A threat actor on a dark web forum has listed data from Truist Bank for sale following a cyberattack on the banking institution. Meanwhile, Kulicke and Soffa Industries, Inc. (K&S) is also dealing with a data breach. Reports indicate that Truist Bank client data, including sensitive information such as employee details and bank transactions, has been put up for sale on the dark web. The alleged Truist Bank data leak is attributed to a threat actor known as Sp1d3r. The data, reportedly obtained via the Snowflake breach, raises questions about the security measures in place at Truist Bank.

Truist Bank Data Breach Allegedly Goes on Sale on Dark Web

According to the threat actor’s post, the Truist Bank data breach is now selling for $1 million. The compromised data includes details of 65,000 employees, bank transactions containing names, account numbers, balances, and the source code for IVR funds transfers. [caption id="attachment_77051" align="alignnone" width="595"] Source: Dark Web[/caption] The post by the threat actor provides specific information about the data for sale and contact details for purchase. Additionally, the post includes various usernames, threads, reputation points, and contact information such as XMPP handles and email addresses associated with the threat actor. Meanwhile, Kulicke and Soffa Industries, a renowned semiconductor and electronics manufacturing company, disclosed a breach compromising millions of files. Initially detected on May 12, 2024, the breach exposed critical data, including source codes, engineering information, and personally identifiable information.

Two Cybersecurity Incidents at Once

In response to the Kulicke and Soffa data breach, K&S swiftly initiated containment measures in collaboration with cybersecurity experts and law enforcement agencies. The company's cybersecurity team worked diligently to isolate affected servers and prevent further intrusion. Despite the breach, K&S remains committed to safeguarding its systems and data integrity. In a filing with the U.S. Securities and Exchange Commission (SEC), K&S detailed its efforts to mitigate the impact of the breach. The company assured stakeholders that, as of the filing date, the incident had not materially disrupted its operations. However, investigations are ongoing to ascertain the full extent of the breach and increase the cybersecurity measures in place. The Truist Bank data breach and the Kulicke and Soffa cyber incident highlight the persistent threat of cyberattacks faced by organizations worldwide. While both entities are actively addressing the breaches, the incidents highlight a broader case of cybersecurity measures and their impact in safeguarding sensitive information and maintaining trust in the digital age. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor that goes by the name “enlared” surfaced on a dark web forum, offering a hacked method for online advertising: a "New Click Fraud Software for Google ADS." Priced at $700 per license, this software is promoted as an aggressive marketing tool for online fraud and taking down competitors.  The new click fraud software, according to the threat actor, had a bunch of practical features that go beyond conventional marketing practices. Specifically, the threat actor claims that the software can drain the competitor's budget and release multiple attacks.  “Tired of your competitors beating you on Google ADS? Want to level the playing field and drain their advertising budget? We have the perfect solution for you!”, reads the threat actor post. 

Understanding the New Click Fraud Software for Google Ads

The new click fraud software offers a range of features aimed at fraudsters and creating a hack in the competitive realm of online marketing. Its functionalities include location search change, allowing users to simulate clicks from different geographical areas to bypass detection algorithms used by advertising platforms.  Additionally, the software utilizes a network of proxies to generate clicks from multiple IP addresses, ensuring user anonymity. Users can also target specific ad domains and customize campaigns by selecting keywords, maximizing their campaigns' impact and relevance.

How It Operates and Pricing

The software integrates a user-friendly interface, facilitating quick setup and configuration in a matter of minutes. Users have full control over the parameters of their campaigns, from defining target locations and domains to specifying keyword targets. The results are immediate, says the threat actor, with competitors witnessing a rapid depletion of their advertising budgets as the software executes its strategy with ruthless efficiency. Additionally, the new click fraud software offers remote desktop demonstrations, providing potential buyers with a glimpse into the tool's potency before making a purchase decision. Priced at USD 700 per license, the software offers a compelling hack proposition for businesses seeking to gain an edge in the world of online advertising. Escrow payments are accepted to ensure security for both parties involved in the transaction. With its arsenal of advanced features and promise of tangible results, the new click fraud software for Google Ads represents a darker method for competing in the online advertising game. As businesses vie for visibility and market share in an increasingly competitive online sphere, this dark web tool offers a means of cheating and targeting competitors for a very cheap price.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A threat actor has come forward, asserting responsibility for a significant breach in the security infrastructure of HopSkipDrive, a well-known rideshare service connecting families with reliable drivers. This HopSkipDrive data breach, allegedly occurring in June 2023, has led to the unauthorized access of sensitive data belonging to the company's drivers. According to the claims made by the hackers, HopSkipDrive's network and cloud infrastructure fell victim to this breach, resulting in the exposure of detailed personal information stored within its database. This compromised data reportedly includes a trove of 60,000 folders, each containing comprehensive details about individual users, ranging from driving licenses and insurance documents to vehicle inspection records and more.

Decoding the HopSkipDrive Data Breach Claims

The threat actor has purportedly made public a staggering 500GB of sensitive information, encompassing various personal identifiers such as first and last names, email addresses, Social Security Numbers (SSNs), home addresses, zip codes, and even countries of residence.  Additionally, the leaked data from this data leak HopSkipDriveallegedly includes source code snippets, including private admin panel information, alongside driving licenses, insurance particulars, vehicle inspection records, selfie photographs, and even criminal records. In a dark web post, the threat actor claimed responsibility, stating, "We disclose all HopSkipDrive data publicly. Indeed, in June 2023, we compromised the company's network and cloud infrastructure of HopSkipDrive." The HopSkipDrive data leak post further details the nature of the compromised data, providing evidence of the breach's magnitude and the extent of information exposed.

HopSkipDrive Data Leak Investigation

Efforts to verify these claims have been met with silence from HopSkipDrive, as the organization has yet to issue an official statement or response regarding the alleged data breach. Despite this lack of confirmation, the severity of the situation cannot be overstated, with the potential implications for affected drivers and their privacy remaining a cause for concern. Interestingly, despite the reported breach, the HopSkipDrive website appears to be operational, showing no immediate signs of an attack. This suggests that the threat actor may have gained access to the data without launching a visible front-end assault, such as a Distributed Denial of Service (DDoS) attack or website defacement. As the investigation into the HopSkipDrive data breach continues, the priority lies in addressing the security vulnerabilities that allowed such unauthorized access to occur. Additionally, affected individuals must remain vigilant and take necessary precautions to safeguard their personal information against potential misuse or exploitation in the aftermath of this breach. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged HopSkipDrive data leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Dark web actors are advertising a new Android Remote Trojan called Viper RAT that targets Android devices. The threat actor, which goes by the same name, has asserted that this malicious tool has a plethora of capabilities. On May 31, 2024, information about the advertising of a brand-new Android Remote Trojan Access (RAT) called "VIPER RAT" on the CrackingX and OnniForums forums became public. According to the post, the Viper RAT can be rented for a mere $499 with capacities of targeting and penetrating devices based on Android operating systems.

Android Remote Trojan Viper RAT Advertised on Dark Web Forums

A multi-grabber for credentials, emails, 2FA codes, wallets, and keys is one of the features that are offered, along with keylogging capabilities. Additionally, this Android Remote Trojan Viper RAT offers more than 600 word-wide injections, phone unlocking, VNC control, and audio and video recording capabilities to aid with phishing redirection. To add a degree of credibility, the threat actor provides a dedicated website, viperrat[.]com (domain registered on May 17, 2024), and a Telegram account for orders. The unnervingly low cost of the Viper RAT suggests that its release was motivated by malevolence. The efficacy of this device is demonstrated by the two demonstration videos that the threat actor has uploaded on the main website. The Viper RAT has previously made an appearance in the world of cybercrime. The author made the initial introduction to CrackingX on May 8, 2024, and updated the features on May 31, 2024. The threat actor's overt endorsement of the Viper RAT highlights how serious the risks are for Android users everywhere.

Advanced Features, Capabilities, and Pricing

The threat actor's pitch on underground forums paints a grim picture of the Viper RAT's capabilities. Promising "Viper Android Rat Hidden Screen Control Unlock Phone | Grab VE 2FA ★Crypto," the actor markets it as the "Best Android Remote Control," with a reminder that "The only secure phone is that powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards." The pricing tiers begin at $499, and customized versions can be ordered. The threat actor highlights that installation support is given without charge, but there are no trial offers. Only cryptocurrency can be used as a form of payment, further obscuring illegal activities. Among the features listed by the threat actor, Viper RAT has a set of other factions that are specifically designed to target Android devices regardless of what hardware they are using. To shed light on some of its features, the Android RAT can achieve live keylogging and phishing redirection to multi-grabber features and seamless screen control. The Viper RAT also offers many more features, such as smooth hidden VNC control, screen capture, unlocking pin and pattern, controller support for APKs up to version 14, and much more. Due to these features, the threat actor has unparalleled access to personal information, enabling them to act destructively and surreptitiously. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Sp1d3r, a dark web actor, allegedly stole 2 TB of compressed data from QuoteWizard, a US-based insurance business. According to the threat actor’s post, over 190 million people's sensitive personal data was compromised in this alleged QuoteWizard data breach, which was made public on the dark web forum nuovo BreachForums. The threat actor also claim that the cyberattack on QuoteWizard produced stolen data that included a variety of documents including personally identifiable information (PII), including complete names, partially completed credit card numbers, driving records, and other background information. Furthermore, it was reported that the stolen dataset included more than 3 billion tracking pixel data entries, including addresses, ages, mobile information, and accident at-fault details. Sp1d3r provided a few sample entries from the database and suggested a high asking price of USD 2 million for prospective customers in order to support the assertions.

The Overview of QuoteWizard Data Breach Claims

[caption id="attachment_74008" align="alignnone" width="1332"] Source: Dark Web[/caption] The firm has not disclosed any notice regarding the authenticity of the QuoteWizard data breach, despite the claims of intrusion and the data being auctioned for USD 2 million. However, the dire implications of this breach extend not only to QuoteWizard but also to the broader insurance industry, especially the parent company LendingTree, LLC. Moreover, the threat doesn’t stop here nor does the list of long claims. As Sp1d3r suggests the data stolen from QuoteWizard also includes information from other insurance carriers as well. A huge amount of private information in the wrong hands presents an immediate threat to people's security and privacy.

QuoteWizard Faces Connectivity Issues

In an attempt to find out more about this QuoteWizard data breach, The Cyber Express tried to make contact with the company. However, QuoteWizard's website displays a "403 Forbidden" error notice, suggesting that the company is experiencing difficulties connecting to the internet. This error typically indicates that the server is preventing access to particular resources or portions of the website because it has detected threats or unauthorized activity on the website. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Dark web actor 888 on BreachForums has alleged a Heineken data breach. The cyber intrusion, according to the threat actor’s post, surfaced on the dark web forum on Monday and alleged leaked databases containing information about “8,174 employees from several countries”. The Cyber Express has analyzed parts of the sample data provided by the threat actor and found that it contains sensitive information about the company’s employees, including ID numbers, emails, and roles of employees within the organization. This dataset is highly sensitive as threat actors could use this data for various malpractices including phishing, blackmailing, and impersonating employees and managers. 

Decoding the Heineken Data Breach Claims 

The threat actor, identified as 888 has claimed similar breaches in the past and for this cyber intrusion, the hackers have listed the names of several employees, along with their email addresses and their work profiles.  The employee names and related email addresses, together with their responsibilities at Heineken, were identified as "sample" in the shared data.  [caption id="attachment_74095" align="alignnone" width="1740"] Source: Dark Web[/caption] The Cyber Express has contacted Heineken to find out additional information regarding the veracity of the data breach. However, at the time of writing this, no official statement or response has been received, thus the allegations regarding the Heineken data leak remain unsubstantiated.  Heineken's website seems to be operating regularly in spite of the purported Heineken data leak. This suggests that the attack may have been directed at particular datasets or databases rather than the company's websites. This observation points to a more focused strategy on the part of the threat actor, who may be trying to obtain confidential employee data without wreaking havoc on the system by deploying techniques like DDoS attacks or website vandalism.

Previous Cybersecurity Incident

Heineken has faced cybersecurity issues before, prior to this event. Over 1.5 million people were impacted by a significant Dutch data breach that the organization was involved in in March 2023. This specific Heineken data leak, which involves the software provider for a market research agency, compromised information from multiple sources, including respondents to surveys for Heineken-sponsored events. Personal information such as gender, age, education, province, and email addresses were among the data leaked in the previous incident. Heineken, along with other affected entities, promptly notified individuals impacted by the breach and reported the incident to the relevant authorities, including the Dutch Data Protection Authority. As for the current claims by TA 888, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged breach by 888 or any official confirmation regarding the authenticity or the denial of the intrusion. Media Disclaimer: The information presented on this website is sourced from various internal and external research. While we strive for accuracy, the information is provided for reference purposes only and is not independently verified..

Bharat Sanchar Nigam Limited (BSNL), a prominent Indian telecommunications company, has once again found itself at the center of a massive data security breach. The BSNL data breach, orchestrated by a threat actor known as kiberphant0m, shares sensitive data about the organization, highlighting the vulnerability of sensitive information. The claim for the BSNL data leak emerged on May 27, 2024, revealing that kiberphant0m was offering unauthorized access to databases stolen from BSNL, along with data from undisclosed Asian telecom organizations. Among the compromised data are IMSI records, SIM details, home location register (HLR) data, DP security key data, and a snapshot of the Oracle Solaris server.  Additionally, the threat actor claimed to possess login credentials for various digital infrastructures and applications of BSNL.

A Massive BSNL Data Breach Surfaces on Dark Web

The BSNL data leak poses a severe threat to the privacy and security of BSNL customers and highlights the potential risks associated with cyberattacks on telecom infrastructure. The stolen data, advertised for sale on underground forums like XSS and Telegram, could fetch significant sums on the black market, highlighting the lucrative nature of cybercrime. [caption id="attachment_72569" align="alignnone" width="1080"] Source: Dark Web[/caption] The major concern for this BSNL data leak is the inclusion of sensitive customer information, which, if exploited, could lead to identity theft, financial fraud, and other malicious activities. The urgency of the situation is further emphasized by kiberphant0m's warning to potential buyers and Indian authorities, suggesting that the data could be sold to other parties if not addressed promptly. “India if you want to secure your data and do not want it to be sold you must buy it first, contact me BEFORE someone purchases this data. It could be 3 hours to 24 hours, who knows”, says the hacker. 

Big Threats, Yet No Response 

Despite the gravity of the situation, BSNL has yet to issue an official statement or response regarding the breach, leaving the claims unverified. This lack of transparency further compounds the uncertainty surrounding the extent of the breach and the measures being taken to mitigate its impact. Talking about the BSNL data breach, the threat actor says, “This is not the same data as the previous telecom post! we have breached over 15 Asian telecoms! Information is worth several million dollars but I'm selling for pretty cheap. Negotiate a deal on telegram. State Threat Actors are also welcome to buy this data, I will sell to anyone who wants it.” Moreover, this incident is not the first time BSNL has faced cybersecurity challenges. In 2023, the company experienced a massive data breach affecting over 2.9 million lines, with leaked data of landline users being sold on the dark web by a hacker known as 'Perell.' The recurrence of such breaches highlights the rise of cyberattacks on telecom companies, especially those located in Asia.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: www.cybertalk.org – Author: slandau By Antoinette Hodes, Office of the CTO, Check Point Software Technologies. The dark web has evolved into a clandestine marketplace where illicit activities flourish under the cloak of anonymity. Due to its restricted accessibility, the dark web exhibits a decentralized structure with minimal enforcement of security controls, making it a […]

La entrada How the Internet of Things (IoT) became a dark web target – and what to do about it – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Digital security is about so much more than malware. That wasn’t always the case. 

When I started Malwarebytes more than 16 years ago, malware was the primary security concern—the annoying pop-ups, the fast-spreading viruses, the catastrophic worms—and throughout our company’s history, Malwarebytes routinely excelled against this threat. We caught malware that other vendors missed, and we pioneered malware detection methods beyond the signature-based industry standard.  

I’m proud of our success, but it wasn’t just our technology that got us here. It was our attitude.  

At Malwarebytes, we believe that everyone has the right to a secure digital life, no matter their budget, which is why our malware removal tool was free when it launched and remains free today. Our ad blocking tool, Browser Guard is also available to all without a charge. This was very much not the norm in cybersecurity, but I believe it was—and will always be—the right thing to do.  

Today, I am proud to add to our legacy of empowering individuals regardless of their wallet by releasing a new, free tool that better educates and prepares people for modern threats that abuse exposed data to target online identities. I’d like to welcome everyone to try our new Digital Footprint Portal.  

See your exposed data in our new Digital Footprint Portal.

By simply entering an email address, anyone can discover what information of theirs is available on the dark web to hackers, cybercriminals, and scammers. From our safe portal, everyday people can view past password breaches, active social media profiles, potential leaks of government ID info, and more.  

More than a decade ago, Malwarebytes revolutionized the antivirus industry by prioritizing the security of all individuals. Today, Malwarebytes is now also revolutionizing digital life protection by safeguarding the data that serves as the backbone of your identity, your privacy, your reputation, and your well-being online.  

Why data matters 

I can’t tell you how many times I’ve read that “data is the new oil” without reading any explanations as to why people should care.  

Here’s my attempt at clarifying the matter: Too much of our lives are put online without our control.  

Creating a social media account requires handing over your full name and birthdate. Completing any online shopping order requires detailing your address and credit card number. Getting approved for a mortgage requires the exchange of several documents that reveal your salary and your employer. Buying a plane ticket could necessitate your passport info. Messaging your doctor could involve sending a few photos that you’d like to keep private.  

As we know, a lot of this data is valuable to advertisers—this is what pundits focus on when they invoke the value of “oil” in discussing modern data collection—but this data is also valuable to an entirely separate group that has learned to abuse private information in novel and frightening ways: Cybercriminals.  

Long ago, cybercriminals would steal your username and password by fooling you with an urgently worded phishing email. Today, while this tactic is still being used, there’s a much easier path to data theft. Cybercriminals can simply buy your information on the dark web.  

That information can include credit card numbers—where the risk of financial fraud is obvious—and even more regulated forms of identity, like Social Security Numbers and passport info. Equipped with enough forms of “proof,” online thieves can fool a bank into routing your money elsewhere or trick a lender into opening a new line of credit in your name.  

Where the risk truly lies, however, is in fraudulent account access.  

If you’ve ever been involved in a company’s data breach (which is extremely likely), there’s a chance that the username and password that were associated with that data breach can be bought on the dark web for just pennies. Even though each data breach involves just one username and password for each account, cybercriminals know that many people frequently reuse passwords across multiple accounts. After illegally purchasing your login credentials that were exposed in one data breach, thieves will use those same credentials to try to log into more popular, sensitive online accounts, like your online banking, your email, and your social media.  

If any of these attempts at digital safe-cracking works, the potential for harm is enormous.  

With just your email login and password, cybercriminals can ransack photos that are stored in an associated cloud drive and use those for extortion. They can search for attachments that reveal credit card numbers, passport info, and ID cards and then use that information to fool a bank into letting them access your funds. They can pose as you in bogus emails and make fraudulent requests for money from your family and friends. They can even change your password and lock you out forever. 

This is the future of personal cybercrime, and as a company committed to stopping cyberthreats everywhere, we understand that we have a role to play in protecting people.  

We will always stop malware. We will always advise to create and use unique passwords and multifactor authentication. But today, we’re expanding our responsibility and helping you truly see the modern threats that could leverage your data.  

With the Digital Footprint Portal, who you are online is finally visible to you—not just cybercriminals. Use it today to understand where your data has been leaked, what passwords have been exposed, and how you can protect yourself online.  

Digitally safe 

Malwarebytes and the cybersecurity industry at large could not have predicted today’s most pressing threats against online identities and reputations, but that doesn’t mean we get to ignore them. The truth is that Malwarebytes was founded with a belief broader than anti-malware protection. Malwarebytes was founded to keep people safe.  

As cybercriminals change their tactics, as scammers needle their way onto online platforms, and as thieves steal and abuse the sensitive data that everyone places online, Malwarebytes will always stay one step ahead. The future isn’t about worms, viruses, Trojans, scams, pig butchering, or any other single scam. It’s about holistic digital life protection. We’re excited to help you get there.