Author: Josh Breaker-rolfe

RaidForums, one of the world’s largest hacking forums, has been raided and taken down by an international law enforcement operation.

The forum was notorious for selling access to stolen personal information.

The operation, dubbed “Tourniquet”, involved authorities from the US, UK, Sweden, Portugal and Romania. The investigation culminated in the arrest of the forum’s administrator last month at his home in Croydon, England.

The three confiscated domains associated with the illicit marketplace include “raidforums[.]com,” “Rf[.]ws,” and “Raid[.]lol.”

Diogo Santos Coelho, known as “Omnipotent” online, is the alleged founder and chief administrator of the site. Santos Coehlo has been charged with conspiracy, access device fraud and aggravated identity theft, pending extradition to the US.

The post RaidForums hacker forum domain seized appeared first on IT Security Guru.

The Cybersecurity and Infrastructure Security Agency has warned of Russian state actors exploiting a bug impacting WatchGuard Firebox and XTM firewall appliances.

Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, reportedly exploited the high severity privilege escalation flaw (CVE-2022-23176) to develop a new botnet, dubbed “Cyclops Blink”, out of WatchGuard Small Office/Home Office (SOHO) network devices.

CISA has rated the bug with a critical threat level, explaining in a security advisory: “WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.”

It is only possible to exploit the flaw if it is configured to allow unrestricted management access from the Internet. All WatchGuard appliances are configured for restricted management access.

CISA has given Federal Civilian Executive Branch Agencies three weeks, until May 2nd, to secure their networks against the vulnerability.

The post CISA warns of Russian state hackers exploiting WatchGuard bug appeared first on IT Security Guru.

Several senior European Union (EU) officials were reportedly targeted with Pegasus spyware last year.

Among those targeted were European Justice Commissioner Didier Reynders and at least four other commission staff.

Reuters has said that it was notified of the claims by two EU officials and documentation it had reviewed.

The EU commission reportedly became aware of staff being targeted by Pegasus spyware in November 2021, when tech giant Apple distributed mass messages warning recipients that they were “targeted by state-sponsored attackers.”

The warning prompted a senior tech staffer at the commission to send a message providing information on spyware tools and highlighting the need to watch for additional warning from Apple.

The email, as reviewed by Reuters, said: “Given the nature of your responsibilities, you are a potential target.”

There is as yet no evidence suggesting who deployed the spyware, or whether they were successful.

The Israeli firm NSO Group, the developers of Pegasus, has denied responsibility for the hacking attempts described in the report. The group has gone so far as to claim that the alleged targeting “could not have happened with NSO’s tools,” adding that it was in favour of an investigation into the matter.

 

The post Pegasus spyware targeted EU officials appeared first on IT Security Guru.

Gazprom Neft, the oil arm of Russian state gas company Gazprom, has allegedly suffered a hack on Wednesday bringing down its website.

A statement allegedly from Gazprom CEO Alexie Miller was displayed on the website, appearing to criticise Russia’s invasion of Ukraine. Miller is a close friend of President Vladimir Putin.

The website went down soon afterward.

“The information published on the site on the morning of April 6 … is not true and cannot be regarded as an official statement of the company’s representatives or shareholders,” Gazprom Neft said.

Gazprom Neft, Russia’s third-largest oil producer, is a subsidiary of Gazprom. Gazprom is perhaps best known for sponsoring UEFA.

 

The post Website of Russian oil giant allegedly hacked appeared first on IT Security Guru.

Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees’ personally identifiable information, belonging to Fox News.

The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left open with no password protection.

The data trove contained almost 13 million records of content management data, including an unspecified number of employee details.

“Upon further research nearly all records contained information indicating Fox News content, storage information, internal Fox emails, usernames, employee ID numbers, affiliate station information and more,” wrote Fowler.

“One folder contained 65,000 names of celebrities, cast and production crew members and their internal Fox ID reference numbers. The records also captured a wide range of data points including event logging, host names, host account numbers, IP addresses, interface, device data, and much more.”

The post Fox News leaks 13 million internal records appeared first on IT Security Guru.

Zoom has awarded researchers $1.8 million in bug bounties over 2021, and $2.4 million since the programs launch.

Bug bounties have emerged as a popular cybersecurity method recently, amidst the industry’s skill shortage. Estimates suggest that there will be roughly 3.5 million unfilled job openings by 2025 in the US alone.

Zoom has experienced a huge rise in popularity in recent years, as COVID-19 forced many employees into a work-from-home or hybrid working environment. An increase in use, however, soon highlighted a range of security problems that needed to be addressed. Hence the bug bounty program.

Although the main program is private, Zoom actively recruits digital bounty hunters, with over 800 researchers now participating.

Over 2021, the software vendor paid out $1.8 million in bug bounties over 401 reports.

 

The post Zoom paid $1.8 million in bug bounty rewards in 2021 appeared first on IT Security Guru.

Electric vehicle owners in the Isle of Wight, UK, were surprised yesterday when public charging points displayed pornography.

Service screens at the council-owned car parks across Quay Road, Cross Street, Cowes and Moa Place, Freshwater were supposed to display the council website, but hackers changed several of them to show explicit images.

The Isle of Wight County Press first reported the incident, after being notified by its readers.

A council spokesman has made a statement on the issue:

“We are saddened to learn that a third-party web address displayed on our electric vehicle (EV) signage appears to have been hacked. A council officer will be visiting the EV signage today and tomorrow to ensure the third-party web address is covered up. The council would like to apologize to anyone that may have found the inappropriate web content, and for any inconvenience from charge points out of action.”

The post Electric vehicle chargers hacked to show pornography appeared first on IT Security Guru.

Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users.

It has been reported that the breach was caused by a former employee illegitimately accessing customer information.

Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing reported that a former employee downloaded investing reports containing information belonging to US customers, including full names, brokerage account numbers, brokerage portfolio values and holdings, and one day of stock trading activity.

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” said a Cash App spokesperson in a statement to Mashable.

The post Cash App notifies 8 million customers of data breach appeared first on IT Security Guru.

The Hydra Market, a Russian-language darknet marketplace formerly specialising in the sale of illicit drugs, forged documents, intercepted data and illegal digital service, has been shut down by German Federal police.

Working in conjunction with the United States Justice Department, authorities closed German servers of the marketplace on Tuesday, seizing $25m in Bitcoin of alleged dirty money.

Prosecutors in Frankfurt have said that Hydra, active since 2015, was the largest darknet market in the world at the time of destruction. It has been reported that the marketplace had produced $1.34B of sales in 2020 alone.

 

 

The post Germany closes Russian “Hydra” darknet marketplace appeared first on IT Security Guru.

The Works has reported that five of its 526 shops were forced to close last week as hackers gained access to its computer systems and caused issues with its tills.

While customers are experiencing longer delivery times for online orders, the company has said that no shoppers’ payment details had been compromised.

The Works said in a statement: “Customers can continue to shop safely at The Works, both in store and online.”

All debit and credit card payments are processed outside of The Works’ systems, meaning they are unlikely to be impacted. The company is, however, still unsure whether customers’ personal dat has been affected.

The Works has announced that it has made “immediate changes to further strengthen its security position” and hired cyber security experts to investigate the attack.

 

The post The Works closes stores after cyber attack appeared first on IT Security Guru.