Security News

Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities
2023-06-26 14:05

In this post, we're going to explore common threat actors and their activities on dark web forums versus illicit Telegram communities. Hackers on dark web forums are more commonly known to share more zero-day exploits to other threat actors as well as share with other hackers how to use these exploits to their advantage as well.

Compromised ChatGPT accounts garner rapid dark web popularity
2023-06-21 05:05

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023.Unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.

Over 100,000 compromised ChatGPT accounts found for sale on dark web
2023-06-20 10:08

Singapore-based threat intelligence outfit Group-IB has found ChatGPT credentials in more than 100,000 stealer logs traded on the dark web in the past year. "Group-IB's experts highlight that more and more employees are taking advantage of the Chatbot to optimize their work, be it software development or business communications," said the company, adding that demand for account credentials was gaining "Significant popularity."

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
2023-06-20 08:12

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
2023-06-19 15:21

A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. Mystic Stealer, like many other crimeware solutions that are offered for sale, focuses on pilfering data and is implemented in the C programming language.

Untangling the web of supply chain security with Tony Turner
2023-06-19 02:30

Decades ago, Tony Turner, CEO of Opswright and author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, faced an SQL Slammer worm. During his 25-year career in supply chain security and product security, he became an expert in engineering, security, and product design and he even served as the VP of R&D at Fortress.

Traditional Pen Testing vs. PTaaS with Web Application Security
2023-06-15 14:02

While traditional penetration testing has long been the go-to method for identifying security gaps in a organization's network and web application, a new approach has emerged: penetration testing as a service. PTaaS combines the thoroughness of traditional pen testing with the continuous vigilance of scanners offering a new perspective on security testing.

Microsoft stole our stolen dark web data, says security outfit
2023-06-12 19:15

Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web. In a lawsuit filed in King County Superior Court in Washington, Hold said it had an agreement with Microsoft going back to 2014 to grant the Windows giant access to its database of compromised accounts with the expectation that Microsoft would limit use to matching Hold's records against Microsoft customer accounts.

Dissecting the Dark Web Supply Chain: Stealer Logs in Context
2023-06-06 14:04

Stealer logs represent one of the primary threat vectors for modern companies. Threat actors who purchase stealer logs have the responsibility of distributing the malware to victims.

Microsoft's Outlook.com is down again on mobile, web
2023-06-05 20:13

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.