Security News
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.
Dark web marketplaces sell a plethora of tools, stolen data, and forged documents, and some of the things for sale are priced higher than the rest. The dark web also houses victims' personal information, including national insurance numbers, passports, and their driver's license details.
The U.S. Department of Justice on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace.The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion.
The Alliance for Creativity and Entertainment has shut down 42 websites for the pirated streaming of televised soccer games and live TV, seizing their domains and taking down the illegal streaming services. All 42 websites were operated by an Argentinian man and drew the majority of their traffic from the Latin American country, offering unauthorized streams of live matches of the Argentine Professional Soccer League, LaLiga, UEFA Champions League, and more.
A 22-year-old student German federal police believe to be the administrator of one of the largest German-speaking, dark-web forums has been arrested. According to German law enforcement, the student, from Lower Bavaria, served as the operator of the third version of Deutschland im Deep Web since November 2018.
A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services logs to send commands disguised as web access requests. The dropper, dubbed Geppei, is being used by a group Symantec threat researchers call Cranefly to install other undocumented malware.
Germany's Federal Criminal Police Office has arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of 'Deutschland im Deep Web', one of the largest darknet markets in the country. The platform had already gone offline in March 2022, with 16,000 registered users, 28,000 posts, and 72 high-volume sellers of prohibited goods, including weapons and drugs.
The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy.
A notorious British hacker was arraigned on Wednesday by the U.S. Department of Justice for allegedly running the now defunct 'The Real Deal" dark web marketplace. [...]