#Honeypot – Xynik

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

October 31, 2024 by Xynik

October 31, 2024 at 08:37AM Sysdig researchers discovered a misconfigured S3 bucket linked to EmeraldWhale, revealing 1.5 terabytes of stolen credentials and scripts. This incident led to the exposure of 15,000 stolen credentials, highlighting significant security vulnerabilities. ### Meeting Notes Summary: 1. **Incident Detected**: Sysdig researchers identified a significant misconfiguration in an S3 bucket linked … Read more

Microsoft creates fake Azure tenants to pull phishers into honeypots

October 19, 2024 by Xynik

October 19, 2024 at 10:41AM Microsoft is employing deceptive strategies against phishing by using realistic honeypot tenants to attract cybercriminals. This approach enables the collection of intelligence on attackers’ methods, facilitating infrastructure mapping, campaign disruption, and prolonged deception. Presented by Ross Bevington at BSides Exeter, it aims to enhance security and understanding of threat actors. … Read more

Hackers Proxyjack & Cryptomine Selenium Grid Servers

September 12, 2024 by Xynik

September 12, 2024 at 06:09AM Threat actors are targeting Internet-exposed Selenium Grid servers for cryptomining, proxyjacking, and potentially more malicious activities. With thousands of exposed servers, hackers have been deploying automated malware to hijack them. Furthermore, the lack of authentication and outdated versions of Selenium Grid servers pose a significant security risk. Improperly secured servers … Read more

Hackers Boast Ticketmaster Breach on Relaunched BreachForums

May 31, 2024 by Xynik

May 31, 2024 at 05:48AM A hacking group announced the theft of data from 560 million Ticketmaster users on a new BreachForums site. This is the third BreachForums iteration following legal interventions. The group is selling the data for $500,000, containing sensitive user information going back to 2011. Ticketmaster and the Australian government are investigating. … Read more

BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?

May 29, 2024 by Xynik

May 29, 2024 at 03:37AM BreachForums, a criminal bazaar, has resurfaced despite a law enforcement takedown. The revived site offers a 1.3 TB database of Ticketmaster customers’ details for $500,000, with visitors now required to sign up. Law enforcement seized new domains and the Telegram channel, hinting at administrator arrests. Uncertainty remains around the individual … Read more

RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang

April 12, 2024 by Xynik

April 12, 2024 at 11:36AM The Sysdig Threat Research Team has discovered a longstanding Romanian cybercriminal group named RubyCarp, operating discreetly for at least a decade. The group’s distinct activities and tool suite have been unveiled, shedding light on its cryptomining and credential phishing focus. Despite its low profile, Sysdig has accessed the group, provoking … Read more