Displaying items by tag: Dark Web

GUEST OPINION:  

Rapid7 is investigating two separate events affecting Fortinet firewall customers:

• Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed earlier this week. Successful exploitation could allow remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module.
• A January 15, 2025, dark web post from a threat actor who looks to have published IPs, passwords, and configuration data from 15,000 FortiGate firewalls. The data leaked online appears to be several years old (2022). Rapid7 has not attributed any CVEs to the leaked data at this time.

The BlackBasta ransomware group claims on the Dark Web it has breached major polymer additive and market-leading PVC stabiliser product company Akdeniz Chemson. The group claims to have stolen more than 500GB of financial and HR data and has given until 13 June 2024 for a ransom to be paid, or it will be released.

GUEST OPINION by Patrick Tiquet, VP of Security and Compliance, Keeper Security: The recent malware attacks leveraging direct messages on TikTok can have potentially severe consequences.

Ticketing giant Ticketmaster has confirmed it was part of a data breach, potentially affecting hundreds of millions of customers around the world.

Counterfeit Australian identity documents, especially driver’s licences, rank among some of the most frequently listed and sold identity documents on anonymous dark web marketplaces, according to new research from the Centre of Forensic Science at the University of Technology Sydney (UTS).

GUEST OPINION: 20 September marks the one-year anniversary of the Optus cyber attack, which saw the personal details of 10 million Australians stolen (over a third of Australia’s population)—birthdates, home addresses, phone numbers, passport, and driving licence numbers—leaked on the dark web.

Finnish Customs says it has seized the Piilopuoti web server and its narcotics sales content.

ln an email to all affected customers, Dymocks has asserted that the breach did not occur in any computer system under their management.

The au Domain Administration, the organisation that administers the Australian domain namespace, now says attackers who claimed they had breached its network have provided evidence of the breach.

Windows ransomware group Cl0p has released some of the data it stole from consultancy firm PwC on the clear web. The attackers have claimed to be in possession of 121GB of data plus archives.

Security vendor WatchGuard Technologies' AuthPoint Total Identity Security bundles AuthPoint multi-factor authentication with dark web credential monitoring capabilities and a corporate password manager.

Security vendor Bitdefender has published a report lifting the lid on dark web marketplaces including the types of products and services offered and the asking prices asked for stolen consumer credentials.

Less than three hours after the Medibank Group told iTWire it had not been affected by the ongoing ransomware attacks by the Cl0p group, the company told another media outlet that it had indeed been affected.

Cyber security firm Group-IB claims to have discovered credentials for compromised ChatGPT accounts in the logs of info-stealing malware traded on the dark web. A total of 101,134 hosts were found to be hosting these credentials.

A ransomware gang which attacked the well-known social news aggregation site Reddit has expanded its demands, asking the company to reverse announced hikes in the prices for using its API.

The dark web's Hidden Wiki - a launching point to the useful privacy-focused tools and resources available - now has a version 3 domain, and here it is.

Australian law enforcement agencies appear to have resorted to psyops in a bid to send a message to network attackers that Australia is not the best place to do business.

More files exfiltrated from medical insurer Medibank Group during a ransomware attack have been released on the dark web site of the attacker(s). Ransomware generally attacks only systems running Microsoft's Windows operating system.

Data published by the individual(s), who attacked the medical insurer Medibank Group using ransomware, has now been linked to a forum on the clear Web, the same forum where the data from telco Singtel Optus was released. Ransomware generally attacks only systems running Microsoft's Windows operating system.

The operator of a ransomware blog, which hosts a copy of the site formerly used by the REvil gang, claims that data from Australia's Medibank Group will be posted on the dark web in 24 hours.