Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Banner Mobile
TM RedHotCyber 970x120 042543

Tag: intelligence

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”

RHC Dark Lab 25/07/2024

In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data Leak Site (DLS) one immediately realizes a strong resemblance to that of the well-known cyber-gang LockBit, and even the number of views of individual posts, taking into account that it is a blog in the onion network, has nothing to envy the elite cyber-gang. This profound similarity suggests a possible reorganization by affiliates of the world’s longest-running cybergang, LockBit, in part because of the two Cronos operations, which saw law enforcement break

Sale of a 0Day RCE Exploit for GLPI HelpDesk

Pietro Melillo 18/07/2024

Recently, a user on the Breachforums known as “cisc0” posted an announcement regarding the sale of a 0Day exploit for GLPI HelpDesk. According to the user, this exploit works on all versions of the software without exception. The news has raised concerns among cybersecurity professionals and organizations that use this IT service management system. Description of the Exploit The user “cisc0” claims that the exploit allows remote code execution (RCE) on all versions of GLPI HelpDesk. This type of vulnerability is particularly dangerous as it enables attackers to execute arbitrary commands on the vulnerable server, potentially gaining full control of the system.

Data Breach: Personal Information of 6K NATO Employees for Sale

Pietro Melillo 18/07/2024

On July 17, 2024, user Vadimblyaa posted on a well-known cybercriminal forum, claiming to possess personal information of 6,000 NATO employees, acquired through a data breach that occurred on July 13, 2024. Vadimblyaa has put this information up for sale and invites interested parties to make offers for its purchase. Breach Details Vadimblyaa provided specific details regarding the format and content of the compromised data, which includes: According to the report, the file contains over 6,000 lines of data. Veracity and Implications At this time, we cannot precisely confirm the authenticity of the breach, as the NATO organization has not yet released

Potential Data Leak from Google: 1 Million Records Exposed

Pietro Melillo 15/07/2024

Recently, a threat actor claimed to have publicly released one million records scraped from Google, raising significant alarm regarding personal data security. The information appeared on an online forum in a post dated July 15, 2024. User “Hana” published a thread titled “Google – 1 Million Scrape – Leaked, Download!” providing details about this alleged data breach. Contents of the Data Leak The data leak is divided into two distinct parts, containing different types of information: Implications and Risks The described data leak includes a significant amount of personal information and reviews, potentially sensitive. The disclosure of such data can lead to

Threat Actor 888 Claims Compromise of BMW (Hong Kong) Customers

Pietro Melillo 15/07/2024

Recently, a concerning news story has emerged in the world of cybersecurity. A well-known hacker, identified by the nickname 888, has allegedly leaked sensitive data belonging to BMW customers in Hong Kong. The data breach, dated July 2024, has led to the compromise of approximately 14,000 rows of confidential information. Details of the Breach According to reports on BreachForums, a notorious hacking forum, the data leak includes personal information of thousands of BMW customers in Hong Kong. The compromised data includes: The publication on BreachForums occurred on July 15, 2024, with hacker 888 making the data available for public download. This incident

RHC interviews Ransomcortex, the gang targeting Hospitals. “pay the ransom, we won’t even spare the CEO’s family.”

RHC Dark Lab 15/07/2024

Ransomcortex is a new cyber ransomware gang that resonates menacingly in the healthcare sector. This group has quickly attracted attention for its specialization in attacks on healthcare facilities, striking four institutions in a matter of days, including three in Brazil and one in Canada. This group demonstrated extraordinary efficiency and a clear “on target” strategy, highlighting the vulnerability of a sector already under tremendous pressure. Ransomcortex’s targeted focus on healthcare organizations raises crucial questions: why this sector and what are the real targets of these criminals? Extremely sensitive and valuable health information is a tempting target for financial fraud, extortion, and black

Hospitals tremble! Ransomcortex arrives. ransomware gang targeting healthcare facilities

RHC Dark Lab 12/07/2024

Recently, the landscape of cyber threats has been enriched by the emergence of a new ransomware group named “Ransomcortex”. This group is distinguished by its specialization in attacking healthcare facilities, having already collected four victims within a few days of its first appearance. Among these, three are Brazilian healthcare facilities and one is Canadian. The preference for attacks on the healthcare sector is not new, but Ransomcortex represents a significant evolution of this trend. Historical Context The interest of cybercriminals in healthcare organizations dates back several years, but recently there has been a significant increase in these attacks. One of the first

RHC interviews Vanir Group. Former affiliates of LockBit, Karakurt and Knight united to extort money: ‘Hire professionals, don’t be cheap’

RHC Dark Lab 12/07/2024

New threat actors often emerge every day to destabilize the digital foundations of organizations around the world. One of the most recent and disturbing cybergangs uncovered by Darklab of Red Hot Cyber team is the VANIR group, a collective known for its ruthless ransomware operations. This exclusive interview, conducted by Dark Lab group, sheds light on an enemy as mysterious as it is dangerous. “You have to know the demons to learn how to counter them.” This phrase, frequently quoted by Red Hot Cyber in conferences and articles, underscores the importance of understanding the modus operandi of cyber criminals. Knowing the “demons”

Alleged Data Breach of the United States Department of Defense and National Security Agency

Pietro Melillo 11/07/2024

Recently, alarming news has emerged on a well-known underground forum regarding alleged data breaches of the United States Department of Defense and the National Security Agency (NSA). The announcements, posted by the user “Gostingr,” have raised concerns among users and cybersecurity experts, particularly due to the sensitive nature of the information involved. Details of the Alleged Breaches According to the post published by the user, the compromised data includes 325,498 lines containing names, emails, phone numbers, and addresses. The file, in CSV format, was compressed into a ZIP archive with a size of 6.3 MB, while the uncompressed size reaches 14.6 MB.

Taylor Swift’s Tour at Risk: Hacker Demands $2 Million from Ticketmaster for 170k Stolen Barcodes

Pietro Melillo 05/07/2024

A cyber incident has hit Ticketmaster, with a malicious actor issuing a ransom demand, threatening to release sensitive data unless a payment of $2 million USD is made. The hacker claims to possess 170,000 barcodes related to Taylor Swift’s ERAS tour events, along with a vast amount of additional data, including user information and barcodes for numerous other events. Ransom Details and Compromised Tickets According to the cybercriminal, the compromised barcodes include tickets for Taylor Swift’s concerts on the following dates and locations: In a statement, the hacker threatens to release all 680 million user records and 30 million additional event barcodes

Category