Security News

The personal information includes names, dates of birth, gender, physical addresses and email addresses, and election-specific data - such as when an individual registered to vote, voter registration numbers and polling stations - according to Kommersant, a Moscow-based newspaper. The outlet reported Tuesday that several databases of voter data turned up in an unnamed marketplace in late 2019.

There are three additional, sometimes overlooked sources of early warning clues of ransomware and breaches I have seen yield more direct, actionable insights in my years as an incident response leader. Ransomware attacks are a great example: A company typically calls in incident response once an attacker has detonated their ransomware payload and taken infected machines hostage.

Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it's not very sensitive. Citrix has found no evidence that its systems have been compromised, and pointed out that hackers couldn't have moved from the third party's network to its own systems.

Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J Serna says the company is aware of a "Threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix network, exfiltration of data, and attempts to escalate privileges to launch a ransomware attack."

Researchers have found 142 million personal details from former guests at the MGM Resorts hotels for sale on the Dark Web, evidence that a data leak from the hotel chain last summer may be far bigger in scope than previously thought. In the ad, the hacker makes a connection between the newly advertised credentials and a previously known leak of personal details of more than 10.6 million guests who had stayed at MGM Resorts.

A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs. At the low end of the list, malware tools aimed at a global audience sell on average for as little as $70. However, this particular batch is sold as low quality, slow speed, and a low success rate.

SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports. The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.

A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data. The University of California San Francisco paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as "Data ... important to some of the academic work we pursue as a university serving the public good".

Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org. Why is your debit card worth so much more than your credit card? A debit card quickly draws the necessary funds from your bank account.

Credit card details, online banking logins, and social media credentials are available on the dark web at worryingly low prices, according to Privacy Affairs. Online banking logins cost an average of $35. Full credit card details including associated data cost $12-20.