Security News

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web. In a lawsuit filed in King County Superior Court in Washington, Hold said it had an agreement with Microsoft going back to 2014 to grant the Windows giant access to its database of compromised accounts with the expectation that Microsoft would limit use to matching Hold's records against Microsoft customer accounts.

The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday. Out of 29 million compromised accounts found on sale on the dark web, over 12 million featured top level domains related to India.

Stealer logs represent one of the primary threat vectors for modern companies. Threat actors who purchase stealer logs have the responsibility of distributing the malware to victims.

Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence from the Internet's virtual underbelly. A team of researchers from Korea Advanced Institute of Science and Technology and data intelligence company S2W has decided to test whether a custom-trained language model could be useful, so they came up with DarkBERT, which is pretrained on dark web data.

Google will add artificial intelligence to several online safety features and give users more insight into whether their information might have been posted on the dark web, the tech giant announced during the Google I/O conference on May 10. Google offers AI image generation and plans to roll out markups that will label those images as AI-generated in Search.

Google has announced new tools, features and updates to improve users' online safety, help them evaluate content found online, and alert them if their Gmail identity appears on the dark web.Another helpful "Tool" for users is the newly introduced option of using passkeys - digital keys linked to a user account and a website or app - to authenticate to one's Google account.

Google announced today that all Gmail users in the United States will soon be able to use the dark web report security feature to discover if their email address has been found on the dark web. Once enabled, it will allow Gmail users to scan the dark web for their email addresses and take action to protect their data based on guidance provided by Google.

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.

According to news reports, the FBI had successfully purchased a portion of the data - which included social security numbers and other sensitive information - on the dark web. As malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more.