon, in a statement published by Fanpage, claimed it ceased providing services to Italy after Cancellato’s case became public, and said the government rejected its offer for a joint investigation into the matter.

The company declined to respond to Reuters' request for comment.

Opposition leaders demanded that the government provide transparency in parliament. A spokesperson for Prime Minister Meloni declined to comment.

According to the COPASIR report, Italian domestic and foreign intelligence agencies signed contracts with Paragon in 2023 and 2024 respectively. The spyware was reportedly used in limited cases, under judicial authorization, for national security purposes including tracking fugitives, countering illegal immigration, investigating terrorism and organized crime, and conducting anti-espionage operations.
Read more »
Subscribe to: Posts (Atom)