Security News
Attempting to enter Hungary at the time, Chychasov was arrested in March 2022 for running the SSNDOB Marketplace, which stands for "Social security number, date of birth" and operated over various domains including blackjob. The SSNDOB Marketplace dates back more than a decade and was operating as early as 2013, then on the domain ssndob.
Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden...
Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.
Infostealer malware, which consist of code that infects devices without the user's knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing at alarming rates, according to Secureworks. "Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access," said Don Smith, VP threat research, Secureworks CTU. "They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as infostealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces for the sale and purchase of this stolen data, has really upped the ante," added Smith.
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. VS Code extensions, curated via a marketplace made available by Microsoft, allow developers to add programming languages, debuggers, and tools to the VS Code source-code editor to augment their workflows.
Researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness. According to a new report by AquaSec, researchers have found its fairly easy to upload malicious extensions to Microsoft's Visual Studio Code Marketplace, and have already found a few existing extensions that are very suspicious.
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity said.
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy.
Does your organization spend countless resources hardening operating systems in the cloud? That's why CIS pre-hardens virtual machine images to CIS Benchmark standards. See how these CIS Hardened Images work by trying one in your cloud environment.
Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads. The trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it; these frameworks aggregate and serve in-app ads.