From securityaffairs.com
The STYX marketplace was launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance ‘lookups’, and more.
From thehackernews.com
The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis.
The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 for a lifetime subscription.
“The stealer can harvest and exfiltrate sensitive information and uses the Telegram API to send stolen data to attackers,” Cisco Talos researcher Edmund Brumaghin said in a Tuesday report.
From theregister.com
A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI.
Security vendor Sophos has identified genesis.market as “an invitation-only marketplace” from which buyers can acquire “stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems.”
Sophos described the stolen data souk as an initial access broker (IAB) – a business that compromises systems and services, steals data, and sells it. Genesis.market specialized in lifting “credentials, cookies, and digital fingerprints” and not only sold that data but offered a subscription service to provide up-to-date information on individuals it tracked.
The security firm also found Genesis offered “customer-service features that let bad actors concentrate on doing crimes, not tech” including a “polished interface with good data-correlation capabilities; effective and well-maintained tools for customers, including a robust search function; and mainstream accoutrements such as an FAQ, user support, pricing in dollars (though payment is in Bitcoin), and competent copyediting.”
From blog.elcomsoft.com
The HomePod contained a copy of the keychain. Once we loaded the file into Elcomsoft Phone Viewer, we were able to see the keychain items available.What we saw was a long list of Wi-Fi passwords, which contained passwords to pretty much all Wi-Fi access points stored in the iPhone on the same Apple ID. We also found a list of tokens including an Apple account token. We have not looked into this any further.
From thehackernews.com
Microsoft has announced plans to automatically block embedded files with “dangerous extensions” in OneNote following reports that the note-taking service is being increasingly abused for malware delivery.
Up until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to dismiss the prompt and open the files.
That’s going to change going forward. Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: “Your administrator has blocked your ability to open this file type in OneNote.”
From cyware.com
A new malware family called Mélofée has been discovered targeting Linux servers related to a limited number of high-value targets. The implant has been linked to a cluster of Chinese state-sponsored groups, specifically the Winnti group, on the basis of its capabilities and other TTPs.
ExaTrack detected three different samples of Mélofée, likely dated between January and May 2022.
From kalilinuxtutorials.com
Today, we will present a new tool for gathering information to identify subdomains linked to a particular domain.
The subdomains that should be “blog.kalilinuxtutorials.com” and “store.kalilinuxtutorials.com” are subdomains of the “kalilinuxtutorials.com” domain.