January 18, 2024 at 11:10AM The U.S. government proposed a 15-year prison sentence for Conor Brian Fitzpatrick, the administrator of the BreachForums hacking platform. He was arrested for facilitating the trade of stolen data and using unauthorized access devices. The government also seeks penalties for possession of child pornography and restitution to victims. Fitzpatrick’s final … Read more
January 5, 2024 at 03:08PM BreathForums admin Conor Fitzpatrick was re-arrested for violating pretrial conditions, including using an unmonitored computer and a VPN. He openly admitted to being the threat actor “Pompourin” and creating BreachForums to leak stolen data. Fitzpatrick was charged with theft and sale of sensitive personal information and will remain in custody. … Read more
December 21, 2023 at 03:59PM Arion Kurtaj, an 18-year-old member of the Lapsus$ cybercrime group and a key threat actor, has been sentenced indefinitely to a “secure hospital” by a UK judge for his involvement in cybercriminal activity, including leaking assets associated with the video game Grand Theft Auto VI. Kurtaj, deemed a high risk … Read more
December 13, 2023 at 05:36AM Ukraine’s largest telecom operator, Kyivstar, was hit by a cyber attack, causing disruptions in mobile and internet services. The attack, linked to the conflict with Russia, led to nationwide impacts. While the company works to restore services, it assured compensation for affected users and warned against potential scams. Meanwhile, pro-Russia … Read more
December 6, 2023 at 10:48AM LogoFAIL is an attack exploiting UEFI image parsing to breach devices through harmful logo images, threatening both consumer and enterprise equipment. Meeting Takeaways: 1. **Issue Identified**: The meeting discussed a significant security vulnerability known as LogoFAIL. 2. **Attack Vector**: LogoFAIL exploits a UEFI (Unified Extensible Firmware Interface) image parser. 3. … Read more
December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more
November 29, 2023 at 02:32PM Amir Hossein Golshan, 25, received an eight-year prison sentence and was fined $1.2 million for conducting various online scams, including SIM swapping and cryptocurrency theft. He admitted to hijacking a model’s Instagram and defrauding hundreds, causing $740,000 in losses. Golshan also stole $319,000 in NFTs and $70,000 in cryptocurrencies. Meeting … Read more
November 20, 2023 at 02:17PM A former COO of a cybersecurity company pleaded guilty to hacking two hospitals to benefit his business. He disrupted phone and printer services and stole personal information from over 200 patients. He promoted the hack on Twitter and solicited clients afterward. Prosecutors recommend 57 months of probation due to the … Read more
November 16, 2023 at 09:00AM A hacking group known as DarkCasino, initially discovered in 2021, has now been categorized as an advanced persistent threat (APT). They have exploited a recently disclosed security flaw in WinRAR software as a zero-day. DarkCasino’s attacks are frequent and they demonstrate a strong desire to steal online property. Multiple threat … Read more
November 14, 2023 at 10:23AM “AlphaLock” is a Russian hacking group that operates as a “pentesting training organization,” training hackers and monetizing their services through an affiliate program. They offer a course called Bazooka Code Pentest Training, which costs $185 and provides knowledge and tools for work. They also plan to launch the ALPentest Hacking … Read more