SS7 Service Updates

09.09.2022 Scheduled Maintenance patch for Brazil operators: Claro Brasil and OI. Services will be unavailable for these networks until 10.09.2022. 01.09.2022 Scheduled Maintenance patch for Canada operators: Telus, Bell and Rogers. Services will be unavailable for these networks until 02.09.2022. 18.02.2021 Added new plan: SMS Intercept 30 days plan 24.01.2021 New shop added 14.12.2020 December […]

Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own

On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. The highlight of the day was the Ubuntu Desktop operating system getting hacked three times by three different teams, although one of them was a […]

FBI confirms access to Breached cybercrime forum database

Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner. 20-year-old Conor Brian Fitzpatrick (also known as Pompompurin) for his involvement in the theft and sale of sensitive personal information belonging to “millions of […]

The Week in Ransomware – March 24th 2023 – Clop overload

This week’s news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a zero-day vulnerability. Over the past month, one hundred new companies have been added to Clop’s data leak site, with the extortion gang threatening to leak data if a ransom is not paid. While it is […]

Microsoft shares tips on detecting Outlook zero-day exploitation

Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. Tracked as CVE-2023-23397, this privilege escalation security flaw in the Outlook client for Windows enables attackers to steal NTLM hashes without user interaction in NTLM-relay zero-click attacks. The threat actors can exploit it by sending […]

Australian police arrest four BEC actors who stole $1.7 million

The Australian Federal Police (AFP) has arrested four members of a cybercriminal syndicate that has laundered $1.7 million stolen from at least 15 victims between January 2020 and March 2023.  AFP’s investigation that led to the group’s dismantling started in October 2021, when an Indonesian business reported losing $100,000 to a BEC (business email compromise) […]

OpenAI: ChatGPT payment data leak caused by open-source bug

OpenAI says a Redis client open-source library bug was behind Monday’s ChatGPT outage and data leak, where users saw other users’ personal information and chat queries. ChatGPT displays a history of historical queries you made in the sidebar, allowing you to click on one and regenerate a response from the chatbot. On Monday morning, numerous […]

Procter & Gamble confirms data theft via GoAnywhere zero-day

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. While the company didn’t say who was behind the security breach, this is part of an ongoing spree of extortion demands linked to the Clop ransomware […]

UK creates fake DDoS-for-hire sites to identify cybercriminals

The U.K.’s National Crime Agency (NCA) revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. DDoS-for-hire services, also known as ‘booters,’ are online platforms offering to generate massive garbage HTTP requests towards a website or online service in exchange for money that overwhelm the webserver […]

‘Bitter’ espionage hackers target Chinese nuclear energy orgs

A cyberespionage hacking group tracked as ‘Bitter APT’ was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders. Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region. In May 2022, Bitter APT […] rotates its exposed private SSH key

GitHub has rotated its private SSH key for after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only “briefly” exposed, but that it took action out of “an abundance of caution.” Unclear window of exposure In a succinct blog post published today, GitHub acknowledged discovering this […]