Security News

Ransomware has been an acute concern for organizations for more than a decade, but one of the more recent trends we see is that groups are now setting up infrastructure, but outsourcing actual infection to "Affiliates" who effectively act as contractors to the Ransomware as a Service group and split the profits at the end of a successful attacks. A ransomware group encrypts a company's data, but first exfiltrates data, which is posted on ransomware blogs on a certain date if the victim doesn't pay.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft is investigating an ongoing issue preventing some customers from accessing their Exchange Online mailbox through Outlook on the web. While Microsoft says this outage only impacts the North American region, user reports show that the issue might also affect users in South America.

In this post, we're going to explore common threat actors and their activities on dark web forums versus illicit Telegram communities. Hackers on dark web forums are more commonly known to share more zero-day exploits to other threat actors as well as share with other hackers how to use these exploits to their advantage as well.

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.Unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.

Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year. "Group-IB's experts highlight that more and more employees are taking advantage of the Chatbot to optimize their work, be it software development or business communications," said the company, adding that demand for account credentials was gaining "Significant popularity."

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. Mystic Stealer, like many other crimeware solutions that are offered for sale, focuses on pilfering data and is implemented in the C programming language.

Decades ago, Tony Turner, CEO of Opswright and author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, faced an SQL Slammer worm. During his 25-year career in supply chain security and product security, he became an expert in engineering, security, and product design and he even served as the VP of R&D at Fortress.

While traditional penetration testing has long been the go-to method for identifying security gaps in a organization's network and web application, a new approach has emerged: penetration testing as a service. PTaaS combines the thoroughness of traditional pen testing with the continuous vigilance of scanners offering a new perspective on security testing.