By Waqas
Banmeet Singh, an Indian national, was arrested in London, England, on April 26, 2019, and extradited to the United States on March 19, 2023.
This is a post from HackRead.com Read the original post: Dark Web Drug Lord Pleads Guilty, Forfeits $150M Cryptocurrency

The drug lord utilized the notorious, infamous, and now-seized dark web marketplaces such as Silk Road, Hansa, and Alpha Bay to operate his global drug empire.

In a significant blow to the clandestine world of dark web drug trafficking, an Indian national, Banmeet Singh, pleaded guilty to orchestrating a large-scale operation that spanned continents, marketing a range of controlled substances.

The U.S. Department of Justice (DOJ) announced Singh’s admission of guilt today, revealing shocking details of a lucrative enterprise that fueled addiction and crime across the globe.

Singh, a 40-year-old from Haldwani, India, emerged as a key figure in the dark web underworld, leveraging platforms like Silk Road, Hansa and Alpha Bay to market and distribute a cocktail of drugs, including fentanyl, LSD, ecstasy, and others. Customers looking for drugs used cryptocurrency to buy them from Singh’s online shops.

The Justice Department’s Acting Assistant Attorney General, Nicole M. Argentieri, emphasized the significance of Singh’s guilty plea, which includes the forfeiture of an eye-popping $150 million in cryptocurrency. “Today’s guilty plea… demonstrates that the Justice Department will hold criminals who violate U.S. law accountable no matter how they conceal their activity,” Argentieri stated in a press release.

Banmeet Singh

According to court documents, Singh’s operation spanned from at least mid-2012 to July 2017, with distribution cells peppered throughout the United States and beyond. From Ohio to Florida, Maryland to North Dakota, the tentacles of Singh’s network reached far and wide, shipping drugs to locations in all 50 states, Canada, Europe, and the Caribbean.

Administrator Anne Milgram of the Drug Enforcement Administration (DEA) hailed the collaborative effort that dismantled Singh’s empire, highlighting the cooperation between U.S. and U.K. law enforcement agencies. “DEA is proud to have worked with its law enforcement partners… to protect the American people and bring Singh to justice,” Milgram remarked.

Singh’s arrest in London, England on 26 April 2019 by the National Crime Agency (NCA), marked a crucial turning point in the investigation, leading to his extradition to the United States on 19 March 2023.

With Singh’s admission of guilt, the dance of deception orchestrated by his organization has come to a halt, signalling a victory for justice and a stark warning to would-be traffickers lurking in the shadows of the dark web. As the sentencing date looms, authorities remain vigilant, determined to safeguard communities against the scourge of drug trafficking.

This case, led by groups like the DEA and IRS, shows how important it is for countries to work together to stop crime that crosses borders. Whether it’s in Ohio or London, cops are fighting to stop dark web drug dealers and keep everyone safe.

****_RELATED ARTICLES_****

1.  **Finnish Dark Web Marketplace PIILOPUOTI Seized**
2.  **Thousands of Dark Web Posts Expose ChatGPT Abuse Plans**
3.  **Europol Busts Major Online CSAM Racket in Western Balkans**
4.  **Vietnamese Group Hacks and Sells Bedroom Camera Footage**
5.  **What is Dark Web, Search Engines, What Not to Do on Dark Web**

Dark Web Drug Lord Pleads Guilty, Forfeits $150M Cryptocurrency

By Deeba Ahmed
Two groups of threat actors, namely CYBO CREW and UNIT8200, are apparently selling the same database with a price tag of $3,000.
This is a post from HackRead.com Read the original post: Threat Actors Selling 1.8TB Database of Indian Mobile Users

The database holds personal records of over 750 million Indian citizens, accounting for nearly half of the country’s 1.4 billion population.

A massive yet alleged data breach has reportedly exposed the personal information of millions worldwide, encompassing 85% of the Indian population, marking it as the largest-ever breach of its kind.

Indian cybersecurity firm CloudSEK has reported a staggering data leak exposing personal information, including names, mobile numbers, addresses, and the unique 12-digit Aadhaar card numbers, of 750 million Indians, roughly half of the country’s population of 1.4 billion.

The breach affects mobile network subscribers across multiple countries, posing significant privacy and data security concerns. This compromised database contains security-sensitive information, claim CloudSEK researchers, and has been compressed to 600GB from 1.8TB when uncompressed.

CloudSEK’s investigation of a trove of personally identifiable information (PII) in the database revealed the breach has impacted all major telecom providers but Indian users are at a higher risk, due to the exposure of their unique Aadhaar identification number, raising concerns about identity theft, financial fraud, and cybercrime.

The database is being sold on Telegram and Breach Forums, a well-known platform for hackers and cybercrime activities. Interestingly, this forum recently saw another threat actor leaking a database from Hathway, which contained information from 4 million users.

In fact, two different cybercrime groups, including CYBO CREW-affiliated CyboDevil and UNIT8200 are offering the data for sale for $3,000.

CloudSEK reports that the threat actor selling the data has denied involvement in this data breach and claims to have obtained it through law enforcement channels’ undisclosed asset work, however, the source remains unclear.

Screenshot shows details of what the group is selling (Credit: CloudSEK)

For your information, CYBOCREW is an emerging new threat group, first discovered in July 2023. The group has so far targeted organizations in the automobile, jewellery, insurance, and apparel sectors, conducting major breaches.  CyboDevil and UNIT8200 are amongst its most active affiliates.

CloudSEK’s Sparsh Kulshrestha highlighted that the “magnitude” of this data breach is unprecedented, emphasizing the importance of telecom service providers and the government to devise measures for identifying potential security vulnerabilities beforehand to prevent such attacks.

Users are advised to change passwords, be cautious of phishing, monitor accounts, and report suspicious activity after a breach, especially those linked to mobile numbers or Aadhaar, to protect their information. CloudSEK has responsibly notified impacted parties and relevant authorities regarding the data breach.

1.  **Indian ISP Hathway Data Breach: Hacker Leaks 4M User Data**
2.  **iPhone Hack Attack Warnings Spark Political Firestorm in India**
3.  **Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary**
4.  **Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted**
5.  **India’s Largest Truck Brokerage Company Leaking 140GB of Data**

Threat Actors Selling 1.8TB Database of Indian Mobile Users

By cyberwire
Toronto, Canada, January 29th, 2024, Cyberwire – In an era where online threats no longer discriminate by business…
This is a post from HackRead.com Read the original post: Control D Launches Control D for Organizations: Democratizing Cybersecurity

**Toronto, Canada, January 29th, 2024, Cyberwire –** In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN’s robust security expertise, announced today the launch of ‘Control D for Organizations‘. This modern DNS service democratizes cybersecurity, making it accessible to businesses of every size, from budding start-ups to late stage SMBs and MSPs.

Leveraging the strength of the world’s largest physical VPN network, Control D is bringing unmatched expertise in navigating cybersecurity challenges and global surveillance into the hands of businesses that traditionally lacked these advanced protections.

Control D for Organizations is geared at companies, schools, and NGOs of all sizes offering simplicity for smaller teams and highly specific and advanced controls for larger organizations. Control D is packed with an arsenal of tools designed to secure and empower diverse teams:

1\. **Malware Blocking**: Protecting business continuity against malicious threats with state-of-the-art detection techniques, all built in-house. Protect individual devices or entire networks in just a few minutes.

2\. \*\***Multi-Tenancy**: Addresses the complexity of managing access and filtering policies across different departments, subsidiaries, or customer accounts within a large enterprise or service provider setting.

3\. **Modern Protocols**: Security cannot be assured using standard DNS protocols. That’s why Control D supports all modern (and encrypted) protocols like DNS-over-HTTPS/3 and DNS-over-TLS.

4\. **Custom Filtering**: Highly granular web filters provide power users with ultimate control, while more general curated lists allow DNS security newcomers to gain maximum security benefits with minimal effort.

5\. **Actionable Insights**: Detailed network activity analytics empower businesses to improve their security posture and make strategic decisions.

Control D for Organizations is more than a security tool—it’s a declaration that first-rate cybersecurity is no longer a luxury. It embodies a new era where organizations, irrespective of their size or financial prowess, can confidently protect their operations and data.

**‘Control D for Organizations ‘, Empowering Every Business with Advanced Cybersecurity**

Control D is a pioneer in software security, devoted to offering next-level, user-centric solutions. Backed by the years of security expertise of Windscribe VPN which protects over 68 million people, Control D leverages the largest physical VPN network and one of the fastest anycast DNS networks to deliver unparalleled security and freedom from surveillance on a global scale.

Join the DNS security revolution and equip your business with Control D. Visit controld.com for more information and take your first step towards comprehensive digital protection. Additional assistance for onboarding channel partners is available. A free no-payment-details required trial is available.

****Media Contact Information**:**

For further details, please contact Yegor Sak at \[email protected\] or our channel partner lead Joe Jaghab at \[email protected\]

****Contact****

**Founder**  
**Yegor Sak**  
**Control D**  
**\[email protected\]**  
**+1(848)500-9848**

Control D Launches Control D for Organizations: Democratizing Cybersecurity

By Deeba Ahmed
From Snowden to Shady Markets: The Long History of NSA's Unchecked Surveillance.
This is a post from HackRead.com Read the original post: NSA Admits Buying American Browsing Records From Shady Markets

According to a letter from NSA director Paul Nakasone to Wyden, the agency purchased Netflow data and information from electronic devices used both domestically and internationally.

The US National Security Agency (NSA) has confirmed purchasing American users’ internet browsing records without warrants, according to Oregon Democratic Senator Ron Wyden. Congressman Wyden, a staunch privacy advocate, spent three years attempting to disclose the NSA’s practice, including purchasing smartphone location data without a warrant.

These “warrantless purchases” included information about websites visited and apps used, explained Wyden. This means, that US government agencies frequently access commercial marketplaces to gather sensitive information about Americans without obtaining court warrants.

According to a letter from NSA director Paul Nakasone to Wyden, the agency only purchased Netflow data and information from electronic devices used both domestically and internationally. The data, mainly related to Internet communications, did not include American communications content. The NSA claims to use commercially available Netflow data for cybersecurity and foreign intelligence missions, to defend US military networks from foreign hackers, minimizing the collection of U.S. personal information through technical filters.

In a letter to the Director of National Intelligence (DNI), Avril Haines, Wyden has urged the Biden administration to stop this “warrantless surveillance of Americans” through internet data purchases. He argues that the US government should not fund and legitimize a shady industry, raising questions about its legality.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal.”

Collecting user browsing habits metadata is a risky practice as it can expose personal information on websites related to mental health, sexual assault, domestic abuse, and telehealth, posing a significant privacy risk.

It must be noted that the Federal Trade Commission (FTC) has banned Outlogic (previously called X-Mode Social) and InMarket Media from selling location information without users’ informed consent, also barring Outlogic from collecting location data for sensitive locations like medical clinics and religious places.

Purchasing data from companies falling in the legal gray area is unethical as consumers/users are unaware of how it’ll be shared or used. Third-party apps incorporating SDKs from these brokers do not inform users about location data sales for advertising or national security purposes, either.

The revelation comes amid growing concerns about foreign governments acquiring US citizens’ data. The Biden administration is already preparing an executive order to curb such purchases, reports CNN. But the government itself is involved in such practices.

However, the NSA has a history of mass surveillance practices, therefore, Wyden’s disclosure doesn’t seem surprising. Back in 2015, a lawsuit was filed by Wikipedia against the NSA to protect the rights of its 500 million monthly users, arguing that their mass surveillance potentially violates the Fourth Amendment and First Amendment and that their activities exceed the authority granted by the Foreign Intelligence Surveillance Act.

Ex NSA contractor Edward Snowden’s 2013 revelation of a secret NSA mass surveillance program, which has been secret for over a decade created havoc globally, exposing the agency’s spying practices.

In 2015, a three-judge panel of the Second Circuit Court of Appeals ruled that the agency’s telephone metadata collection program, which gathered millions of American citizens’ phone records daily, is illegal under the Patriot Act.

****_RELATED ARTICLES_****

1.  **How Dutch Police Busted Hansa Dark Web Marketplace**
2.  **Snowden Explains Why Telegram Messenger App is Unsafe**
3.  **Prometei botnet uses NSA exploit, hits MS exchange servers**
4.  **Hacker uses NSA-reported Windows 10 vulnerability to troll NSA**
5.  **Baltimore City ransomware attack powered by stolen NSA hacking tool**

NSA Admits Buying American Browsing Records From Shady Markets

By Deeba Ahmed
Ukraine Reports Multiple Cyberattacks on Critical Russian Government Infrastructure and Private Companies, Leading to Nationwide Disruption and Massive Data Loss.
This is a post from HackRead.com Read the original post: Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost

Cybersecurity specialists from the Ukrainian HUR (Main Intelligence Directorate of the Ministry of Defense of Ukraine) have claimed a successful cyber attack on IPL Consulting. They reportedly destroyed its entire IT infrastructure, resulting in communication outages across the country.

For your information, IPL Consulting is a Russian company that implements information systems in the local industry. As per HUR’s announcement on Facebook, the company is among the most advanced of all Russian enterprises facilitating information system implementation services to institutions in the automotive, aviation, heavy engineering, and defense sectors. Ukrainian intelligence reports that HUR specialists targeted dozens of its servers and databases.

The Main Directorate of Intelligence of the Ministry of Defense of Ukraine on Facebook

IPL Consulting’s internal network was breached by hackers, resulting in the deletion of over 60 terabytes of data and the destruction of dozens of servers and databases. The full cost of damages remains unclear. According to HUR, the damage is particularly significant amidst ongoing sanctions pressure and affects numerous Russian companies operating in the defence sector.

Cyberattacks have become a common tool in the Russia-Ukraine war, with a devastating attack on telecom firm Kyivstar on December 12, 2023, resulting in widespread communication outages. The Russian hacker group Solntsepek, linked to Russia’s military intelligence agency, claimed responsibility for this attack. Ukrainian cyber specialists have also been quite aggressive on the digital front lately.

In a separate attack, a Ukrainian hacking group “Blackjack” infiltrated Russia’s Main Military Construction Directorate for Special Projects, downloading 1.2 TB of data, including technical documentation for over 500 military sites, confirmed HUR on its Telegram channel on January 19, 2024. The group also transmitted critical intelligence about Russian facilities to Ukrainian armed forces. The hackers temporarily disrupted the company’s operations. 

Another cyberattack was launched against the Russian Far Eastern Research Center of Space Hydrometeorology “Planeta” in Khabarovsk on January 24, 2024, resulting in the destruction of 280 servers and the loss of 2 petabytes (2 million gigabytes) of data, valued at least $10 million. This attack is attributed to Volunteer Patriots from the BO Team group. Planeta is responsible for receiving/processing military satellite data.

According to HUR’s claim, hackers also managed to destroy weather and satellite data for various Russian agencies, including the Russian Ministry of Emergency Affairs, the Ministry of Defense, and Roscosmos. HUR states that the over $350,000 supercomputer cannot be restored, and given the Western sanctions on Russia, the country cannot obtain this software.

Moreover, they disrupted air conditioning, humidification systems, and emergency power supply regulations. The HUR also stated that the attack disconnected a Russian station in the Arctic, affecting strategic companies vital to defence and supporting Russian occupation forces. 

The incident follows a previous incident in which the HUR collected 100 gigabytes of confidential, intelligence data valued at $1.5 billion, and belonging to Special Technology Center LLC, operating in Russia’s military-industrial complex.

****_RELATED ARTICLES_****

1.  **Ukraine’s Cyberattack Cripples Russia’s Tax System**
2.  **Ukrainian Hackers Trick Russian Military Wives for Personal Info**
3.  **UAC-0099 Using Old WinRAR Flaw in New Cyberattack on Ukraine**
4.  **Protestware Uses npm Packages to Call for Peace in Gaza, Ukraine**
5.  **Ukraine Hacks Russia’s Aviation Agency, Claims “Aviation Cannibalism”**

Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost

By Deeba Ahmed
FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI),…
This is a post from HackRead.com Read the original post: Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI), an open repository for Python\-developed software packages, to upload malware-infected packages. This exploitation of PyPI’s infrastructure poses significant risks to users.

FortiGuard Labs team recently identified a PyPI malware author, “WS,” uploading malicious packages to PyPI, estimating over 2000 potential victims. The identified packages, including nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111, show attack methodologies that resemble the attacks identified by Checkmarx in 2023.

These packages contain base64-encoded Python scripts, which are executed depending on the victim’s operating system. The packages deploy Whitesnake PE malware on Windows devices or a Python script to steal information from Linux devices.

What’s interesting in this scheme is that Python scripts are using a new method to transmit stolen data, using a range of IP addresses as the destination instead of a single fixed URL. This helps ensure successful data transmission even when one server fails.

Recently identified packages primarily target Windows users, whereas previous ones targeted both Linux and Windows users. The objective is to exfiltrate sensitive information from victims.

The Whitesnake PE payload is a Python-compiled executable created using the PyInstaller tool, displaying an incomplete script file ‘main.pyc’ and another file ‘addresses.py.’ This is rather suspicious. ‘Main.pyc’ is clandestine code that copies itself to the Windows startup folder for autorun, probes logical drives, and monitors the count of running instances.

It also retrieves clipboard contents and compares them against predefined cryptocurrency address patterns, prompting it to overwrite the clipboard with corresponding addresses from ‘addresses.py’, potentially deceiving victims into directing cryptocurrency transactions to an unexpected destination.

The payload, an encrypted.NET executable launches an invisible window right after its installation and adds itself to Windows Defender‘s exclusion list. It then creates a scheduled task to run every hour on the compromised device. The task connects a malicious IP to a client using “socket.io” and collects sensitive user data, including IP address and host credentials.

The payload captures wallet and browser data and sends it to a suspicious IP address via a remote server as a.zip file with multiple encryption layers, which the attacker extracts and exfiltrates. Debugging revealed strings that indicated information stolen from a wide range of devices, such as cryptocurrency services, applications, and browsers.

Timeline of the malicious PyPI packages published by “WS” (Screenshot: Fortinet Labs)

The research reveals how easily a single malware author can distribute multiple info-stealing packages into the PyPI library, highlighting the need for vigilance when using open-source packages.

“Information-stealing malware is an increasingly pertinent and pressing subject. Safeguarding against such persistent adversaries demands a strategic and forward-thinking approach to fortify your defences,” FortiGuard Labs researchers concluded.

****_RELATED ARTICLES_****

1.  **Luna Grabber Malware Hits Roblox Devs Through npm Packages**
2.  **6 official Python repositories plagued with cryptomining malware**
3.  **GitHub Abused to Spread Malicious Packages on PyPI in Image Files**
4.  **NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package**
5.  **FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data**

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

By Waqas
Soap2day: From Ashes to Pixels - The Curious Case of a Streaming Phoenix.
This is a post from HackRead.com Read the original post: New Soap2day Domains Emerge Despite Legal Challenges

Soap2day permanently shut down in June 2023 – While the official site and its major mirror sites closed down, it seems like some copycats or imitators have emerged using new domains to offer similar illegal streaming services.

Soap2day, the once-infamous haven for free movie and TV show streaming, met its apparent demise in June 2023. Legal pressure and a barrage of copyright infringement takedowns seemingly snuffed out the life of this unauthorized streaming giant. But just like a phoenix rising from the ashes, Soap2day has begun to flicker back to life under new guises, leaving users and authorities alike scratching their heads.

The original Soap2day was a hydra of sorts, with countless mirror sites popping up as fast as the old ones were shut down. This online game of whack-a-mole frustrated content creators and copyright holders for years. However, a coordinated takedown effort in mid-2023 seemed to deal a decisive blow, leaving behind a digital graveyard of dormant URLs.

This was the goodbye message from Soap2day (Screenshot credit: Hackread.com)

But death, it seems, can be temporary in the ever-evolving web. New domains bearing the Soap2day name have started surfacing, offering the same illicit library of movies and TV shows.

These digital doppelgangers appear disconnected from the original operators, possibly opportunistic copycats eager to fill the void left in the streaming underworld. Some of these new domains, like **Soap2day.rs**, **Soap2day.day**, and **Soap2day.store**, are easily accessible through Google. They offer access to thousands of recently released content for free.

The screenshot shows 2 of the new Soap2day domains currently online (Screenshot credit: Hackread.com)

However, there is no such thing as a free lunch. Online streaming services are infamous for phishing users or even dropping malware through pop-up bombardment. The risks are far greater than the potential benefits, making it not worth it. Therefore, engaging with these copycat sites exposes users to a plethora of dangers, including:

*   **Privacy violations:** Dodgy data practices are often rampant on such sites, putting your online privacy at risk.
*   **Malware and phishing attacks:** Disguised software installs and fraudulent links can lurk within these illegal platforms, jeopardizing your device and personal information.
*   **Legal repercussions:** Accessing copyrighted content illegally can lead to hefty fines and legal consequences in many countries.

So, why take the risk when a plethora of legal alternatives exist? Streaming platforms like Netflix, Hulu, and Disney+ offer vast libraries of content for a reasonable price. Additionally, numerous free, legal options like Tubi TV and Crackle provide access to movies and TV shows without compromising your security or wallet.

Here is a detailed list of legal and free online streaming services for movies and TV shows. Remember, using legal platforms not only ensures a safer and more reliable experience but also supports the entertainment industry and content creators.

The Soap2day saga highlights the ephemeral nature of illegal streaming sites. Their days are numbered, yet copycats will always appear, and the risks associated with them far outweigh the fleeting satisfaction of pirated content. Choose legal and safe alternatives, and enjoy your favourite shows and movies with peace of mind.

1.  **Streaming site 123movies has been shut down**
2.  **Fake streaming sites using Star Wars as bait to spread malware**
3.  **Poker player jailed for illegal video streaming, downloading sites**
4.  **Adult streaming site CAM4 leaks 7 TB of data with 11 billion records**
5.  **Police shut down illegal video streaming app Mobdro with 100M users**
6.  **US COVID-19 relief bill to make copyrighted content streaming a felony**

New Soap2day Domains Emerge Despite Legal Challenges

By Uzair Amir
While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence. 
This is a post from HackRead.com Read the original post: Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats

It is a well-known fact that cybercriminals have evolved over the years. The emergence of AI-powered malicious chatbots, such as WormGPT and FraudGPT, has enabled malicious threat actors to not only refine their skills but also consolidate all their malicious activities and tools into one, like a toolbox. Understanding these tools is the first step towards safeguarding yourself against their scams.

While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence.

One major part of that toolbox should be a Virtual Private Network or VPN. Why? because this tool hides your real-time IP address and protects your online privacy from cyber criminals and state-backed threat actors. VPNs, like CyberGhost, encrypt your internet connection, shielding your online activities from prying eyes.

Additionally, employing two-factor authentication (2FA), such as Google Authenticator, Microsoft Authenticator, Okta, and Authy, adds an extra security layer, making it harder for fraudsters to gain unauthorized access to your accounts, even if they have your passwords. These tools, combined with regular updates and vigilance, are crucial in safeguarding against sophisticated scams.

Let’s dive into the tools commonly used by fraudsters, followed by the countermeasures you can employ to protect yourself.

****Common Fraud Tactics********Spoofing****

Spoofing is a deceptive practice where fraudsters falsify information to appear as a legitimate entity. This can involve altering caller IDs or email addresses to mimic those of trusted organizations or individuals. The primary goal is to gain the victim’s trust, making them more susceptible to divulging sensitive information or granting access to their accounts.

****Phishing****

Phishing is a widespread technique that involves sending fraudulent communications that appear to come from a reputable source. Typically executed through email, these messages aim to steal sensitive data such as login credentials, credit card numbers, or personal identification information. Phishers often use urgency or fear to bypass rational judgment.

****Fake Profiles****

Creating fake profiles on social media, dating websites, and other platforms is a common tool in a fraudster’s arsenal. These profiles are carefully crafted to appear genuine, often mimicking the identities of real individuals or organizations. The objective is to build trust with potential victims, eventually manipulating them into financial transactions or sharing confidential information.

****Fake Photos and Entities****

Fraudsters frequently utilize stolen or altered images to bolster the credibility of their fake profiles or websites. Additionally, they might establish counterfeit entities, such as businesses or charities, to appear legitimate. These entities are used to facilitate various scams, including fraudulent sales, charity fraud, and investment scams.

The latest and ongoing incident involving deepfake images of Taylor Swift is just one example of the nightmarish scenarios that cybercriminals can create in your life.

****Fake Claims****

Scammers use persuasive narratives and false claims to trick their victims. These may include threats of legal action, false claims of lottery winnings, or other deceptive propositions that require the victim to make payments or provide personal information.

****Misrepresentation****

Fraudsters often impersonate authority figures or institutions using fake names, credentials, and badge numbers. This tactic is designed to intimidate or convince the victim of the legitimacy of their requests, thereby facilitating the extraction of sensitive information or money.

****Computer Pop-ups****

The prevalence of unwanted pop-ups bombarding your screen is a key reason why adblockers have gained immense popularity. Pop-up warnings on computers are commonly used to spread malware or obtain personal information.

These pop-ups often carry false alerts about viruses or security breaches, prompting the user to take immediate action, which usually involves downloading harmful software or calling a fraudulent support number.

****Robocalls****

Automated calls, or robocalls, are used extensively by scammers to reach many potential victims efficiently. These calls might contain deceptive messages about unpaid taxes or lottery winnings or offer fake services, aiming to extract personal information or direct payments.

****Lead Lists****

Lead lists are databases of individuals who have previously fallen for scams. Fraudsters trade and sell these lists, knowing that individuals scammed once are more likely to be targeted and tricked again.

****Secrecy and Persuasion****

A common tactic used by scammers is to demand secrecy from their victims. By insisting that the dealings remain confidential, fraudsters aim to isolate the victim and prevent them from seeking advice or help from others. They often employ a mix of charm, flattery, and threats to manipulate and control their targets.

****Emotional Manipulation****

Emotional manipulation involves fraudsters playing on the victim’s emotions to extract money or personal information. They may pretend to be in a romantic relationship, a distressed family member, or a charity representative. The fabricated scenarios often evoke strong emotional responses, compelling the victim to act impulsively.

****Search Engine Optimization and Malicious Links****

Fraudsters often use search engine optimization techniques (SEO Poisoning) to promote their scam websites, making them appear legitimate and trustworthy in online searches. They also distribute malicious links through emails or messages, which lead to fraudulent websites or directly install malware when clicked.

****Protective Measures Against Fraud********Caller Verification****

Always verify the identity of callers, especially when they request personal information. If someone claims to be from a legitimate organization, hang up and contact the organization directly using a verified phone number to confirm their authenticity.

****Email Caution****

Exercise caution with email links and attachments, especially from unknown senders. Hover over email addresses and links to verify their authenticity. Be cautious of emails that use urgency or pressure tactics to gather personal information or payments.

****Continuous Education****

Staying informed about common scam tactics and trends is essential. Regularly educating oneself and others about the latest fraud methods can significantly reduce the risk of falling victim to these scams. In simple terms, having cybersecurity knowledge for yourself and your employees is the master key to protecting against every known cyberattack to date.

****Anti-Virus Software****

Ensure your devices are protected with reliable and updated anti-virus software. This software is capable of detecting and preventing malware attacks, which are commonly used in various scams.

****Pop-Up Blockers****

Pop-up or ad blockers can prevent malicious ads and links from appearing on your devices. These pop-ups often contain false claims or threats designed to trick users into downloading malware or revealing personal information.

If you are on Chrome browser, you can disable pop-ups from settings. > Chrome > Settings > Privacy and security > Site Settings > Pop-ups and redirects.

****Secure Network Usage****

Avoid conducting sensitive transactions over public wi-fi networks. Always use secure, private networks for online banking, shopping, and other activities that require personal information.

Businesses should employ a variety of fraud detection tools to safeguard their operations. These include:

*   **Geolocation and Proxy Piercing:** Identifying the physical location of transaction attempts can flag suspicious activities, especially if the location mismatches the user’s typical pattern.
*   **Device Fingerprinting:** This tool helps recognize devices used in previous fraudulent activities, enabling businesses to block transactions from these devices.
*   **Address Verification (AVS):** AVS checks if the billing address provided by the customer matches the address on file with the card issuer.
*   **Velocity Checks:** Monitoring the frequency and volume of transactions from a single user can help detect and prevent fraud.
*   **Biometric Verification:** Using biometrics in payment processes adds an extra layer of security.
*   **Blacklists and Whitelists:** These lists allow businesses to control traffic based on known fraudulent sources or trusted entities.
*   **Machine Learning:** AI models can detect patterns indicative of fraud, improving over time as they process more data.
*   **3-D Secure Technology:** This adds authentication steps for online credit and debit card transactions, reducing the risk of card-not-present fraud.
*   **Fraud Scoring:** Analyzing transactions based on various risk factors helps identify potentially fraudulent activities.

****Regular Updates and Vigilance****

Keeping software and fraud detection tools up to date is crucial. Regularly updating your knowledge about new fraud tactics and protective measures can help you stay ahead of scammers.

****Conclusion****

Fraudsters are always changing their tactics, which makes it crucial for individuals and businesses to stay informed and alert. Understanding the tools used by fraudsters and implementing strong protective measures can significantly reduce the risk of falling victim to these sophisticated scams. Regular updates, continuous education, and employing advanced fraud detection tools are key to safeguarding against these threats.

****_RELATED ARTICLES_****

1.  **What is an OSINT Tool – Best OSINT Tools**
2.  **McAfee’s Mockingbird AI Tool Detects Deepfake Audio**
3.  **Temporary Phone Number: An Essential Tool for Privacy Protection**
4.  **Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices**
5.  **Understanding Reverse Email Lookup: A Tool to Strengthen Cybersecurity**

Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats

By Deeba Ahmed
Vendors have 90 days to release security patches before Trend Micro publicly discloses it.
This is a post from HackRead.com Read the original post: Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive

Pwn2Own Automotive 2024 took place in Tokyo, Japan, from January 24 to 26.

Pwn2Own Automotive 2024, a three-day contest organized by Trend Micro’s Zero Day Initiative, saw competitors earn $1,323,750 for hacking Tesla twice and discovering 49 zero-day bugs in EV systems.

Synacktiv Team won the contest, earning $450,000 in cash for hacking a Tesla car twice, gaining root permissions, and demonstrating a sandbox escape in the Tesla infotainment system. They also demonstrated two-bug chains against Ubiquiti Connect and JuiceBox 40 Smart EV Stations. Second on the list was fuzzware.io for received $177,500. In third place were Midnight Blue/PHP Hooligans with $80,000 in rewards.

Participants earned over $700,000 on the first day, including $60,000 for EV charger hacks and $40,000 for infotainment system and Tesla modem hacks. The second day saw the Automotive Grade Linux exploit earning the biggest reward of $35,000, while EV charger exploits earned teams $30,000. On the third day, researchers received $60,000 for an Emporia EV charger exploit and $30,000 each for other exploits, resulting in payouts ranging from $20,000 to $26,000.

Here, are the prominent happenings and results from all three days of the contest.

On the first day, researchers discovered vulnerabilities in Tesla’s modem, Sony’s infotainment systems, and Alpine’s car audio players, collectively earning $722,500 in awards for identifying three bug collisions and 24 zero-day exploits.

The NCC Group EDG team won $70,000 for exploiting zero-day bugs to hack Pioneer DMH-WT7600NEX and Phoenix Contact CHARX SEC-3100 EV chargers. Sina Kheirkhah, Tobias Scharnowski, and Felix Buchmann attacked ChargePoint Home Flex and Sony XAV-AX5500, earning $60,000 and $40,000, respectively.

Synacktiv Team successfully exploited Tesla Modem and JuiceBox 40 Smart EV charging stations, while the PCAutomotive Team exploited Alpine Halo9 iLX-F509.

On Day 2, Team Tortuga successfully exploited a known bug in a 2-bug chain against the ChargePoint Home Flex, earning $5,000 and 3 Master of Pwn Points. The Midnight Blue / PHP Hooligans team also used a known bug in a 3-bug chain to exploit the Phoenix Contact CHARX SEC-3100, earning $30,000 and 6 Master of Pwn Points.

PCAutomotive couldn’t exploit the JuiceBox 40 Smart EV Charging Station whereas Katsuhiko Sato successfully attacked the Sony XAV-AX5500, earning $10,000 and 2 Master of Pwn Points.

Computest Sector 7 successfully targeted the JuiceBox 40 Smart EV Charging Station for a known bug, earning $15,000 and 3 Master of Pwn Points. Sina Kheirkhah failed to exploit the Autel MaxiCharger AC Wallbox Commercial, while Synacktiv and NCC Group EDG successfully exploited the Tesla Infotainment System and Alpine Halo9 iLX-F509, using a 2-bug chain, earning $100,000 and $20,000, respectively.

Synacktiv earned $35,000 and 5 Master of Pwn Points using a 3-bug chain, while Le Tran Hai Tung earned $20,000 and 4 Master of Pwn Points using a 2-bug chain. Sina Kheirkhah and Alex Olson failed to get their exploits working, while fuzzware.io earned $30,000 and 6 Master of Pwn Points using a stack-based buffer overflow. RET2 Systems also earned $30,000 and 6 Master of Pwn Points using a stack-based buffer overflow.

Day 3 saw Computest Sector 7 exploiting the ChargePoint Home Flex and earning $30,000 and 6 Master of Pwn Points using a 2-bug chain. Synacktiv successfully exploited the Sony XAV-AX5500, earning $20,000 and 4 Master of Pwn Points. Katsuhiko Sato failed to exploit the Pioneer DMH-WT7600NEX.

Sina Kheirkhah attacked the Ubiquiti Connect EV, earning $30,000 and 6 Master of Pwn Points. fuzzware.io exploited the Phoenix Contact CHARX SEC-3100, earning $22,500 and 4.5 Master of Pwn Points.

Nettitude’s Connor Ford exploited the JuiceBox 40 Smart EV Charging Station, using a stack-based buffer overflow, earning $30,000 and 6 Master of Pwn Points. Team Cluck exploited the Phoenix Contact CHARX SEC-3100, earning $26,250 and 5.25 Master of Pwn Points.

Vendors have 90 days to release security patches before Trend Micro publicly discloses it.

****_RELATED ARTICLES_****

1.  6 of the Best Crypto Bug Bounty Programs
2.  Bug bounty: Hack Tesla Model 3 to win your own Model 3
3.  Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu Pwned

Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive

By Deeba Ahmed
Cybercriminals are actively promoting the abuse of ChatGPT and similar chatbots, offering a range of malicious tools from malware to phishing kits.
This is a post from HackRead.com Read the original post: Thousands of Dark Web Posts Expose ChatGPT Abuse Plans

The cybersecurity researchers at Kaspersky have uncovered more than 3,000 posts on the dark web, where threat actors seek to abuse or maliciously exploit ChatGPT, OpenAI’s AI-powered chatbot.

The internet’s underbelly, the Dark Web, has evolved from being a hub for stolen data and illicit transactions to a breeding ground for developing AI-powered cybercrime tools, reports Kaspersky Digital Footprint Intelligence service. 

The findings are based on Kaspersky’s observation of Dark Web forum discussions throughout 2023. AI (Artificial intelligence) technologies are being exploited for illegal activities, with threat actors sharing jailbreaks via dark web channels and exploiting legitimate tools for malicious purposes. 

In September 2023, Hackread reported SlashNext researchers discovering threat actors promoting successful jailbreaks on AI chatbots and writing phishing emails. These actors are selling jailbroken versions of popular AI tools.

Particularly notable is cybercriminals’ preference for ChatGPT and Large Language Model (LLM), which simplifies tasks and increases information accessibility, but poses new security risks as cybercriminals can use them for malicious purposes.

Threat actors are exploring schemes to implement ChatGPT and AI, including malware development and illicit use of language models, explained Kaspersky digital footprint analyst Alisa Kulishenko.

Cybersecurity threats like FraudGPT and malicious chatbots were recurring topics on Dark Web forum discussions, with nearly 3,000 posts observed throughout the year, peaking in March 2023. Stolen ChatGPT accounts are also a popular topic, with advertisements surpassing 3,000 ads. 

Between January and December 2023, according to Kaspersky’s report, cybercrime forums regularly featured discussions on using ChatGPT for illegal activities. One post was about how to use GPT to generate polymorphic malware, which is harder to detect and analyze than regular malware.

Another post suggested using the OpenAI API to generate code with specific functionality while bypassing security checks. While no malware has been detected using this method, it is possible. 

ChatGPT-generated answers can solve tasks that previously required expertise, lowering entry thresholds into various fields, including criminal ones, by providing a single prompt for processing specific string formats. AI is incorporated in malware for self-optimization, with viruses learning from user behaviour to adapt attacks.

AI-powered bots are creating personalized phishing emails, manipulating users to reveal sensitive information. Cybercriminals are also using deepfakes, where AI is used to create hyper-realistic simulations, impersonate celebrities/personalities, or manipulate financial transactions, fooling unsuspecting users easily.

Moreover, researchers noted that cybercriminal forums integrate ChatGPT-like tools for standard tasks, with threat actors using jailbreaks to unlock additional functionalities. In 2023, 249 offers for selling these prompt sets were discovered.

Open-source tools for obfuscating PowerShell code are shared for research, but their easy accessibility can attract cyber criminals. Projects like WormGPT and FraudGPT raise concerns and developers warn against scams and phishing pages offering access to these tools.

This poses a significant challenge for cybersecurity experts and law enforcement agencies, as traditional detection methods become useless against AI-powered threats. New strategies and tools must be developed to combat this threat.

Investing in AI-powered security solutions, being cautious when opening suspicious emails, links, and attachments, and staying informed about the latest trends in cybercrime and AI is mandatory.

1.  McAfee’s Mockingbird AI Tool Detects Deepfake Audio
2.  Russian Hackers Eager to Bypass Restrictions to Abuse ChatGPT
3.  Researcher create polymorphic Blackmamba malware with ChatGPT
4.  China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
5.  OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k

Source

HackRead