Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 20, 2023

Monday

Dark Web Data is Decoded by New Cyber Platform Lab 1 to Discover Secret Supply Chain Breach

Inflation hit the world’s economies in 2022, with the exception of one segment of the global market: data that had been stolen


Compared to 2021, ransomware payments decreased by more than 40% in 2022. According to research by blockchain company Chainalysis, more organizations declined to pay ransom demands.


Nevertheless, stolen data’s value goes beyond its monetary value and can be unexpectedly harmful.
According to Lab 1, a new cyber monitoring platform, evaluating stolen records will significantly impact long-term cybersecurity resilience.

Your data might already be on the Dark Web even though your firm may not have experienced a direct breach. Due to this, Lab 1 gathers information and contextualizes it in order to determine risk.


Due to this, Lab 1 gathers information and contextualizes it in order to determine risk.


The Dark Web initially existed as a secure network to protect rebels. Currently, one-half of it is a notorious hotspot for criminal activity.


The IMF ranks data markets as the third most popular activity, behind only pharmaceuticals and illegal narcotics.


More than 24 billion login and password combinations, up from 15 billion in 2020, were also discovered by an industry study in 2022.


There may also be other records, such as those pertaining to intellectual property, financial data, personnel files, and more.


Hackers eventually use data descriptions and auction demands, frequently in Bitcoin, to market breaches

NEWS 1
Dark Web Data is Decoded by New Cyber Platform Lab 1 to Discover Secret Supply Chain Breach

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Researchers Explain the Evasion Methods Used by the CatB Ransomware

DLL search order hijacking has been seen being used by the threat actors behind the CatB ransomware campaign to avoid detection and launch the payload.

Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, is thought to be an “evolution or direct rebrand” of Pandora, another ransomware strain. CatB first appeared late last year.

It’s important to note that the use of Pandora has been linked to Bronze Starlight (also known as DEV-0401 or Emperor Dragonfly), a threat actor operating out of China who is known to deploy ransomware families with limited lifespans as a masquerade to mask its likely genuine intentions.

The use of DLL hijacking by the legitimate service Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload is one of CatB’s primary distinguishing features.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 20, 2023 /

Monday

Hackerzhome News

2

Have you heard?
Abuse Of OneNote Embedded Files Know more!

Massive 3.3 Tbps DDoS attacks could be launched by the new "HinataBot" botnet.

Massive 3.3 Tbps DDoS attacks could be launched by the new HinataBot botnet.

A new malware botnet was found that recruits devices into DDoS (distributed denial of service) swarms with the potential for significant attacks against Realtek SDK, Huawei routers, and Hadoop YARN servers.

Researchers at Akamai detected the new botnet at the beginning of the year.

They captured it on their HTTP and SSH honeypots, where they saw it exploiting outdated security holes including CVE-2014-8361 and CVE-2017-17215.

When HinataBot first appeared in mid-January 2023, Akamai notes that HinataBot’s operators were distributing Mirai binaries.

It is a Go-based variation of the infamous strain and appears to be based on Mirai.

The malware is now being actively developed, with functional enhancements and anti-analysis features, according to Akamai’s experts, who were able to collect several samples from active campaigns as recently as March 2023.

By brute-forcing SSH endpoints or exploiting known flaws using infection scripts and RCE payloads, the malware is spread.

After infecting targets, the malware will operate stealthily while awaiting instructions from the command and control server.

NEWS 3

To avoid detection, Emotet malware is now delivered as Microsoft OneNote files.

To avoid detection, Emotet malware is now delivered as Microsoft OneNote files.
NEWS 4

In an effort to get around Microsoft security measures and infect more people, the Emotet malware is currently being disseminated via email attachments from Microsoft OneNote.

Emotet is a notable malware botnet that was previously disseminated by attachments for Microsoft Word and Excel that included malicious macros in them.

A DLL that installs the Emotet virus on the device will be downloaded and run if the user opens the attachment and turns on macros.

The malware will steal email contacts and email content once it has been loaded, and it will then be used in upcoming spam operations.
Other payloads that grant initial access to the corporate network will also be downloaded.

Through this access, the organization is subjected to cyberattacks, such as ransomware assaults, data theft, cyber espionage, and extortion.

While Emotet was once among the most widely dispersed viruses, it began to stop and start intermittently throughout the previous year before taking a pause at the end of 2022.

The Emotet botnet abruptly went back on earlier this month, dispersing malicious emails around the world after three months of quiet.

Pompompurin, the proprietor of BreachForums, was detained on suspicion of cybercrime.

He was accused of one count of conspiring to recruit people to sell unlawful access devices, according to court records.

The accused allegedly admitted upon his detention that he was Pompourin, the proprietor of the cybercrime forum Breach Forums and that his real identity was Connor Brian Fitzpatrick.

According to Bloomberg, Fitzpatrick was freed on bond on Thursday and is scheduled to appear in court in the Eastern District of Virginia on March 24.

The defendant has surrendered his documents and will only be permitted to travel for court-related reasons inside the Southern and Eastern Districts of New York and the Eastern District of Virginia until his appearance in court. Also, he is not permitted to speak with any witnesses, co-defendants, or conspirators.

An administrator of the forum said that BreachForums would continue to function while the site’s alleged owner was away.

The administrator also stated that they will continue to run the forum and have complete access to the website’s infrastructure.

Pompompurin, the proprietor of BreachForums, was detained on suspicion of cybercrime.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: