#infosec
Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents
A group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.
The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.
Breach Announcement on BreachForums
The announcement was made on a forum known as BreachForums, where a user with the handle “IntelBroker” posted a message to the community.
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The post, dated April 2, 2024, claims that the data was obtained by infiltrating Acuity Inc, a company alleged to work closely with the US government and its allies.
According to a recent tweet by HackManac, the alleged security breach at Acuity Inc has resulted in the exposure of highly sensitive intelligence documents belonging to the Five Eyes Intelligence Group (FVEY).
[
](https://twitter.com/hashtag/DataBreach?src=hash&ref_src=twsrc%5Etfw)
Alert ⚠️
🇺🇸
[
](https://twitter.com/hashtag/USA?src=hash&ref_src=twsrc%5Etfw)
: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.
The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,…
[
pic.twitter.com/qGV8IUmkT7
— HackManac (@H4ckManac)
[
April 3, 2024
](https://twitter.com/H4ckManac/status/1775402497768628236?ref_src=twsrc%5Etfw)
The hackers assert that the breach resulted in acquiring full names, emails, office numbers, personal cell numbers, and government, military, and Pentagon email addresses.
⚠️
[
](https://twitter.com/hashtag/BREAKING?src=hash&ref_src=twsrc%5Etfw)
⚠️Allegedly, notorious threat actor IntelBroker, has released National Security Documents and data. Per IntelBroker below..
[
](https://twitter.com/hashtag/Clearnet?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/NSA?src=hash&ref_src=twsrc%5Etfw)
Documents belonging to the Five Eyes Intelligence..
Compromised Data:…
[
pic.twitter.com/I5n41utQN9
— Dark Web Informer (@DarkWebInformer)
[
April 2, 2024
](https://twitter.com/DarkWebInformer/status/1775295354910466200?ref_src=twsrc%5Etfw)
The compromised data also includes classified information and communications between the Five Eyes countries and their allies.
Implications of the Leak
If confirmed, the leak could have significant implications for national security and the operational integrity of the intelligence-sharing network.
The Five Eyes alliance is known for its collaborative intelligence gathering and analysis efforts, playing a pivotal role in global security operations.
At the time of reporting, there has been no official statement from any of the Five Eyes member countries or Acuity Inc. regarding the authenticity of the leaked documents or the extent of the breach.
The silence from official channels has led to speculation and concern among cybersecurity experts and government officials alike.
Cybersecurity agencies are likely to conduct thorough investigations to ascertain the validity of the claims made by the hackers.
The incident underscores the persistent threat cybercriminals pose to national and international security.
`Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide`
The post Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
Les Hackers face aux cyberguerres ? Bluetouff, Fabrice Epelboin et Marc-Antoine Ledieu [EN DIRECT]
https://piped.video/watch?v=ri2GT4IDqb4
#InfoSec #SécuritéInformatique #LogicielLibre #Bidouilleurs #Hackers #Hacking #Géopolitique #Politique #Philosophie #Justice
Nemesis Market: Leading Darknet Market Seized
The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.
This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.
The Rise of Nemesis Market
Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.
The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.
The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.
The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.
Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.
The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.
According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.
🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.
[
](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/P22VDSo79v
— Dark Web Informer (@DarkWebInformer)
[
March 21, 2024
](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)
The Impact on the Darknet Landscape
The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.
This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.
However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.
The dynamic nature of the darknet means that as one market falls, others rise to take its place.
Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.
The Future of Cyber Law Enforcement
The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.
Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.
As the digital landscape evolves, so do the strategies of those operating within it.
The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.
The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.
It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.
While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
Nemesis Market: Leading Darknet Market Seized
The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized.
This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide.
The Rise of Nemesis Market
Nemesis Market emerged as a dominant player in the darknet space, filling the void left by previous marketplaces that were taken down by law enforcement.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
It quickly gained notoriety for its sophisticated security measures, a wide array of illicit goods, and its ability to evade the authorities.
The platform was known for trading in drugs, weapons, stolen identity data, and other illegal goods and services.
The seizure of Nemesis Market was the culmination of Operation Dark Hunt, a coordinated effort by law enforcement agencies in several countries.
The operation involved months of meticulous planning, surveillance, and collaboration between various international cybersecurity units.
Details of the operation remain classified, but sources indicate that combining cutting-edge digital forensics and traditional detective work was vital to infiltrating the market’s defenses.
The breakthrough came when investigators traced transactions to the market’s administrators, leading to their identification and arrest.
According to a recent tweet by Dark Web Informer, the Nemesis Market, one of the top five online marketplaces on the dark web, has been taken down.
🚨BREAKING🚨Nemesis Market, a top 5 darknet market, has been seized.
[
](https://twitter.com/hashtag/Nemesis?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWebInformer?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/DarkWeb?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybersecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cyberattack?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Cybercrime?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CTI?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Darknet?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/P22VDSo79v
— Dark Web Informer (@DarkWebInformer)
[
March 21, 2024
](https://twitter.com/DarkWebInformer/status/1770787868975210700?ref_src=twsrc%5Etfw)
The Impact on the Darknet Landscape
The takedown of Nemesis Market sends a powerful message to the darknet community: no entity is beyond the reach of the law.
This operation has significantly disrupted the supply chains of various illegal goods and services, temporarily decreasing their availability on the dark web.
However, experts warn that the void left by Nemesis Market is likely to be filled by other emerging platforms.
The dynamic nature of the darknet means that as one market falls, others rise to take its place.
Law enforcement agencies know this cycle and continuously develop new strategies to combat illegal online trade.
The Future of Cyber Law Enforcement
The successful seizure of Nemesis Market highlights the growing sophistication and international cooperation of cyber law enforcement.
Agencies are increasingly relying on advanced technology and cross-border collaborations to tackle the challenges posed by the darknet.
As the digital landscape evolves, so do the strategies of those operating within it.
The battle against illegal online marketplaces is ongoing, with both sides continuously adapting to the ever-changing environment.
The seizure of Nemesis Market is a significant milestone in the fight against darknet marketplaces.
It demonstrates the effectiveness of international law enforcement cooperation and the importance of staying ahead in the technological arms race against cybercriminals.
While challenges remain, the takedown of Nemesis Market is a testament to the global commitment to combating cybercrime and protecting citizens from the dangers of the dark web.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Nemesis Market: Leading Darknet Market Seized appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability
A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer.
This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems.
Understanding the Vulnerability(CVE-2024-1403)
The vulnerability arises when the OpenEdge Authentication Gateway (OEAG) or the AdminServer is configured with an OpenEdge Domain that utilizes the OS local authentication provider.
Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free
This configuration can lead to unauthorized access during login attempts due to a flaw in the authentication routines.
Specifically, the vulnerability allows authentication success to be incorrectly returned from an OE local domain under certain conditions, such as when unexpected content is present in the credentials passed during the login process.
Affected versions include OpenEdge Release 11.7.18 and earlier, OpenEdge 12.2.13 and earlier, and OpenEdge 12.8.0.
The vulnerability has been addressed in the latest updates: OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.
Community Progress has addressed the issue and has Updates in OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.
Impact and Affected Components
The vulnerability has a broad impact, potentially affecting various components of the OpenEdge platform, including:
OpenEdge Database access through OEAG
AdminServer logins via OpenEdge Explorer (OEE) and OpenEdge Management (OEM)
Database Servers accepting OEAG-generated tokens
Secure Token Service Utilities
Pro2 web application utility for Pro2 management
Ptrace SecurityGmbH recently tweeted about a security vulnerability, CVE-2024-1403, that affects Progress OpenEdge software.
The vulnerability allows for authentication bypass, potentially putting sensitive information at risk.
CVE-2024-1403 Progress OpenEdge Authentication Bypass
[
[
](https://twitter.com/hashtag/Pentesting?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw)
[
](https://twitter.com/hashtag/Infosec?src=hash&ref_src=twsrc%5Etfw)
[
pic.twitter.com/ZlcONLkCWh
— Ptrace Security GmbH (@ptracesecurity)
[
March 8, 2024
](https://twitter.com/ptracesecurity/status/1766048766702809288?ref_src=twsrc%5Etfw)
Mitigation and Upgrade Instructions
A Proof of Concept (PoC) exploit has been made available for a significant vulnerability identified in the OpenEdge Authentication Gateway and AdminServer.
This flaw can potentially be exploited by attackers to gain unauthorized
For users running vulnerable versions of OpenEdge, upgrading to the fixed versions is crucial.
The fixed versions are:
- Vulnerable Version: OpenEdge Release 11.7.18 and earlier
Fixed Version: OpenEdge LTS Update 11.7.19
- Vulnerable Version: OpenEdge Release 12.2.13 and earlier
Fixed Version: OpenEdge LTS Update 12.2.14
- Vulnerable Version: OpenEdge Release 12.8.0
Fixed Version: OpenEdge LTS Update 12.8.1
For those unable to upgrade immediately, temporary mitigation steps include library replacement and domain replacement mitigation for OEAG and AdminServer mitigation strategies, such as using AdminServer Group controls and disabling the AdminService.
The release of the PoC exploit for CVE-2024-1403 underscores the importance of maintaining up-to-date security measures in software systems.
OpenEdge users are urged to review their systems, apply the necessary updates or mitigations, and remain vigilant against potential unauthorized access attempts.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder
https://infosec.exchange/@Lockdownyourlife/111976765284453163 Lockdownyourlife@infosec.exchange - If you're thinking about browsing more safely, DuckDuckGo for web searches, VPN (Mullvad, Proton are options), uBlock for ad blocking, Mullvad browser or Firefox (for now) to prevent most tracking.
Nothing's perfect, but these combined work right now.
#safety #privacy #security #OSINT #opsec #harassment #stalking #contentcreator #tech #infosec
Sitting in a waiting room in a medical imaging place and they have an ad for their app to get your results on a mobile device. Among other things, it reads:
"Permanently store them with bank level encryption" (emphasis theirs)
In my experience, if banks are their gold standard of #infosec, I really don't want my medical data anywhere near this system. Just sayin'.
Date: Wed, 10 Jan 2024 06:34:14 -0600
From: BnkIDNorge <bnkidnorge\@gmail.com>
To: *******@*******.***
Subject: Valider dataene dine
Ja, den går vi på...
Er forøvrig ekstremt mye av denne typen phishing svindler nå. Får du epost som utgir seg for å være fra BankID, Vipps, Spotify, Netflix, OnePark eller andre som ikke vanligvis sender deg epost, så vær på vakt. Det er i alle tilfeller bedre å slette enn å gå i fella!
BleepingComputer wrote the following post Mon, 27 Nov 2023 19:38:49 +0100
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
Perhaps we can finally dismiss the notion that storing things "in the cloud" is safe now? It's never been true, even though it's rarely as bad as this. You need backups, and you need to have multiple vendors if you do want to use cloud as your storage model.
Also this:
A notable aspect of the situation is that Google's support forums are backed by volunteers with limited insight or understanding of the cloud service (...)
Why would anyone work for free for one of the worlds most profitable companies? And one as shitty as Google on top of that. That really baffles me.
This is great. I recommend reading the entire article.
https://www.wired.com/story/government-surveillance-reform-act-2023/
WPScan: Unauthenticated File Upload Vulnerability Addressed in Royal Elementor Addons and Templates 1.3.79
During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least one malicious file dropped into the /wpr‑addons/forms/ directory.
As we reviewed the plugin it was found that the upload ajax action wasn’t properly validating the uploaded file’s extensions, allowing bad actors to bypass the check and drop malicious files to the /wpr‑addons/forms/ directory.
Upon identifying the vulnerability, we promptly alerted the plugin development team, who released version 1.3.79 to fix the issue. It is crucial for administrators to ensure their WordPress installations are fully updated to safeguard against this vulnerability.
WPScan: Finding A RCE Gadget Chain In WordPress Core
During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning attackers could inject random stuff into the targeted table’s columns, and query information from the database, the intended “flag” being the credentials of a user on the affected blog.
The vulnerable SQL query inserted new rows into the wp_termmeta table, which while we knew it could potentially lead to Object Injection attacks due to the inserted metadata being passed through maybe_unserialize upon retrieval, we didn’t think too much about it since the common thought on the matter was that there was no known current RCE gadget chain in WordPress Core, and thus the challenge was “safe” since it didn’t use any other external plugins.
This proved to be enough to win that flag, however, the thought that there might be an alternative solution to the challenge piqued our curiosity. What if there was a working RCE gadget chain in Core waiting to be found?
Turns out, there was a way, which the WordPress Security Team fixed on version 6.3.2 by preventing several classes used in the final chain from either being unserialized at all, or restricting what some of their unserialized properties may contain.
WPScan: Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2
During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website.
If successfully exploited, attackers could gather email addresses, putting user privacy at risk.
Upon identifying the vulnerability, we promptly alerted the WordPress team, who released version 6.3.2 to fix the issue. It is crucial for administrators to ensure their WordPress installations are fully updated to safeguard against this vulnerability.
That's how you write release notes:
https://frida.re/news/2023/06/23/frida-16-1-0-released/
Frida is getting more and more impressive every release!
Hacking Campaign Actively Exploiting Ultimate Member Plugin - WPScan WordPress Security
Recently, Automattic’s WP.cloud and Pressable.com platforms identified a trend in compromised sites, where rogue new administrator accounts kept appearing in the affected sites. After some investigation, we witnessed a post on the WordPress.org support forums by Slavic Dragovtev discussing a potential security issue, specifically a Privilege Escalation vulnerability, with the Ultimate Member plugin (200,000+ active installs). Worryingly, there were indications that this issue was being actively exploited by malicious actors.
In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem. However, upon investigating this update, we found numerous methods to circumvent the proposed patch, implying the issue is still fully exploitable.
This is a nasty one! If you have a WordPress site with the Ultimate Member plugin installed, disable it immediately until the fix in version 2.6.7 has been confirmed.
Stadig mye BankID phishing
Mye BankID phishing for tiden i forbindelse med utfasingen av BankID for mobil. Det dukker stadig opp svindelforsøk rundt dette i honningfellene mine. Aldri klikk på lenker i epost som utgir seg fra å være fra BankID, banken din eller ymse andre som vil ha deg til å klikke noe som helst sted for å laste ned eller oppgradere BankID appen, eller som hevder de krever verifisering for å reaktivere BankID eller noe sånt tull.
Svindel alt sammen!
Det eneste stedet du kan eller skal gjøre noe med din BankID er fra banken din når du allerede er logget inn på bankens egne sider.
Det er også vel verdt å bokmerke denne artikkelen fra BankID med råd om hvordan avsløre slik svindel.
#norsk #norge #BankID #svindel #phishing #datasikkerhet #infosec
https://mstdn.social/@rysiek/110300720355033621 rysiek@mstdn.social - Microsoft gets Lifetime Achievement Award from #BigBrotherAwards
https://bigbrotherawards.de/en/2023/microsoft
The Big Brother Award 2023 in the category "Lifetime Achievement" goes to Microsoft, because with their market dominance, the company forces people, companies and government agencies to continually transmit data, and therefore to allow themselves to be spied upon, as a regular part of their digital activities. With this award, Microsoft has been honoured in the Lifetime category twice