Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Darknet. Show all posts
Privacy Breach
Boulanger Cyberhackers Cybersecurity Darknet Data Breach Data Leak data threat Privacy Breach

Millions Affected by Suspected Data Leak at Major Electronics Chain

 


Cybersecurity experts and users alike are worried about a recent report that the hacking group ShinyHunters is offering more stolen data on the darknet marketplace in a concerning development. It has been reported that the group is attempting to sell four additional datasets following the sale of three large databases of compromised user information last week. Boulanger Electroménager & Multimédia, a long-established French retailer specialising in household appliances and multimedia products, has attempted to sell four additional databases. 

Since its establishment in 1954, Boulanger has operated a nationwide network of physical stores in addition to delivering goods across the country. As well as offering digital retail channels, the company offers a mobile application that has been downloaded more than one million times from both Google Play store and Apple's App store, demonstrating its broad consumer reach and ability to engage consumers digitally. 

Upon discovering the compromised data related to Boulanger through a forum post located on the open internet, cybersecurity researchers concluded that the breach was a consequence of cybercrime. The platform on which this message board is located is a well-known platform that distributes a wide variety of digital content, such as leaked databases, cracked software, and other illicit materials. 

Since the stolen information is available on such an easily accessible and public site, there are serious concerns that the customer data could be exposed to the public domain and misused if it were to be misused. In this respect, this discovery highlights the challenges that companies face when it comes to data protection, especially in the retail sector, where both online and offline companies operate at a large scale. As a result of the alleged exposure of these platforms, there are serious concerns raised about the privacy of users and the security measures that are in place at these companies. 

The exact nature and extent of the compromised information have not yet been publicly confirmed by all the affected organisations, but early reports suggest that this information could include email addresses, hashed passwords, as well as other personal information. Security researchers and organisations affected by the breaches continue to assess the full scope of the breaches, as the situation continues to unfold. Cyble made its disclosure to keep tabs on cybercrime forums and darknet marketplaces, where stolen data can often be bought and sold. 

A team of security researchers at Safety Detectives has confirmed the presence of sensitive customer information that was stolen from a French electronics retailer in 2024 and is currently available online for free distribution. By analysing some samples of the exposed data, researchers were able to verify its validity and trace its origins to Boulanger Electroménager & Multimédia, a well-established French retailer established in 1954. In addition to offering an extensive selection of household appliances and multimedia products through both physical stores as well as through its online platform, Boulanger also provides a variety of electronic products. 

There is a report that Safety Detectives discovered that leaked information was found in a public forum thread on Clearweb, where a user had posted two download links to the compromised database that contained the leaked information. One link was able to provide access to a 16GB unparsed dataset contained in a 16GB JSON file that was reportedly containing more than 27 million records. Using the second link, one could access a parsed version.SV file of around 500MB in size, which contained a subset of five million records contained in a subset. 

In both datasets, sensitive customer information appears, but the full scope and specific nature of the information exposed have not yet been disclosed, although it is believed they contain sensitive customer information. According to reports, Boulanger was targeted by a coordinated ransomware attack in September 2024 that affected several French retailers, including Truffaut and Cultura, as well as several well-known French brands.  It was the cyber threat actor known as Horrormar44 who claimed responsibility for the breach. 

At the time, the stolen data had been listed for sale on a separate, clear web forum, which is no longer available, for €2,000 as a price. It is unclear whether any transactions have successfully taken place, although there were some indications that potential buyers were interested. In recent times, the compromised data has resurfaced and is now being offered for free on another publicly accessible site. 

A careful analysis of the data revealed that there were just over a million unique customer records within the cleaned version of the dataset with a few instances of duplicate records. This number, which is significantly lower than the five million claimed by the original author of the post, suggests that the original listing may have been either exaggerated or inflated. 

There are still over a million verified customer entries in the system, which is still a significant data exposure incident, and it raises serious concerns about how retailers will handle and protect personal data over the long term. As a result of the fact that a significant amount of verified individual data is currently being circulated openly online, there has been an increasing concern about data security in the retail industry. 

Both the parsed as well as the raw versions of the data are available online, which implies that there was a deliberate intent to make the stolen information accessible to those who may misuse it. There are still investigations going on, and cybersecurity experts are calling upon affected individuals and organizations to take immediate precautions. As far as the hacking group ShinyHunters is concerned, it remains unclear whether they are directly responsible for the initial breaches, but they have been actively brokering the sale of multiple stolen databases. 

The cybersecurity firm ZeroFox has recently published a report that reveals ShinyHunters have been linked to a high-profile data breach that has affected Tokopedia, a major Indonesian e-commerce platform, with the claim that approximately 15 million users' records have been compromised. In addition to this, there has been some press coverage that indicates that this group has allegedly taken over 500 gigabytes of private Microsoft GitHub repositories to steal data. There is still a considerable amount of investigation to be conducted on this alleged breach, but a Microsoft spokesperson confirmed to Information Security Media Group that the company is aware of the claim and will be investigating it immediately. 

A number of large databases have been sold on darknet forums by ShinyHunters, an organization associated with this group. There is a database that costs $2,500, and is reportedly made up of around 8 million user records allegedly sourced from HomeChef, a meal delivery service. The dataset includes information that can be used to identify a user, including phone numbers, zip codes, email addresses, IP addresses, and passwords hashed using the Bcrypt algorithm, among other things. 

Additionally, it contains entries that include the last four digits of the Social Security numbers for users. A sample of this information can be found on a darknet marketplace by searching for the name "First Stage: HomeChef [8M]" One more database that is listed for $2,500 is said to contain 15 million records, allegedly the result of a breach of Chatbooks, which is a platform for creating photo books. Among the items in the dataset are email addresses, social media access tokens, passwords hashed using the SHA-512 algorithm, as well as other personally identifiable information. 

ShinyHunters is also promoting the purchase of a third database allegedly containing 3 million records that were allegedly sourced from an incident at The Chronicle of Higher Education. Despite the fact that ZeroFox does not know what type of data is included in this set, which is priced at $1,500, there has been no mention of sample or specifics.

In light of these ongoing sales, ShinyHunters demonstrates the magnitude and sophistication of data trafficking operations connected to ShinyHunters and reinforces the urgent need for stronger security measures, especially among high-profile organisations and digital platforms. Leaked user data linked to ShinyHunters and similar threat actors is becoming increasingly available and more accessible, which is indicative of the troubling escalation of cybersecurity threats worldwide. 

There are many risks associated with the open sale of sensitive information, even free sharing of sensitive data on both the darknet and clearweb platforms. As a result, the risks to individuals and organisations have increased in recent years. Cyber threats are no longer just a threat to the corporate world; they affect every industry and location equally. The security professionals in the industry suggest that businesses prioritise proactive defence strategies, such as data encryption, continuous security audits, employee training, and protocols for responding to breaches as soon as possible. 

A consumer's vigilance is equally important, as is regularly updating their passwords, activating multi-factor authentication, and monitoring their identities for signs of identity misuse. In an increasingly vulnerable digital environment, this is the most important protection. It is becoming increasingly apparent that investigations will continue into these incidents, underscoring the urgent need for a coordinated, resilient and national approach to data security.
Read more »
TOR
anonymization Browser Cyber Security Darknet Encryption Network Online Privacy Security servers TOR

Exploring the Tor Network: A Comprehensive Look at Online Anonymity and Privacy

 

The Tor network, originally developed in the early 2000s by the U.S. Naval Research Laboratory, has been operated since 2006 by the independent non-profit organization, The Tor Project. The project's primary goal is to offer a free method for anonymizing internet traffic. Approximately 85% of The Tor Project’s funding comes from U.S. government entities, while the remaining 15% is sourced from private donations and NGOs.

Tor, which stands for "The Onion Router," functions by routing a user's connection through three randomly selected servers (nodes), layering encryption like the layers of an onion. The destination site only detects the IP address of the final node, called the exit server, masking the user's original address. The system refreshes the connection route every 10 minutes, though the access node remains stable for two to three months.

Data transferred within the Tor network is encrypted until it reaches the exit server. However, users must still encrypt any sensitive information entered on websites, as data exiting the network can be read if it's not further encrypted. To access Tor, users need a specialized browser—like the Tor browser, based on Mozilla Firefox and configured for secure browsing.

With about 6,500 servers currently active worldwide, individuals, companies, and organizations operate these nodes. Any internet user with a DSL connection can set up a Tor node. However, the network's openness can be a vulnerability; if an exit node operator is not vigilant, unencrypted data can be intercepted. Additionally, sophisticated entities, such as intelligence agencies, could potentially track Tor users by analyzing traffic patterns or compromising nodes.

Despite these risks, Tor remains the most secure method of maintaining anonymity online. Around two million people, particularly those in heavily monitored states, use the Tor network daily. The darknet, a collection of hidden websites, also depends on Tor's anonymization for access.
Read more »
NTA
Cyber Crime cyber threat Darknet Exam Scam India NTA

NTA Faces Exam Security Crisis Amid Darknet Threats

 

The National Testing Agency (NTA) in India is in the midst of a serious crisis, with its staff worried about the safety of any exam due to claims that the NTA's website was hacked. 

Following the cancellation of the UGC-NET due to claimed cyberthreats, an NTA officer has come forward, suggesting further risks to examinations.

According to the local media outlet, a senior NTA official stated that the testing organization's IT and administrative staff are concerned that re-conducting the examinations will be impossible owing to "terrorist organisations" getting into the NTA's security systems via the dark web to expose the chinks this year. 

Earlier this week, the Bihar Police asked for data about six candidates, including their roll numbers. Two of the roll numbers do not exist, and the names of the remaining two candidates do not match. There are other discrepancies, including the timing of the seizures, which took place after the exam, when all of the question papers had already been made public, the official added.

He also stated that simply looking at exam models would not be sufficient, saying that the computer-based ITEP exam had to be cancelled since each file of the examination was 5 GB and had to be downloaded at the allocated centres, and that some applicants received false question papers. 

What's happened so far?

Earlier, the NTA published a statement, claiming that the NTA website and all of its other web portals are completely secure and that accusations of hacking were false and misleading. The clarification comes amid a debate over suspected irregularities in exams such as NEET-UG and UGC-NET.

The investigation into the irregularities in the medical entrance exam NEET-UG has also been handed over to CBI, followed by the assigning of the India Trade Promotion Organisation (ITPO) Chairman and Managing Director Pradeep Singh Kharola as the additional charge of the NTA.

A high-level seven-member team, led by a former ISRO chairman Dr K Radhakrishnan, has been constituted to investigate the functioning and fair conduct of exams by the NTA, and will give its report in two months, the Centre revealed on June 22.
Read more »
malware
Credential Darknet Data Theft Kaspersky malware

Rise In Cybercrime: Dark Web Fueling Credential Attacks

 


In an unsettling situation, cybercriminals are increasingly turning to credential theft as a lucrative business, aided by the rise of infostealer malware attacks. Over the past three years, these threat actors have capitalised on the opportunity, compromising millions of personal and corporate devices globally.

The Rise of Infostealer Malware

According to cybersecurity experts at Kaspersky, infostealer malware attacks have surged sevenfold in recent years, with over 10 million devices compromised in 2022 alone. These sophisticated attacks enable hackers to silently collect login credentials and sensitive data from devices, posing a significant cybersecurity threat.

The Lucrative Market for Stolen Credentials

The value of corporate credentials in the cybercrime market has soared, leading to a 643% increase in data theft attacks. Cybercriminals act as initial access brokers, stealing corporate credentials and selling them on dark web forums for substantial profits. Kaspersky researchers highlight various sales models, with prices starting at $10 per log file.

Emerging Dark Web Hubs

Darknet markets have become key enablers of cybercrime, facilitating the sale of stolen credentials and victim profiles to cybercriminal groups. Following the takedown of Genesis Market, new hubs like Kraken Market and DNM Aggregator have emerged, offering seamless payment options via crypto processors.

Regional Impact

Regions like the Asia-Pacific and Latin America have been particularly affected by credential stealing attacks, with millions of credentials stolen from countries like Brazil, India, Colombia, and Vietnam. In Australia, compromised credentials accounted for the majority of cybersecurity incidents, with compromised or stolen credentials implicated in 56% of all incidents.

The Role of Initial Access Brokers

The number of initial access brokers (IABs) operating worldwide has risen significantly, with the APAC region experiencing a particularly sharp increase. These brokers play a critical role in fueling cybercrime operations, selling access to corporate networks and facilitating activities like ransomware attacks.

Despite the perception of cyberattacks as complex operations, the reality is that many exploit the simplicity of credential vulnerabilities. According to the Cybersecurity and Infrastructure Security Agency (CISA), over half of government and critical infrastructure attacks leverage valid credentials, with stolen credentials implicated in 86% of breaches involving web-based platforms. Credential stuffing, a technique where attackers use stolen usernames and passwords on various websites, has become increasingly popular due to individuals' tendency to reuse login information for convenience. 

With cybercriminals exploiting vulnerabilities in corporate and personal networks, organisations and individuals must remain a step ahead to protect against this pervasive threat.




Read more »
Security Framework
Crypto Exchange Crypto heist Crypto Phishing Cryptocurrencies Cyber Security Darknet Financial Institution Law Enforcement Security Framework

India Strengthens Crypto Crime Vigilance with Dark Net Monitor Deployment

India has made a considerable effort to prevent crypto-related criminal activity by establishing a Dark Net monitor. This most recent development demonstrates the government's dedication to policing the cryptocurrency market and safeguarding individuals from potential risks.

India has made a considerable effort to prevent crypto-related criminal activity by putting in place a Dark Net monitor. This most recent development demonstrates the government's dedication to overseeing the cryptocurrency industry and safeguarding citizens from any potential risks.

Drug trafficking, cyberattacks, and financial crimes using cryptocurrency are just a few of the criminal activities that have long been the center of the Dark Net, a secret area of the internet. Indian officials hope to efficiently identify and stop these illegal activities by implementing a Dark Net monitor.

According to officials, this cutting-edge technology will provide critical insights into the operations of cybercriminals within the crypto space. By monitoring activities on the Dark Net, law enforcement agencies can gain intelligence on potential threats and take proactive measures to safeguard the interests of the public.

Sneha Deshmukh, a cybersecurity expert, commended this move, stating, "The deployment of a Dark Net monitor is a crucial step towards ensuring a secure and regulated crypto environment in India. It demonstrates the government's dedication to staying ahead of emerging threats in the digital landscape."

India's stance on cryptocurrencies has been closely watched by the global community. The government has expressed concerns about the potential misuse of digital currencies for illegal activities, money laundering, and tax evasion. The deployment of a Dark Net monitor aligns with India's broader strategy to strike a balance between innovation and regulation in the crypto space.

A spokesperson for the Ministry of Finance emphasized, "We recognize the transformative potential of blockchain technology and cryptocurrencies. However, it is imperative to establish a robust framework to prevent their misuse. The Dark Net monitor is a crucial tool in achieving this goal."

Experts believe that this move will bolster confidence among investors and industry stakeholders, signaling a proactive approach towards ensuring a secure crypto ecosystem. By leveraging advanced technology, India is poised to set a precedent for other nations grappling with similar challenges in the crypto space.

Initiatives like the deployment of the Dark Net monitor show India's commitment to staying at the forefront of regulatory innovation as the global crypto scene changes. This move is anticipated to be crucial in determining how cryptocurrencies will evolve in the nation and open the door for a more secure and safe digital financial ecosystem.

Read more »
VMware
Cyber Secuirty Cyber Security Darknet Double extortion Linux Ransomware Attacks. Russian Hacker VMware

ESXi , Linux, and Windows Systems at Risk From New Luna Ransomware

Luna is a brand-new ransomware family that was written in Rust, making it the third strain to do so after BlackCat and Hive, according to Kaspersky security researchers

The experts who examined the ransomware's command-line options believe that Luna is a reasonably straightforward ransomware program. 

Luna ransomware

This interesting encryption method combines x25519 with AES. The researchers discovered that the Linux and ESXi samples, which are compiled using the identical source code, differ only slightly from the Windows version.

Darknet forum advertisements for Luna imply that the ransomware is only meant to be used by affiliates who speak Russian. Due to spelling errors in the ransom note that are hard-coded into the malware, its main creators are also thought to be of Russian descent.

The Luna ransomware is also able to avoid automated static code analysis attempts by utilizing a cross-platform language.

"The source code used to compile the Windows version and the Linux and ESXi samples are identical. The remaining code is almost unchanged from the Windows version" the researchers added. Luna "confirms the trend for cross-platform ransomware," the researchers wrote, pointing out how hackers are able to target and strike at scale while avoiding static analysis, thanks to the platform flexibility of languages like Golang and Rust.

Nevertheless, considering that Luna is a recently identified criminal organization and its activities are still being constantly monitored, there is very little knowledge available regarding the victimology trends.

Black Basta

Researchers have also revealed information about the Black Basta ransomware group, which modified its software to target ESXi systems. By adding compatibility for VMware ESXi, various ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil, hope to increase their potential targets.

The double-extortion attack model is used by Black Basta, a ransomware operation that has been operational since April 2022.

Researchers from Kaspersky said that operators had introduced a new feature that relies on launching the computer in safe mode before encrypting data and imitating Windows Services in order to maintain persistence.

Black Basta can avoid detection from a variety of endpoint security solutions by starting Windows in safe mode.




Read more »
Versus
Criminal Darknet Cyber Security Darknet IP Address Server Versus

Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak

 

The Versus Market, one of the most prominent English-speaking criminal darknet marketplaces, is shutting down after a severe vulnerability was discovered that might have given access to its database and disclosed the IP addresses of its servers. 

Dark web markets must keep their physical assets secret when performing illicit operations online; otherwise, their operators risk being identified and arrested. The same is true for users and vendors who must stay anonymous while utilising these unlawful sites. Anything that undermines their faith in the platform to secure their information makes it exceedingly dangerous. Apparently, after discovering these flaws, the Versus operators opted to pull the plug themselves, considering it too unsafe to continue. Versus debuted three years ago and quickly gained traction in the hacking world, offering drugs, coin mixing, hacking services, stolen payment cards, and exfiltrated databases. 

Versus went offline to undertake a security assessment, as the website claims it has done twice previously, in response to concerns of serious problems or possibly real hacking. Users were concerned that the Versus was executing an exit scam, that the FBI had taken over the site and other common assumptions that follow these sudden moves. However, the platform's operators soon reappeared, announcing the closure of the marketplace. 

The following PGP-signed message was uploaded by a Versus staff member who is one of the major operators: "There is no doubt that there has been a lot of concern and uncertainty regarding Versus in the last few days. Most of you that have come to know us have rightfully assumed that our silence has been spent working behind the scenes to evaluate the reality of the proposed vulnerability. After an in-depth assessment, we did identify a vulnerability which allowed read-only access to a 6+-month-old copy of the database as well as a potential IP leak of a single server we used for less than 30 days. We take any and every vulnerability extremely seriously but we do think that it's important to contend with a number of the claims that were made about us."

"Specifically of importance: there was no server pwn and users/vendors have nothing to worry about as long as standard and basic opsec practices have been utilized (for example, PGP encryption) Once we identified the vulnerability, we were posed with a fork in the road, to rebuild and come back stronger (as we had done before) or to gracefully retire. After much consideration, we have decided on the latter. We built Versus from scratch and ran for 3 years." 

The letter concludes with a note to platform providers, pledging to post a link allowing them to make transactions without time constraints, permitting the return of escrow amounts. 

Versus was revealed for IP breaches in March 2020, and then in July 2020, a large Bitcoin theft from user wallets occurred. In all situations, the platform accepted responsibility for the errors and was extremely open about what occurred. Versus was able to grow and become a significant marketplace in terms of user numbers and transaction volumes as a result of this. 

However, the operators most likely recognised that the risk of exposure was too considerable to continue. It remains to be known if or not personnel of law enforcement has already exploited the current vulnerability in the next weeks/months.
Read more »
Profiles for sale
Bank Data Darknet Data Breach Data Leakage DLBI Location data location tracking Personal Data Personal Data Breach Profiles for sale

The DLBI Expert Called the Cost of Information about the Location of any Person

Ashot Oganesyan, the founder of the DLBI data leak intelligence and monitoring service, said that the exact location of any Russian on the black market can be found for about 130 dollars. 

According to him, this service in the illegal market is called a one-time determination of the subscriber's location. Identification of all phones of the client linked to the card/account using passport data costs from 15 thousand rubles ($200). 

"The details of the subscriber's calls and SMS for a month cost from 5 thousand ($66) to 30 thousand rubles ($400), depending on the operator. Receiving subscriber data by his mobile phone number cost from 1 thousand rubles ($13)", he added. 

Mr. Oganesyan said that fixing movement on planes, trains, buses, ferries, costs from 1.5 thousand ($20) to 3 thousand rubles ($40) per record. Data on all issued domestic and foreign passports will cost from 900 ($12) to 1.5 thousand rubles ($20) per request. Information about crossing the Russian border anywhere and on any transport costs from 3 thousand rubles ($40) per request, Ashot Oganesyan clarified, relying on the latest data on leaks. 

According to him, both law enforcement agencies and security services of companies are struggling with leaks, but only banks have managed to achieve some success. The staff of mobile network operators, selling data of calls and SMS of subscribers, are almost weekly convicted, however, the number of those wishing to earn money is not decreasing. 

The expert noted that under the pressure of the Central Bank of Russia and the constant public scandals, banks began to implement DLP systems not on paper, but in practice, and now it has become almost impossible to download a large amount of data unnoticed. As a result, today it is extremely rare to find a database with information about clients of private banks for sale. 

However, another problem of leakage from the marketing systems of financial organizations has emerged. The outsourcing of the customer acquisition process and the growth of marketplaces have led to information being stored and processed with a minimal level of protection and, naturally, leaking and getting into sales.
Read more »
Subscribe to: Posts (Atom)