BU-CERT – Page 7 – Bournemouth University Computer Emergency Response Team

Dark web price index 2023

Posted on 4 July 2023

From privacyaffairs.com

A recently published report from privacyaffairs‘ recent research revealed that, despite the impressive efforts of law enforcement to takedown and disrupt darknet markets selling illicit goods and services, the darkweb markets continue to flourish.

Some notable findigs from the report are as follows:

Sales volume: We have detected no long-term decrease in sales volume
Data volume: During this reporting period we noted that sellers and buyers preferred to transact more bulk data rather than individual goods
Prices: Most items and services we track for 3 years saw a significant decrease in pricing
No clear market leader: Unlike in 2020, 2021, and early 2022, in 2023 no market appears to dominate.
Telegram instead of websites: Telegram has become a major channel for facilitating the sale of hacked personal data.
Cloned Mastercard with PIN as usual costs around $20, at the same time for $100 they are selling stolen online banking logins with a minimum $100 on it.
Paypal accounts, PerfectMoney and other payment processing services are getting cheaper.
Verified Stripe account with payment gateway Is one of the most expensive on the list – $1200.
New payment processing services on the Dark Web: Revolut ($1600), Switzerland online banking login ($2200), Payoneer verified account ($200).
Cryptocurrency accounts were the only category that we saw to have experienced an increase: LocalBitcoins account ($70), Blockchain.com ($85), Coinbase ($250), Kraken (has significant increase in price from $250 in 2022 to $1170 in 2023).
Hacked Online Services & Entertainment Accounts as always are very cheap and very available – average price $5-$10 per account.
Fake money (mostly in 20- and 50-USD bills) is a very common and easy-to-find item.

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices

Posted on 1 November 2022

From thehackernews.com

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones.

The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue.

2022 Dark Web Hacked Social Media Prices and Trends

Posted on 10 October 2022

From whizcase.com

Social media and entertainment accounts sold illegally are now carving out their niche in Dark Web marketplaces.

In a recent report, trends and prices of illegally sold hacked social media and entertainment accounts were collected and studied. Here are some key highlights:

You can buy ALL hacked social media accounts (LinkedIn, Facebook, Twitter, Instagram, Discord, Snapchat, Pinterest, TikTok, Reddit) for $127.
Access to all entertainment service accounts annually costs $100 (Apple Music, Netflix, Disney+, Spotify, Hulu, Twitch, HBO Max, Amazon Prime, SoundCloud).
Hacked communication and live chat tools cost $93.
LinkedIn and Gmail are the most expensive accounts. Both cost $45.
Lots of hacked accounts are sold under $10 – TikTok $8, Skype $8, Telegram $6, Signal $6, Amazon Prime $9.
Most of these are obtained from social engineering or phishing campaigns after hackers have compromised users’ email addresses used at registration.

Online reviews are broken – here’s how to fix them

Posted on 2 September 2022

From theconversation.com

It’s a crime story fit for the digital era. It was recently reported that a number of restaurants in New York had been targeted by internet scammers threatening to leave unfavourable “one-star” reviews unless they received gift certificates. The same threats were made to eateries in Chicago and San Francisco and it appears that a vegan restaurant received as many as eight one-star reviews in the space of a week before being approached for money.

Twitter confirms zero-day used to access data of 5.4 million accounts

Posted on 9 August 2022

From securityaffairs.co

At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Cyberspies use IP cameras to deploy backdoors, steal Exchange emails

Posted on 4 May 2022

From bleepingcomputer.com

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.

Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its “advanced” capabilities as it maintained access to its victims’ environments for more than 18 months (in some cases).

OSINT: The privacy risks of sharing too much information

Posted on 4 May 2022

From tripwire.com

OSINT The privacy risks of sharing too much information

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely have elements of “being creepy.” With software vulnerabilities, we can obtain the software ourselves and demonstrate the vulnerability. That’s more difficult to do with privacy related information as anyone who could consent is someone that you likely know a lot about already.