The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

But what, then, were those programs? Herein lies the most intriguing—and potentially ground-breaking—question that the Pentagon study leaves us wondering: What exactly are the secret compartmentalized programs that the whistleblowers and government witnesses _misidentified_ as being related to UAP technology? What, exactly, are the Pentagon, intelligence community, or defense contractors working on that, from a concentric circle or two away inside the shadowy world of SAPs, looks and sounds like reverse-engineering out-of-this-world technology or even studying so-called “non-human biologics”?

There are at least four clear possibilities.

Secret Tech From Foreign Nations

First, what exotic technological possibilities have been recovered from unknown _terrestrial_ sources? For example, if the government is working on reverse-engineering technologies, those technologies are likely from advanced adversary nation-states like China, Russia, and Iran, and perhaps even quasi-allies like Israel that may be more limited in their technology-sharing with the US. What have other countries mastered that we haven’t?

A Question of ‘Peculiar Characteristics’

Second, what technologies has the US mastered that the public doesn’t know about? One of the common threads of UFO sightings across decades have been secret military aircraft and spacecraft in development or not yet publicly acknowledged. For example, the CIA estimated that the U-2 spy plane in the 1950s accounted for as much as half of reported UFO sightings. And the AARO report spends a half-dozen pages documenting how confusion over subsequent generations of secret US government aircraft appear to have also contributed to the great intergalactic game of telephone of UFO programs inside the government, including modern Predator, Reaper, and Global Hawk drones. AARO investigated one claim where a witness reported hearing a former US military service member had touched an extraterrestrial spacecraft, but when they tracked down the service member, he said that the conversation was likely a garbled version of the time he touched an F-117 Nighthawk stealth fighter at a secret facility.

There are surely other secret craft still in testing and development now, including the B-21 stealth bomber, which had its first test flight in November and is now in testing at Edwards Air Force Base in California, as well as others we don’t know about. The government can still surprise us with unknown craft—like the until-then-unknown modified stealthy helicopter left behind on the Pakistan raid to kill Osama bin Laden. And some of these still-classified efforts are likely causing UFO confusion too: AARO untangled one witness’s claim of spotting a UAP with “peculiar characteristics” at a specific time and place and were able to determine, “at the time the interviewee said he observed the event, the DOD was conducting tests of a platform protected by a SAP. The seemingly strange characteristics reported by the interviewee match closely with the platform’s characteristics, which was being tested at a military facility in the time frame the interviewee was there.” So what was that craft—and what were its “peculiar characteristics?”

Relatedly, the US military has a classified spaceship, the X-37B, that has regularly orbited around the Earth since its first mission in 2010—it just blasted off on its seventh and most recent mission in December—and its previous, sixth, mission lasted a record-breaking 908 days in orbit. The Pentagon has said remarkably little about what it does up there for years at a time. What secret space-related or aviation-related programs is the government running that outsiders confuse as alien spacecraft?

A Material Matter

The third likely area of tech development that might appear to outsiders to be UFO-related is more speculative basic research and development: What propulsion systems or material-science breakthroughs are defense contractors at work on right now that could transform our collective future? Again, AARO found such confusion taking place: After one witness reported hearing that “aliens” had observed one secret government test, AARO traced the allegation back to find “the conversation likely referenced a test and evaluation unit that had a nickname with ‘alien’ connotations at the specific installation mentioned. The nature of the test described by the interviewee closely matched the description of a specific materials test conveyed to AARO investigators.” So what materials were being tested there?

There are some puzzling materials-science breadcrumbs wrapped throughout the AARO report. It found one instance where “a private sector organization claimed to have in its possession material from an extraterrestrial craft recovered from a crash at an unknown location from the 1940s or 1950s. The organization claimed that the material had the potential to act as a THz frequency waveguide, and therefore, could exhibit ‘anti-gravity’ and ‘mass reduction’ properties under the appropriate conditions.” Ultimately, though, the new report concluded, “AARO and a leading science laboratory concluded that the material is a metallic alloy, terrestrial in nature, and possibly of USAF \[US Air Force\] origin, based on its materials characterization.”

A Knowledge Limit

Fourth and lastly is the category of the truly weird: Scientists at the forefront of physics point out that we should be humble about how little of the universe we truly understand; as Harvard astronomy chair Avi Loeb explains, effectively all that we’ve learned about relativity and quantum physics has unfolded in the span of a single human lifespan, and astounding new discoveries continue to amaze scientists. Just last summer, scientists announced they’d detected for the first time gravitational waves criss-crossing the universe that rippled through space-time, and astrophysicists continue to suspect that the universe is far weirder than we think. (Italian astrophysicist Carlo Rovelli last year posited the existence of “white holes” that would be related to black holes, which, he pointed out, were still a mystery just 25 years ago when he was starting his career.)

Answers here could be almost unfathomably weird—think parallel dimensions or the ability to travel at a fraction of the speed of light. And one of the most intriguing questions left by the UAP “game of telephone” is whether there are truly astounding advances in physics that government scientists, defense contractors, or research laboratories or centers could be feeling around that could also appear from the outside to be UFO-related.

The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an "exit scam" that left users unable to withdraw millions of dollars worth of funds from the platform.

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar **Incognito Market** has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

An extortion message currently on the Incognito Market homepage.

In the past 24 hours, the homepage for the Incognito Market was updated to include a blackmail message from its owners, saying they will soon release purchase records of vendors who refuse to pay to keep the records confidential.

“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users. “We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.”

Incognito Market says it plans to publish the entire dump of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May.

“Whether or not you and your customers’ info is on that list is totally up to you,” the Incognito administrators advised. “And yes, this is an extortion!!!!”

The extortion message includes a “Payment Status” page that lists the darknet market’s top vendors by their handles, saying at the top that “you can see which vendors care about their customers below.” The names in green supposedly correspond to users who have already opted to pay.

The “Payment Status” page set up by the Incognito Market extortionists.

We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers’ info is on that list is totally up to you. And yes, this is an extortion!!!!

Incognito Market said it plans to open up a “whitelist portal” for buyers to remove their transaction records “in a few weeks.”

The mass-extortion of Incognito Market users comes just days after a large number of users reported they were no longer able to withdraw funds from their buyer or seller accounts. The cryptocurrency-focused publication **Cointelegraph.com** reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits.

CoinTelegraph notes that Incognito Market administrators initially lied about the situation, and blamed users’ difficulties in withdrawing funds on recent changes to Incognito’s withdrawal systems.

Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers. Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.

New Incognito Market users are treated to an ad for $450 worth of heroin.

The double whammy now hitting Incognito Market users is somewhat akin to the double extortion techniques employed by many modern ransomware groups, wherein victim organizations are hacked, relieved of sensitive information and then presented with two separate ransom demands: One in exchange for a digital key needed to unlock infected systems, and another to secure a promise that any stolen data will not be published or sold, and will be destroyed.

Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace. Level 1 vendors can supposedly have their information removed by paying a $100 fee. However, larger “Level 5” vendors are asked to cough up $20,000 payments.

The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators, said **Brett Johnson**, a convicted and reformed cybercriminal who built the organized cybercrime community Shadowcrew many years ago.

“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said. “The Truth of Darknet Markets? ALL of them are Exit Scams. The only question is whether law enforcement can shut down the market and arrest its operators before the exit scam takes place.”

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Beastdoor.oqVulnerability: Unauthenticated Remote Command ExecutionDescription: The malware listens on TCP port 1332, makes outbound connections to SMTP port 25 and executes a PE file named svchost.exe dropped in Windows directory. Third party adversaries who can reach an infected host can issue various numeric commands made available by the backdoor.Family: BeastdoorType: PE32MD5: 6268df4c9c805c90725dde4fe5ef6feaVuln ID: MVID-2024-0674Dropped files: svchost.exeDisclosure: 03/09/2024Commands:27 return victims username and computer information5 or 19 will shutdown victims computer6 restart victims computer9 delete all files including program files16 victim computer screen goes black28 returns clipboard information30 terminates the backdoor and deletes it from the systemExploit/PoC:C:\sec>nc64.exe x.x.x.x 13322727VICTIM DESKTOP-2C3IQHO Windows 8.1 Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHzC:\WINDOWS\C:\WINDOWS\system32\1565 x 8302.01svchost.exe svchost.exe2828I dont like u30Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution

By Deeba Ahmed
Midnight Blizzard (aka Cozy Bear and APT29) originally breached Microsoft on January 12, 2024.
This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code

Microsoft confirms that Russian state-sponsored hackers, known as Midnight Blizzard, infiltrated their systems and stole source code. Experts warn of potential zero-day vulnerabilities.

Microsoft has been hit by a significant cybersecurity breach, with the company confirming that Russian hackers infiltrated its infrastructure, compromising valuable source code.

The breach, originally discovered on January 12, 2024, and **reported** on January 19, raised concerns about the potential misuse of proprietary information and the security of millions of users relying on Microsoft’s products and services.

Earlier this year, Microsoft disclosed that Russian state-sponsored hackers referred to as Midnight Blizzard (also known as Nobelium, Cozy Bear, and APT29), have been spying on the email accounts of Microsoft’s team members. The group, known for the **devastating SolarWinds attack**, successfully stole source code in what Microsoft now terms an “ongoing attack.”

Reportedly, the hackers infiltrated a “small percentage of corporate email accounts” and stole internal messages and files in an attack that began in late November 2023. The threat actor compromised a non-production test tenant account using a password spray attack, accessing some Microsoft corporate email accounts, including senior leadership and cybersecurity employees, and exfiltrating emails and documents.

The attackers exploited vulnerabilities in Microsoft’s defences, gaining unauthorized access to a substantial portion of source code, including Windows OS components, Office Suite, and other critical software elements.

****Update from Microsoft****

Previously, Microsoft stated that there was no evidence that the “threat actor had any access to customer environments, production systems, source code, or AI systems.” However, as per Microsoft’s update **published** on March 8, 2024, Midnight Blizzard is using information from corporate email systems to gain unauthorized access, including access to source code repositories and internal systems. Still, the company asserts that there’s no evidence that attackers compromised Microsoft-hosted customer-facing systems.

**Midnight Blizzard** is using various tactics to attack Microsoft, some of which were shared between Microsoft and its customers via emails. Moreover, the company claims hackers increased the attack volume, such as password sprays, by up to 10 times in February compared to January.

Microsoft has increased security investments and coordinated cross-enterprise efforts to counter Midnight Blizzard’s persistent threat. The company is enhancing its security controls, detections, and monitoring, as well as conducting ongoing investigations into the group’s activities.

Hackread will continue to share findings and information as they evolve. Users are advised to implement security updates, report suspicious activity, and adhere to security best practices.

**Ariel Parnes**, former Head of the Israeli Intelligence Service Cyber Department, winner of the Israel Defense Prize for tech innovations in the cyber field, and COO and Co-Founder at SaaS incident response leader, Mitiga, shared the following insights with Hackread.com:

“For advanced nation-state cyber groups, access to a company’s source code is akin to finding the master key to its digital kingdom, opening up avenues for finding new zero-day vulnerabilities: undiscovered security flaws that can be exploited before they’re known to the software creators or the public.”

Ariel warned that “Zero-day vulnerabilities represent a critical threat because there’s no straightforward way to detect them until after they’ve been discovered and disclosed by the software creators. Given this challenging landscape, organizations need to double down on cybersecurity measures focused on proactive defence.”

1.  Microsoft Disables App Installer After It’s Abused for Malware
2.  Fake Ledger App on Microsoft Store to Steal $800k in Crypto
3.  Microsoft Azure Exploited to Create Undetectable Cryptominer
4.  Microsoft Teams External Access Abuses for DarkGate Malware
5.  Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group

Russian Midnight Blizzard Hackers Breached Microsoft Source Code

A list of topics we covered in the week of March 4 to March 10 of 2024

March 8, 2024 - The flaws could allow an attacker with privileged access to a guest VM to access the hypervisor on the host.

March 8, 2024 - Users of JetBrains TeamCity on-prmises server need to deal with two serious vulnerabilities.

March 7, 2024 - Pet retail company PetSmart has emailed customers to alert them to a recent attack that used reused passwords.

March 7, 2024 - The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US.

March 6, 2024 - The ALPHV gang's attempt to cover up an exit scam isn't going well.

 A week in security (March 4 &#8211; March 10) 

Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help.

The number of nonconsensual deepfake porn videos online has exploded since 2017. As the harmful videos have spread, thousands of women—including Twitch streamers, gamers, and other content creators—have complained to Google about websites hosting the videos and tried to get the tech giant to remove them from its search results.

A WIRED analysis of copyright claims regarding websites that host deepfake porn videos reveals that thousands of takedown requests have been made, with the frequency of complaints increasing. More than 13,000 copyright complaints—encompassing almost 30,000 URLs—have been made to Google concerning content on a dozen of the most popular deepfake websites.

The complaints, which have been made under the Digital Media Copyright Act (DMCA), have resulted in thousands of nonconsensual videos being removed from the web. Two of the most prominent deepfake video websites have been the subject of more than 6,000 and 4,000 complaints each, data published by Google and Harvard University’s Lumen database shows. Across all the deepfake platforms analyzed, around 82 percent of complaints resulted in URLs being removed from Google, the company’s copyright transparency data shows.

Millions of people find and access deepfake video websites by searching for deepfakes, often alongside the names of celebrities or content creators. WIRED is not naming the specific websites to limit the exposure they receive. However, lawyers and companies combating deepfakes online, including by systematically making DMCA complaints, say the number of copyright complaints and high percentage of removals are a sign that Google should take more action against the specific websites. This should include removing them from search results entirely, they say.

“If the sole purpose of these websites is to abuse and manipulate a person’s personal brand, or take their autonomy away from them, or host simple revenge porn, they shouldn’t be there,” says Dan Purcell, the founder and CEO of Ceartas, a firm that helps creators remove their content when it is being used without permission.

For the biggest deepfake video website alone, Google has received takedown requests for 12,600 URLs, 88 percent of which have been taken offline. Purcell says that given the large volume of offending content, the tech company should be examining why the site is still in search results. “If you remove 12,000 links for infringement, why are they not just completely removed?” He adds: “They should not be crawled. They’re of no public interest.”

In the five years since nonconsensual deepfake porn videos first emerged, tech companies and lawmakers have been slow to act. At the same time, machine learning improvements have made it easier to create deepfakes. Today, there are a few kinds of explicit deepfake content: videos where a person’s face is put onto existing consensual pornography, apps that can “undress” a person or swap their face onto a nude image, and some generative AI that allows entirely new deepfake images to be created, such as the images of Taylor Swift which spread online in January.

Each method is weaponized—almost always against women—to degrade, harass, or cause shame, among other harms. Julie Inman Grant, Australia’s e-safety commissioner, says her office is starting to see more deepfakes reported to its image-based abuse complaints scheme, alongside other AI-generated content, such as “synthetic” child sexual abuse and children using apps to create sexualized videos of their classmates. “We know it’s a really underreported form of abuse,” Grant says.

As the number of videos on deepfake websites has grown, content creators—such as streamers and adult models—have used DMCA requests. The DMCA allows people who own the intellectual property of certain content to request it be removed from the websites directly or from search results. More than 8 billion takedown requests, covering everything from gaming to music, have been made to Google.

“The DMCA historically has been an important way for victims of image-based sexual abuse to get their content removed from the internet,” says Carrie Goldberg, a victims’ rights attorney. Goldberg says newer criminal laws and civil law procedures make it easier to get some image-based sexual abuse removed, but deepfakes complicate the situation. “While platforms tend to have no empathy for victims of privacy violations, they do respect copyright laws,” Goldberg says.

WIRED’s analysis of deepfake websites, which covered 14 sites, shows that Google has received DMCA takedown requests about all of them in the past few years. Many of the websites host only deepfake content and often focus on celebrities. The websites themselves include DMCA contact forms where people can directly request to have content removed, although they do not publish any statistics, and it is unclear how effective they are at responding to complaints. One website says it contains videos of “actresses, YouTubers, streamers, TV personas, and other types of public figures and celebrities.” It hosts hundreds of videos with “Taylor Swift” in the video title.

The vast majority of DMCA takedown requests linked to deepfake websites listed in Google’s data relate to two of the biggest sites. Neither responded to written questions sent by WIRED. The majority of the 14 websites had over 80 percent of the complaints leading to content being removed by Google. Some copyright takedown requests sent by individuals indicate the distress the videos can have. “It is done to demean and bully me,” one request says. “I take this very seriously and I will do anything and everything to get it taken down,” another says.

“It has such a huge impact on someone’s life,” says Yvette van Bekkum, the CEO of Orange Warriors, a firm that helps people remove leaked, stolen, or nonconsensually shared images online, including through DMCA requests. Van Bekkum says the organization is seeing an increase in deepfake content online, and victims face hurdles to come forward and ask that their content is removed. “Imagine going through a hiring process and people Google your name, and they find that kind of explicit content,” van Bekkum says.

Google spokesperson Ned Adriance says its DMCA process allows “rights holders” to protect their work online and the company has separate tools for dealing with deepfakes—including a separate form and removal process. “We have policies for nonconsensual deepfake pornography, so people can have this type of content that includes their likeness removed from search results,” Adriance says. “And we’re actively developing additional safeguards to help people who are affected.” Google says when it receives a high volume of valid copyright removals about a website, it uses those as a signal the site may not be providing high-quality content. The company also says it has created a system to remove duplicates of nonconsensual deepfake porn once it has removed one copy of it, and that it has recently updated its search results to limit the visibility for deepfakes when people aren't searching for them.

The DMCA is an imperfect tool, particularly when it comes to deepfakes. Goldberg says it needs someone to “affirm under penalty of perjury” that they’re the copyright holder of the video or images. “But the process of creating a deepfake can transform the image so much that the resulting image is not the same intellectual property as the images it was sourced from,” Goldberg says. Ultimately, this could mean the person creating the deepfake video may be the copyright holder of the abusive content. “Our firm has long advocated that the copyrighting of illegal works should revert to the victims so they can exercise control over them,” Goldberg says. “But the law has not yet caught up.”

Purcell, from Ceartas, says that the law is “not fit for purpose” and can be very “easily weaponized” by deepfake websites filing counternotices against DMCA requests. “At that point, the only option is to sue them,” Purcell says, which raises its own problems. The websites often don’t include contact details or information about who created them, and they can be based in countries with difficult legal regimes. “They will do anything to stay anonymous. They will hide themselves,” van Bekkum says. “They are using, on purpose, hosting companies offshore.”

Grant, the Australian regulator, says her office works with technology platforms and can also issue orders for content to be removed. The office has also targeted individuals who upload videos to deepfake websites. Last year, Grant’s office pursued a man who uploaded images of Australian public figures to one of the largest deepfake websites. He was ordered to remove the material and delete it from his devices.

“I am not a resident of Australia. The removal notice means nothing to me. Get an arrest warrant if you think you are right,” he emailed back after receiving the legal order, according to court documents. Months later, border officials told Grant that the man had entered Australia, and he was ultimately charged with contempt of court.

The incident was a rare example of a regulator or law enforcement body taking successful action against someone creating deepfakes. Adam Dodge, a lawyer and founder of Endtab (Ending Technology-Enabled Abuse), says technology companies should be funding greater education efforts in schools and communities about the harms of creating and sharing deepfakes, while legislators should put in place laws that don’t push the burden of getting content removed on the victims. “It needs to be considered as harmful, as devastating, and as important to internet safety as other forms of banned or criminal or regulated material that people find to be abhorrent and unacceptable,” Dodge says.

Google Is Getting Thousands of Deepfake Porn Complaints

By Waqas
The teasure trove of highly sentisive data is being sold for just $3,000 in Monero (XMR) cryptocurrency on Breach Forums.
This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

The IntelBroker hacker claims to have breached Acuity, a US federal contractor and is now selling data belonging to ICE and USCIS – This incident could potentially expose sensitive information of immigrants and could have national security implications.

The notorious hacker known as IntelBroker has claimed responsibility for a recent data breach allegedly targeting Acuity Inc., a Federal contractor based in Reston, Virginia. The breach has resulted in the theft of sensitive data and documents from two prominent U.S. government entities: U.S. Immigration and Customs Enforcement (ICE) and U.S. Citizenship and Immigration Services (USCIS).

For your information, Acuity Inc. is a federal technology consulting firm headquartered in Reston, Virginia. They offer their deep industry expertise to federal agencies, particularly those focused on National Security and Public Safety. According to the company, their core mission is to help these agencies plan for the future, improve their ability to serve citizens and deliver measurable results through innovative technology solutions and proven management techniques.

These alarming claims surfaced in a recent post on Breach Forums, a notorious cybercrime and hacker forum. Hackread.com has exclusively confirmed that the stolen data is currently being offered for sale on the forum for a mere $3,000 in Monero (XMR) cryptocurrency.

Screenshot: Hackread.com

Following the breach announcement on Breach Forums, IntelBroker proceeded to showcase a sample of the alleged stolen data, purportedly containing personal and Personally Identifiable Information (PII) of over 100,000 victims. The showcased records include:

*   Full names
*   Passport
*   Date of Birth
*   Phone numbers
*   Email addresses
*   Physical addresses
*   Physical attributes.

According to the hacker, “everything belongs to the US citizens,” implying that the compromised data contains information about civilians as well as government agents.

****The Sensitive Nature of Data****

In addition to the information available on the forum, Hackread.com gained insight into further sensitive data, including source code, user manual, confidential conversations and feedback exchanged between ICE agents and contractors. This extended to discussions on investigative techniques such as those utilized by the Five Eyes alliance, the Ukraine, and Russia conflict, information on terrorism-related seminars globally, etc.

Moreover, the alleged compromised data includes .GOV-hosted emails containing plain-text passwords for some. It’s worth noting, however, that these accounts are protected by Two-factor Authentication (2FA), and any unauthorized attempts to access them are promptly blocked until a valid code is provided.

Leaked email addresses (left) and what happened when the hacker attempted to sign in (right) Screenshot: Hackread.com

Given the highly sensitive nature of this information, Hackread.com has refrained from sharing some screenshots and has redacted sample data accordingly. It’s essential to emphasise that, at no point, did Hackread.com attempt to access these accounts.

****How did the alleged hack take place?****

In an exclusive conversation with the hacker, Hackread.com learned that they had exploited a critical 0-day vulnerability in GitHub. Despite not disclosing technical details of the Proof of Concept (PoC) regarding the alleged vulnerability, the hacker claimed that this flaw enables attackers to steal GitHub tokens and advance their malicious activities.

In response to these developments, Hackread.com has initiated contact with GitHub, ICE, USCIS, and Acuity Inc. to request their comments on the matter.

****Who is IntelBroker?****

IntelBroker is known for targeting high-profile targets in the United States. Some of their previous data breaches include Las Angeles Intl. Airport, US DoD Documents, Staffing Giant Robert Half, Facebook Marketplace Database, DARPA-related accesses in General Electric breach, Weee! Grocery and several others.

In fact, according to the United States government, IntelBroker is also the hacker behind one of the T-Mobile data breaches.

****Aftermath of Acuity Inc.’s Alleged Breach****

The aftermath of Acuity Inc.’s alleged breach carries potentially severe and long-lasting repercussions. The compromised data, if obtained by nations deemed adversarial by the United States, could pose significant risks to national security. The exploitation of such intelligence-related information may jeopardize the safety of agents and officials, as well as compromise ongoing operations.

Moreover, recent events highlight the vulnerability posed by third-party contractors. Just recently, on March 4th, 2024, American Express disclosed that its cardholders had been affected by a significant data breach originating from a third-party vendor.

In August 2023, an IT contractor employed by the Metropolitan Police Force experienced a cyberattack that impacted over 50,000 MET police personnel.

In September 2023, a third-party contractor experienced a data breach that affected over 8,000 Greater Manchester Police Officers. In October 2023, another contractor inadvertently exposed their database, resulting in the leakage of sensitive details about 500,000 Irish Police vehicle seizure records.

1.  US Govt’s secret terrorist watchlist with 2M records exposed online
2.  Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft
3.  Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers
4.  Traffic sign near ICE headquarters hacked with “Abolish ICE” message
5.  Norweigian researcher exposes how a US firm collected his location data

Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.

For years, Registered Agents Inc.—a secretive company whose business is setting up other businesses—has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents.

State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints—10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.”

Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting.

A ransomware attack targeting medical firm Change Healthcare has caused chaos at pharmacies around the US, delaying delivery of prescription drugs nationwide. Last week, a Bitcoin address connected to AlphV, the group behind the attack, received $22 million in cryptocurrency—suggesting Change Healthcare has likely paid the ransom. A spokesperson for the firm declined to answer whether it was behind the payment.

And there’s more. Each week, we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company's senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

According to Microsoft, it has found no evidence that its customer-facing systems were breached.

On Wednesday, ​the US Department of Justice announced that it was charging a former Google engineer with stealing trade secrets about artificial intelligence on behalf of two Chinese companies. Linwei Ding was arrested in Newark, California, on four counts of federal trade secret theft. If convicted he could face a decade in prison.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI director Christopher Wray said in a statement to the Associated Press.

The indictment, unsealed Wednesday, alleges that the theft began two years ago, when Ding, a Chinese national, began uploading hundreds of company files about its data centers into a personal Google Cloud account. Soon after and unbeknownst to Google, Ding allegedly founded his own startup specializing in training large AI models while also joining a separate Chinese AI company as its CTO. He resigned from Google in December, according to the indictment.

The US Cybersecurity and Infrastructure Security Agency confirmed this week that hackers breached the agency’s systems in February, according to Recorded Future. CISA, which works to protect US critical infrastructure from cyberattacks and other threats, says it took two of its systems offline after the breach, which was carried out through vulnerabilities in Ivanti IT management software. CISA declined to comment on which systems it took offline, but Recorded Future reports that, according to unnamed sources, one “houses critical information about the interdependency of US infrastructure,” while the other “houses private sector chemical security plans.” It is unclear who the hackers are or whether they accessed or stole data from CISA systems. The agency released an advisory on February 29 warning entities that use Ivanti Connect Secure and Ivanti Policy Secure tech to patch vulnerabilities in the products.

As if getting a phone call through a social network isn’t bad enough, X’s newly released audio and video calling feature can reveal the IP address of anyone you call. Even worse: The feature is turned on by default. While IP addresses can reveal the general location of the user, they’re not precise enough to expose exact locations. Still, civil liberties organizations warn that exposing IP addresses is highly concerning for activists living under authoritarian regimes or other high-risk users. To disable X’s calling feature, go to **Settings and privacy > Privacy and safety > Direct messages** in the X app, and toggle the **Enable audio and video calling** option to off. If you want to keep the feature on but not expose your IP address, toggle on the Enhanced call privacy option, which X says will mask your IP address. Why _this_ feature is not enabled by default remains unclear.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

By Waqas
GoPlus Security secures $4M to build a user-driven Web3 security network. Their AI-powered platform provides real-time threat detection across 20+ blockchains, empowering users with the SecWareX suite for on-chain security.
This is a post from HackRead.com Read the original post: GoPlus Security Raises in Private II+ Funding to Fortify Web3 User Safety

GoPlus Security, a leading cybersecurity provider for the Web3 ecosystem, has successfully concluded its Series II+ private funding round, raising $4 million from a consortium of top-tier venture capital firms.

This latest financial injection provides additional funding to a private round conducted in 2022  by Binance Labs. These resources will bolster GoPlus Security’s mission to enhance the Web3 experience, aiming to provide robust protection and peace of mind for millions of users across the globe.

GoPlus Security provides a security data infrastructure layer for Web3. In total, $15M funding from several different rounds was led by major investment funds including Binance Labs, SevenX Ventures, Redpoint China Ventures, Avalanche, and Crypto.com. The latest investment provides follow-on funding to a private round conducted in 2022 that Binance Labs led.

GoPlus Security Co-Founder Eskil Tsu said: “This funding in our Private II+ round is not just a financial boost but a strong endorsement of our vision to redefine user security network in the Web3 space, in the Web3 way. I’m thrilled for the support and excited about the future we’re building together.”

GoPlus Security, with secured funding, is set to broaden its User Security Network. The goal is to develop a Web3 User Security Network that focuses on transparency and empowering users. This involves offering open-access security data that users can verify and trust, backed by a robust decentralized data and computing layer.

Additionally, GoPlus is launching an end-user service platform named “SecWareX”, by engaging third-party “User Security Services” like Harpio, Webacy, Kekkai, Trusta, Wallet Guard, etc. Through these initiatives, GoPlus aims to become the leading provider of User Security Modules as a Service across various blockchains, essentially creating a foundational layer for Web3 user security.

****About GoPlus Security****

GoPlus is building a Web3 User Security Network that prioritizes transparency and user empowerment by providing permissionless security data and an end-user service environment. Goplus offers User Security Modules as a Service to any Chain.

With a cutting-edge AI module, we adopted into the tech architecture, Goplus has already served 10K+ partnerships with 21M+ User Security Data calls daily, supporting 20+ public chains.

Leveraging top-notch advancements in Web3 defences, GoPlus Security enhances safety with end user-focused services in “SecWareX” while empowering protocol User Security teams with “SecWare” advanced resources for developers. More facts about Goplus in the following:

*   The utilization of GoPlus’s security data infrastructure has significantly increased, with a 5000-fold growth from 2022 to the present, and daily API calls reaching 21 million.
*   The platform incorporates an AI-driven module to monitor Web3 security, offering real-time detection of risks associated with tokens, NFTs, and malicious activities. It evaluates over thirty risk parameters to dynamically address thousands of potential attack vectors.
*   GoPlus provides a range of User Security Modules as a Service, supporting over 20 blockchain networks. This includes collaborations with Risk as a Service (RaaS) providers like Altlayer and partnerships with Layer 2 solutions such as zkSync, Manta, and Scroll.
*   The introduction of new products, such as the “Secscan” security engine and Secware Middleware, marks steps towards a more decentralized approach in data and computing security.
*   Plans are underway to launch SecWareX Planned in early March, aiming to offer users a customizable on-chain security experience. The GoPlus Token will serve as a utility token within this ecosystem, facilitating operations and expanding its utility.
*   GoPlus continues to focus on Web3 security innovation and user-centric solutions. This includes encouraging participation from the community by allowing them to contribute as SecWare Service Providers, Data Providers, and Computing Node Providers, in exchange for GoPlus Tokens, thereby enhancing the overall User Security Network.

Learn more: Gopluslabs.io

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  Particle Network’s Intent-Centric Approach Aims to Secure Web3
3.  UOB, Samsung Back Singapore’s Startale Labs in $7M Web3 Push
4.  Unlocking Web3’s Potential: Beyond IPFS Toward Decentralization
5.  Signal21 Beta Launch Bridges Gap in Blockchain Intelligence Services

GoPlus Security Raises in Private II+ Funding to Fortify Web3 User Safety

This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.  

As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate. 

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. 

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024. 

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.  

Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring. 

Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn.

Tag

#intel