Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

April 6, 2023

Thursday

Now, phishing tools and services are sold exclusively on Telegram.

The platform of choice for developers of phishing kits and bots trying to expand their customer base or find unpaid laborers is Telegram.


The messaging service has been utilized by cybercriminals for a number of years, but it seems threat actors in the phishing industry have recently begun to rely more heavily on it.


According to Kaspersky’s research, phishers provide phishing products and services to potential customers, including pre-made kits,  fake websites, tool subscriptions, how-to manuals, and technical help.


The following services are currently available over Telegram, according to the researchers:
Users can develop phishing pages that mimic well-known businesses using free phishing kits that come with pre-packaged tools, automated (bot-based) user data harvesting, and the construction of phishing pages.

With a customizable user interface, anti-bot systems, geoblocking, URL encryption, and even social engineering elements, premium scam, and phishing pages are available.


These kits can cost anywhere between $10 to $300, depending on their features.
they have stolen login credentials for online banks and personal information.


Subscriptions for phishing-as-a-service (PhaaS) grant access to tools, how-to manuals, technical assistance, and routine upgrades for the offered anti-detection systems.


Some businesses that value their reputation offer kits that encrypt the stolen data, preventing both the operators and the vendors from accessing the victim’s data without first paying their fair portion to the other party.


According to Kaspersky, Telegram is an excellent platform for wannabe scammers to learn more about the phishing industry for nothing.

NEWS 1
Now, phishing tools and services are sold exclusively on Telegram.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

A ransomware gang alleges an MSI breach and requests $4 million.

The new ransomware gang “Money Message” has placed Taiwanese PC component manufacturer MSI (Micro-Star International) on its extortion portal.

 The group claims to have stolen source code from the firm’s network.

With annual sales of $6.5 billion, MSI is a major manufacturer of motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC accessories, and infotainment products.

In addition to posting pictures of what they claim to be the hardware vendor’s CTMS and ERP databases, files containing software source code, secret keys, and BIOS firmware, the threat actor has placed MSI on its data leak website.

If MSI doesn’t comply with its demands for a ransom payment, Money Message now threatens to expose all of these supposedly stolen papers in around five days.

Inform your management that we have MSI source code, including the framework to build BIOS, as well as private keys able to sign in any custom module of those BIOS and install it on PC with this BIOS, the Money Message operator said in a chat with an MSI agent.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

April 6, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
HP will fix a serious flaw in LaserJet printers within 90 days Know more!

Google requires Android apps to provide simple account deletion options online and in-app

Google requires Android apps to provide simple account deletion options online and in-app

To provide customers more transparency and control over their data, Google is implementing a new data deletion policy for Android apps that allow account creation that also includes a setting for account termination.

Developers will soon be required to offer a method to begin account and data deletion from within the app and online for apps that support app account creation. 

In order for a user to request account and data deletion without having to reinstall an app, it is extremely crucial that you link to this site requirement in your data safety form.

The intention, according to the search behemoth, is to provide a “readily discoverable button” to start the process of deleting an app account from both inside and outside of the app.

To that purpose, developers must give users both an in-app path and a web link resource to ask for the deletion of their app account and all associated data.

 App developers must delete any data related to a particular account whenever users submit such a request.

NEWS 3

brand-new dark web market STYX specializes in financial fraud services.

brand-new dark web market STYX specializes in financial fraud services.
NEWS 4

STYX, a brand-new dark web marketplace that debuted earlier this year, seems to be on the right track to developing into a robust marketplace for purchasing and selling illegal services or stolen data.

Money laundering, identity theft, distributed denial-of-service (DDoS), getting around two-factor authentication (2FA), using stolen or fake IDs and other personal information, renting malware, using cash-out services, email and phone flooding, identity lookup, and many other services are among the ones offered.

The marketplace uses an integrated escrow mechanism to mediate transactions between buyers and sellers and opened its doors to the public on January 19.

But, since early 2022, when the founders were still developing the escrow mechanism, experts at threat intelligence firm Resecurity have uncovered references to STYX on the dark web.

In an apparent effort to boost user confidence in the platform, STYX accepts payments using a variety of cryptocurrencies and has a dedicated section for approved vendors.

Now accessible as a limited public preview is Microsoft Edge Workspaces.

In a restricted public test, Microsoft today revealed that the recently added Edge Workspaces capability, which enables users to share groups of tabs with friends and family, is now accessible.

After enrolling in their Microsoft account, users of Microsoft Edge Workspaces will have access to the same set of tabs.

At the company’s Ignite conference for programmers and IT specialists in October 2022, it was first presented in an enterprise public preview.

Edge Workspaces can save you time by allowing you to complete a task or project—such as planning a trip—all in one location rather than having to send links back and forth.

With workspaces, you can establish a single, shared view of the web pages and documents used by your group within a specific browser window that receives real-time changes.

Furthermore, to be highlighted is the fact that the Edge Workspaces collaborative surfing capability does not entail participant sharing of browser data or browser screen sharing.

Now accessible as a limited public preview is Microsoft Edge Workspaces.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: