Security News

EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.

FBI accused of withholding ransomware key as part of REvil probe. The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.

On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.

A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum. As first noticed by security researcher vx-underground, an alleged member of the Babuk group released the full source code for their ransomware on a popular Russian-speaking hacking forum.

The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible. Dumped online last week onto an animal rights activist's blog, the reformatted Guntrader breach data was explicitly advertised as being importable into Google Earth so randomers could "Contact as many [owners] as you can in your area and ask them if they are involved in shooting animals."

Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.New York City-based JPMorgan Chase Bank is a financial services giant with a $120 billion annual revenue and over 250,000 employees worldwide.

Singapore cable, internet and mobile phone provider StarHub is in the process of notifying 57,191 customers via email that they are victims of a cyber attack that leaked national identity card numbers, mobile numbers and email addresses. The data breach was discovered on July 6 but was not announced until August 6th. StarHub told The Register via email that the company suspects the stolen data file was found within a day of it being uploaded to the third-party web site.

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. While it was first thought that the key could unlock all of the REvil attacks that occurred at the same time as the Kaseya one, it soon became clear to researchers that the decryptor - which appeared to some to be genuine - was only for the files locked in the Kaseya attack.

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards.