Cybercriminals are now able to purchase Generative AI (GenAI) account credentials on underground hacker markets along with other various illegal goods, according to new research.
The GenAI credentials include those that belong to users of ChatGPT, Quillbot, Notion, Huggingface, and Replit, among many others. Cybersecurity research teams say that the hackers are selling the credentials for roughly 400 GenAI accounts per day, usually stolen from corporate end users' computers after they've been
The criminal hacking group ShinyHunters claims it has stolen information, including bank and credit card numbers and staff HR details, from 30 million customers and employees. The stolen information includes bank account data. The hackers belong to the same gang that recently hacked Ticketmaster. The hackers are now trying to sell what they claim is confidential information belonging to millions of Santander’s employees and customers.
Santander, which employs 200,000 staff worldwide, has confirm
Law enforcement officials in Finland worked with Europol and a cybersecurity firm to take down a dark web marketplace called PIILOPUOTI. The platform had operated on the Tor Network since May 2022 as a way for people to smuggle and sell drugs as well as paraphernalia into Finland, according to a statement from Finnish Customs. “The criminal investigation is still underway. At this point, Finnish Customs and our international cooperation partners will not provide any further information on the
Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground.
https://cybersixgill.com/resources/the-state-of-the-underground-2023
The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web. The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to redu
Researchers have recently revealed that a hacking device can allow thieves to steal a wide range of car models using an attack method named Controller Area Network (CAN) injection. Automotive cybersecurity experts at the EDAG Group and Canis Automotive Labs started analyzing these attacks after one of the researchers had his 2021 Toyota RAV4 stolen last year. The car was actually stolen on two occasions. He found that someone had pulled apart his headlight and unplugged the cables. What init
Researchers have recently revealed that a hacking device can allow thieves to steal a wide range of car models using an attack method named Controller Area Network (CAN) injection. Automotive cybersecurity experts at the EDAG Group and Canis Automotive Labs started analyzing these attacks after one of the researchers had his 2021 Toyota RAV4 stolen last year. The car was actually stolen on two occasions. He found that someone had pulled apart his headlight and unplugged the cables. What init
Researchers have recently revealed that a hacking device can allow thieves to steal a wide range of car models using an attack method named Controller Area Network (CAN) injection. Automotive cybersecurity experts at the EDAG Group and Canis Automotive Labs started analyzing these attacks after one of the researchers had his 2021 Toyota RAV4 stolen last year. The car was actually stolen on two occasions. He found that someone had pulled apart his headlight and unplugged the cables. What init
Malware is nothing more that burglary tools. Cyber researchers have recently shed light on a Dark web marketplace called “In the Box” that is designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. The automation allows other bad actors to create o
A hacker has leaked 5.3 million Twitter account details on a cybercrime forum while another researcher, Chad Loder, claims there is another Twitter breach involving “perhaps over 100 million accounts.”
On 7 August 2022, Hackread.com reported a story detailing a Twitter data breach involving 5.4 million accounts. Now, the very same data has been leaked on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.
The data is currently available for download (Screenshot
Red Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products. This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network. To date we have collected over 1.4 million data points across 80 dark web sites. The set of sites that we collect from on an ongoing basis will change with ne
According to a recent report, cyber threat intelligence professionals believe they could not find private data leaked from their organizations on the dark web. Most security professionals in US organizations are concerned about threats from the dark web, a large portion still do not take risks from the criminal underground seriously. A recent survey shows that a third of people responsible for managing cyber vulnerabilities in their day-to-day work say they are not very concerned about threats
The cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites. The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especia
Researchers have found that 1.5 million dark web payment card data belong to US citizens. Visa cards were the most frequent, with 913,955 found on the darknet, followed by Mastercard with 406,851 cards and American Express with over 143,836. And, Australia and Hong Kong were the next most affected places, with details on 419,806 and 399,537 cards found, respectively. According to research, a card's vulnerability depends on the proportion of non-refundable cards, the country's population, and
Federal law enforcement officials announced on 26 October 2021 that a wide-ranging, global illicit drug crackdown yielded 150 arrests and the seizure of more than $31.6 million in cash and virtual currencies. The 10-month law enforcement initiative called Operation Dark HunTOR, after the encrypted Internet tool, was conducted in partnership with international counterparts. The operation produced 234 kilograms (500 lbs.) of seized drugs. Of those arrested, 65 were in the US and the remaining w
After 500 million LinkedIn users were affected in a data-scraping incident in April 2021, it has happened again with big security consequences. A new posting with 700 million LinkedIn records has appeared on a popular hacker forum. Analysts from Privacy Sharks found the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The dark web advertisement, posted 22 June 2021, claims that 700 million records are included in the cache, and included a sample of 1 million
There is no shortage of places within the Internet's dark market where stolen credit and debit card information is sold. Most of them, truth be told, are criminal chancers trading in recycled data from old breaches; bargains are to be held for fraudsters willing to take a gamble that some of the bundle of payment cards they have bought will actually be usable. Not only is it the biggest, but Joker's Stash, which was established in 2014, prides itself on traders selling the "freshest" of paymen
