Tag Archive for: forum

What does $5,000 buy you on a hacking forum? – Week in security with Tony Anscombe

/in


A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forums

For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the BlackLotus bootkit peddled on hacking forums.

Now, what exactly can the bootkit do on the victim’s computer and why is it a major threat? Find out in the video.

Be sure to check out the full technical write-up here: BlackLotus UEFI bootkit: Myth confirmed

Source…

Hacking Forum Exposes Entire US No Fly List Of Over 1.5M Names As TSA Investigates

/in


hero hacking forum exposes us no fly list tsa investigates news
Earlier this month, a Swiss hacker who goes by the name maia arson crimew exfiltrated a copy the US government’s No Fly List from an insecure server. This list, which names individuals who are forbidden from flying anywhere within US borders, is a subset of the Terrorist Screening Database and is kept hidden from the public. However, this list is now publicly available after an unknown actor posted the version accessed by crimew to BreachForums.

Crimew originally came into possession of this list when browsing the Jenkins servers on ZoomEye, which, similar to Shodan, lets users search for servers connected to the internet. The hacker happened to come across a Jenkins server operated by the airline CommuteAir. After digging through this server for a time, crimew discovered credentials for the company’s Amazon Web Services (AWS) infrastructure. The hacker then used the credentials to connect to this infrastructure, which crimew found to contain a 2019 copy of the No Fly List, as well as a “selectee” list. This second list likely names all those who are subject to Secondary Security Screening Selection (SSSS).

In a blog post published by crimew, the hacker acknowledges that these lists are sensitive in nature before stating, “[I] believe it is in the public interest for this list to be made available to journalists and human rights organizations.” Crimew accordingly made the lists available for access upon request, requiring that applicants be journalists, researchers, or other parties with legitimate interest. The service hosting the lists, Distributed Denial of Secrets, further states that requests will probably be rejected if interested individuals don’t provide sufficient information to verify their identities and if said individuals are “hacktivist[s] that want to exploit the data” or “researcher[s] without a clear journalist or academic project.”

breach forums post tsa no fly list
BreachForums post sharing the No Fly List (click to enlarge)

Despite the apparent limitations on who can access this information, someone managed to obtain a copy of the lists and posted them for free on BreachForums. According to BleepingComputer, the No Fly List contains 1,566,062 entries and the…

Source…

200M Twitter records released on hacking forum

/in


Data relating to more than 200 million Twitter Inc. users have been published on a hacking forum two weeks after data relating to 400 million Twitter users was offered for sale on the same forum.

The data is available to download from BreachForums, the successor site to the now-shuttered RaidForums. The listing describes the data as a “DB/Scrape Leak,” meaning that the data was gathered through access to Twitter and scraping public information. The database includes email addresses, names, screen names, the number of followers each Twitter user has and the date each joined Twitter.

Although the listing comes from a different user than the previously offered 400 million Twitter records, Privacy Affairs claimed today that the data appears to be from the same source. The earlier data was believed to have been gathered by exploiting an application programming interface vulnerability that Twitter fixed in January 2022.

The database includes information on notable Twitter users such as Alphabet Inc. Chief Executive Office Sundar Pichai, Donald Trump Jr. and SpaceX Inc.

Bleeping Computer reported that the database still includes duplicates. Some of the sample data provided has also been confirmed to be legitimate.

A second listing from a different user on Breach Forums claims to have taken the same data dump and cleaned it up, including removing duplicates. The second listing also claims that the records indicate that the information was collected from early November 2021 through Dec. 14, 2021.

“This is a common example of how an unsecured API that developers design to ‘just work’ can remain unsecured because when it comes to security, what is out-of-sight is often out-of-mind,” Jamie Boote, associate software security consultant at application security company Synopsys Inc.’s Software Integrity Group, told SiliconANGLE. “Humans are terrible at securing what they can’t see.”

Sammy Migues, principal scientist at Synopsys Software Integrity Group, noted that the core of the story are the issues around API security.

“As cloud-native app development explodes, so does the world of refactoring monolithic apps into hundreds and thousands of APIs and…

Source…

Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

/in


Data of over 200 million Deezer users leaks on hacking forum

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

The data, which appears to have been stolen from one of Deezer’s third-party service providers in 2019, includes:

  • First and last names
  • Dates of birth
  • Email addresses
  • IP addresses
  • Gender
  • Location data (City and Country)
  • Join date
  • User ID

According to RestorePrivacy which first reported on the breach, the hacker released a sample 5 million stolen records on a well-known hacking forum, claiming to have a 60GB stash of stolen data, including 228 million email addresses:

Today im selling the information of over 200+ million Deezer.com users from 2019 (specifically before september-october of 2019). It includes Users CSV which is a 60gb file with 257,829,454 records, of those records there are approx 228 million non anonymized unique emails. A CSV containing logged user sessions (IP Address and device). Profiles CS, and a folder named final containing 106 CV’s. Source is still unclear but it seems like Deezer hired a third party data analysis company to analyze their users. Ill wait for deezer to confirm where this came from lmao. First buyer also recieves access to where this came from (theres some extra stuff in the source of this).

Deezer published a support advisory about the breach in November, shortly after the hacker’s post.

Deezer describes the leaked data as “non-sensitive information”, and claims that no passwords or payment details have been exposed.

Non-sensitive? Hmm. At the very least the email addresses and other information could be used to create convicing phishing emails, and perhaps be abused by fraudsters to extract further details from Deezer users.

And I, for one, am disappointed to have not receive any notification about the breach from Deezer.

EmailSign up to our newsletter
Security news, advice, and tips.

Back in the mists of time (2014), I had a Deezer account. I’d completely forgotten about it, but managed to log back into Deezer today and found my account was still active.

Thankfully I haven’t been paying a subscription all this time, but I am disgruntled that Deezer hasn’t reached out to affected users to…

Source…