In the intricate landscape of global cybersecurity, Webwyrm malware has surfaced as a formidable adversary, casting its ominous shadow across 50 nations and leaving in its wake over 100,000 compromised victims. This insidious digital menace successfully emulates in excess of 1000 reputable companies globally, with the ensuing potential financial fallout estimated to surpass a staggering $100 million. It is imperative for cybersecurity professionals and organizations alike to comprehend the multifaceted nature of this threat to devise and implement robust defensive strategies effectively.

The Evolutionary Trajectory of Webwyrm

In the dynamic realm of cyber threats, malicious actors incessantly refine their Tactics, Techniques, and Procedures (TTPs), exploiting extant vulnerabilities and augmenting the efficacy of their malicious campaigns. Webwyrm epitomizes this relentless pursuit of evolution, embodying a level of sophistication reminiscent of infamous cyber threats of yore, such as the notorious ‘Blue Whale Challenge.’

Refined Modus Operandi

WebWyrm malware orchestrates a complex, deceptive narrative aimed at duping unsuspecting job seekers into relinquishing their cryptocurrency. Initiating contact predominantly via WhatsApp, the malefactors likely leverage data procured from employment portals to pinpoint and engage individuals predisposed to their deceptive overtures. Prospective victims are enticed with promises of lucrative weekly remuneration, ranging between $1200 and $1500, contingent upon the completion of daily task “packets” or “resets.”

Upon transferring funds into designated cryptocurrency wallets, victims are led to believe that the completion of tasks results in monetary withdrawals from their accounts, which are subsequently returned along with additional commissions. The introduction of “combo tasks” promises substantial financial returns but necessitates a more considerable investment. However, the caveat is that these returns are accessible only upon the sequential completion of all combo tasks, with each task demanding a progressively larger investment.

Campaign Enablers: Technical Insights

WebWyrm’s campaign is characterized by its sophistication, adaptability, and elusive operational framework. The initiative employs dedicated personnel engaging with victims via various platforms, thereby lending an aura of legitimacy and support to their endeavors. The orchestrators have meticulously crafted approximately 6000 counterfeit websites, directing victims to register their accounts. These platforms are expertly designed to mimic legitimate enterprises, with a keen focus on geo-targeting and associated contact numbers reflecting the respective victim’s geographical location.

Moreover, the malefactors astutely navigate the ephemeral nature of their infrastructure, allocating specific IP addresses or Autonomous System Numbers (ASNs) to host counterfeit domains for limited durations. This modus operandi facilitates operational continuity and anonymity, allowing for a swift transition to alternative infrastructure in response to potential threats, thereby effectively circumventing detection mechanisms.

Industries in the Crosshairs

Webwyrm has indiscriminately targeted a plethora of industries, including:

• IT Services
• Software Development
• Mobile App Development
• User Experience Design
• Digital Marketing
• Web Development
• SEO
• E-Commerce

Defensive Countermeasures

Effective defense against Webwyrm necessitates the adoption of several countermeasures:

• Origin Tracing of Malefactors via Employment Portals
• Collaborative Defensive Initiatives
• Deployment of Rapid Response Teams
• Implementation of Domain Blacklisting Protocols
• Asset Seizure
• Launch of Educational Awareness Campaigns

With the incorporation of these enhanced technical insights, it becomes abundantly clear that WebWyrm represents a meticulously orchestrated, sophisticated operation with the singular aim of exploiting job seekers. The nuanced understanding of potential victims, coupled with a highly adaptive and elusive infrastructure, renders this a significant threat warranting coordinated, informed countermeasures to safeguard potential victims. Awareness, education, and the proactive deployment of defense mechanisms are pivotal in mitigating the risks associated with the WebWyrm malware campaign.

The post Silent Predator Unveiled: Decoding WebWyrm Stealthy Malware affecting 50 countries appeared first on Information Security Newspaper | Hacking News.

Researchers Aleksandar Milenkoski and Tom Hegel said in a report that was released on Thursday that the ongoing campaign, which has been given the codename “Operation Magalenha,” initially relied on cloud service providers such as DigitalOcean and Dropbox. However, as a result of these companies tightening rules on how their services can be used, the operation has pivoted to the Russia-based web hosting provider TimeWeb. The operation started at the beginning of this year, but the majority of the assaults were carried out in the most recent month.

Hacking groups based in Brazil that were becoming increasingly sophisticated carried out operations together with malware developers based in other countries, including Eastern Europe and Russia. This is how the Brazilian malware ecosystem first caught the attention of the information security industry nearly a decade ago. Researchers from Kaspersky in the year 2020 labeled a grouping of four banking trojans as “Tetrade.” This grouping originated in Brazil, which continues to be the hub of the most powerful financially-focused malware.

The ongoing existence of the Brazilian cybercriminal underground is shown by Operation Magalenha, as is the steadily increasing danger presented by the threat players operating inside it. According to what Milenkoski and Hegel wrote in their research, these organizations have “a consistent capacity to update their malware arsenal and tactics, which allows them to remain effective in their campaigns.”

Phishing emails that are purporting to originate from Energias de Portugal (EDP) and the Portuguese Tax and Customs Authority (AT), as well as social engineering and malicious websites that resemble these institutions, are some of the tactics that the attackers employ to spread their malware to their targets. Other methods include social engineering.

The infection starts with the execution of an obfuscated VB script, which then retrieves and runs a malware loader. After a five-second wait, the malware loader then installs two different versions of the ‘PeepingTitle’ backdoor onto the machine of the victim. This is how the infection starts in all situations. The experts note that the objective of such scripts is to distract the users while malware is downloaded and to steal their EDP and AT credentials by leading them to the relevant phony portals. This is accomplished by redirecting the users to the fake websites.

PeepingTitle is a piece of malicious software that was built in Delphi and has a compilation date of April 2023. Sentinel Labs thinks that it was created by either a single individual or a team. The attackers drop two variations because they want to use one for recording the victim’s screen and the other for monitoring windows and the user’s interactions with those windows. This is why the attackers drop two variants.

After registering the target system and delivering reconnaissance information to the attackers, the second variation is also able to retrieve more payloads to steal. The virus searches for windows that match a predefined list of financial institutions, and when it discovers one, it begins logging all user input (including credentials) and sending it to the command and control server of the malicious actor. Screenshots may also be taken using PeepingTitle, processes on the host can be terminated, PeepingTitle’s monitoring interval settings can be changed on the fly, and it can stage payloads derived from executables or DLL files by utilizing Windows rundll32.

According to the researchers, Operation Magalenha is the most recent version of a larger group of financially driven hacking attempts that started in 2021. This larger group includes Operation Magalenha.

In its most recent incarnation, it grants the attacker power over infected PCs by relying on a pair of backdoors that must be launched at the same time. The backdoors, which have been given the name “PeepingTitle,” provide the attacker the ability to monitor window activity, capture screenshots without authorization, terminate processes, and install other malware, such as data exfiltration tools.

According to the researchers, “their ability to plan attacks in Portuguese and Spanish-speaking nations in Europe, Central, and Latin America suggests an understanding of the local financial landscape and a willingness to expend time and resources in developing targeted campaigns.”

The post Portuguese banks customers beware these hackers want to steal your money appeared first on Information Security Newspaper | Hacking News.

A firmware image’s validity is confirmed by Intel Boot Guard by determining if it was signed with a legitimate private signing key and an embedded public key in the Intel hardware. The firmware may only be loaded into the device once it has been confirmed. In such case, the firmware is disabled. The recent disclosure of private keys related to the Intel Boot Guard security feature is being aggressively investigated by Intel. The public keys required to validate software signed with the disclosed keys are thought to be integrated into Intel hardware, which makes the released keys a serious issue. On devices employing the disclosed keys, the security feature’s dependability is at risk unless these keys cannot be changed.

On Twitter, Binary posted a warning about the possible effects of the stolen keys on the Intel Boot Guard system. According to the alert, an attacker may be able to sign modified firmware for the impacted devices using the disclosed private keys, circumventing Intel Boot Guard’s verification and making the technology useless.

The majority of threat actors may not find use for the exposed keys, but knowledgeable attackers have employed malicious firmware in the past, including the authors of the CosmicStrand and BlackLotus UEFI malware. A list of the 116 MSI products that are supposedly impacted by the stolen Intel Boot Guard keys has been made public by Binary. Given that attackers may now be able to create malicious firmware upgrades on vulnerable devices without worrying about being discovered by the security feature, the leak emphasizes the urgent need for Intel and MSI to solve the possible hole in Intel Boot Guard protection. The breach may have left MSI devices with 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake CPUs unable of utilizing Intel Boot Guard.

The post These 57 MSI laptop models are insecure as Intel Boot Guard can’t protect it from UEFI attacks appeared first on Information Security Newspaper | Hacking News.

During a recent campaign, Kimsuky targeted the employees of the Korea Risk Group (KRG), which is an information and analysis organization that specializes in subjects that have both direct and indirect effects on the Democratic People’s Republic of Korea (DPRK). Kimsuky continues to employ phishing emails that have been carefully designed by himself for the purpose of deploying ReconShark. Notably, spear-phishing emails are created with a degree of design quality customized for certain persons, which increases the possibility that the target would open the email. This involves using correct formatting, language, and visual signals so that the content seems authentic to readers who are not paying attention. Notably, both the targeted emails, which include links to download harmful papers, as well as the malicious documents themselves, exploit the names of genuine people whose knowledge is relevant to the subject matter of the bait, such as Political Scientists.

Kimsuky’s nefarious emails include a link that, when clicked, will direct the recipient to a file that requires a password in order to access it. Most recently, they started hosting the infected document for download on Microsoft OneDrive, which is a cloud storage service.Exfiltrating information about the infected platform is the primary function of ReconShark. This includes information about current processes, information about the battery that is attached to the device, and information about endpoint threat detection measures that have been implemented.

In a manner similar to those of earlier iterations of BabyShark, ReconShark depends on Windows Management Instrumentation (WMI) to query information on processes and batteries. ReconShark does more than just steal information; it also distributes additional payloads in a multi-stage process. These payloads may be built as scripts (VBS, HTA, and Windows Batch), macro-enabled Microsoft Office templates, or Windows DLL files. The types of detecting mechanism processes that are active on compromised computers are taken into consideration when ReconShark chooses which payloads to send out.

In order to avoid being detected by static analysis methods, some ReconShark sequences are encoded using a pretty simple encryption. Typically, the instructions or scripts that are included inside these strings are for downloading and/or running payloads. All of the infrastructure that has been spotted as part of this campaign is housed on a shared hosting server provided by NameCheap. LiteSpeed Web Server (LSWS) was often used by operators of the Kimsuky malware in order to manage the harmful functionality. The continual attacks by Kimsuky and their use of the innovative reconnaissance tool ReconShark provide insight on the ever-changing nature of the North Korean threat environment. Organizations and people need to be aware of the tactics, techniques, and procedures (TTPs) utilized by North Korea state-sponsored advanced persistent threats (APTs) and take the required steps to defend themselves against attacks of this kind.

The post ReconShark: New undetectable reconnaissance tool used by cybercriminals for hacking appeared first on Information Security Newspaper | Hacking News.

The specifics of the attack have not been made public at this time. The corporation issued a statement on its temporary website stating that it has found no evidence of a data theft, but it did warn that investigations by independent specialists are still going on.

Bitmarck, a company that has over 1,600 employees, has said that both the customer and internal systems have been taken down as a safety measure. It emphasized that the patient information it stores is subject to additional safeguards and was not “in danger” as a result of the incident.

When these services are taken down, it has an effect on a wide variety of people and organizations who are affiliated with Bitmarck’s services, notably those that depend on the firm to issue electronic illness certificates, which are used in Germany to pay workers while they are out from work.

Bitmarck also issued a warning that the pharmacies with whom it collaborates may potentially have technical issues. The company said, however, that it intended to put the affected systems back up in a careful way so as to limit the effect and the danger to customers.

The business added in its statement that it expected interruptions to persist “for the foreseeable future,” since whole data centers had been pulled down, and resuming them would likely be followed by temporary service failure.

The firm issued the following statement in response to the disruption: “We deeply regret the inconvenience caused to our customers, service providers, and insured persons and are working to restore the systems as quickly as possible.”

It was stated that owing to continuing forensic investigations and inquiries by the authorities, it was unable to identify the individuals who carried out the act.

Following a similar cyberattack in January that resulted in the theft of more than 300,000 insurance policyholders’ personal information from Bitmarck’s internal systems, another cyberattack occurred in April.

Initially, the firm said that no policyholder data had been stolen; however, it subsequently found out that personally identifiable information, such as names, dates of birth, and insurance card identification numbers, had been taken.

Bitmarck “cannot answer” the issue of who hacked its network and how, and as of the time of publication, the company has not responded to the inquiries made on how the attackers broke in and what data they viewed while they were within the network.

After the company’s early warning tool discovered a breach in one of its internal systems, Bismarck stated that it “immediately” informed law enforcement and government regulators, and it also brought in outside security specialists.

The post Work at Germany hospitals and pharmacies slow down as big IT service provider hacked again appeared first on Information Security Newspaper | Hacking News.

In a statement that was made to the Mexican Stock Exchange (BMV), it said that “the company is working with experts on measures to avoid an adverse impact on an adverse impact on its information technology applications.” The corporation did not elaborate on whether the event included a breach, the loss of data or passwords, or an attack of its networks.

It is important to highlight that this is not the first time that Coca-Cola FEMSA has been the victim of a cyber attack. At the end of April 2022, the soft drink company reported that it had been attacked by the Stormous ransomware, a group that had emerged at the beginning of that year. The group claimed that it had put up for sale more than 161 gigabytes of financial data, accounts, and passwords. This attack did not take place in the Mexican market.

The post Coca-Cola hacked again, becomes victim of cyber attack in Mexico appeared first on Information Security Newspaper | Hacking News.

It was in November of the previous year that the investigators found out about the hack on the computer systems of the CGPJ via the judicial authorities. Here is where everything got started. Access to the various departments and agencies that make up the General State Administration were hacked through the Judicial network.

Several state institutions, including the State Tax Administration Agency, were compromised as a result of the significant infiltration. Personal information, account numbers, and bank balances, together with other sensitive notes, were among the sensitive information that became public as a direct result of one of the repercussions.

The information that was stolen by the hacker was uploaded to two servers that were located in Lithuania. After that, they started selling the personal information of a large number of victims by using the platform known as uSms. 

The arrested individual is also the creator of a site that he called Udyat, which means “The Eye of Horus.” The name alludes to a connection between this ancient Egyptian sign and the capability of this computer architecture to access private and confidential information. It was discovered by the Spanish authorities that he had bragged about his access to information from 90% of Spanish individuals in an interview that was posted on YouTube.

According to the evidence presented by the National Police, the inmate would have used these unlawful incursions as a means to establish a database aimed as a service for consulting and selling illicit information. This information was sold to third parties.

Even though he is just 19 years old, he is recognized as a specialist in the field of cryptocurrency as well as the hiding of cash. Because of his very high status, he was seen as a significant risk to the country’s national security. All of this is a direct result of the scope of his attacks and the sensitive material he worked with.

Alcasec lived an extravagant lifestyle that was unfit for someone of his age and was completely unjustifiable. On the other hand, they are not insignificant statistics, and there is no work activity. When his lavish lifestyle became public knowledge, people learned that he took pricey vacations, shopped at upscale boutiques and brands, dined at upscale restaurants, and even operated a luxury automobile.

A significant portion of the illegal profits he made came from a convoluted scheme that included the concealment of money via the use of bitcoin mixing-mixing businesses. Because of this, tracking was made more difficult since the connection between the cash and the receiver was severed. The authorities who were tasked with tracking him down are well aware that the young guy posed a significant risk to the nation’s security as a result of the enormity of the hacks that he carried out as well as the vast quantity of sensitive personal data that he was in possession of.

The teenage cybercriminal who was behind these actions was tracked down by investigators who specialize in the examination of cyberthreats working for the General Information Commissioner. It was 19-year-old José Luis H., also known by his moniker, Alcasec. He had a great deal of expertise in the realm of cybercrime.

The investigation that was successful was carried out with the assistance of agents from the General Information Commissioner’s Office.

Over the course of the operation, the detainee’s place of residence as well as their address were investigated. The agents have interfered at these residences, resulting in the recovery of a significant sum of cash as well as several documents, effects, and computer equipment. The investigators are looking at every aspect of the case. In addition to that, a motorbike and a luxury automobile have also been involved in the intervention.

The post Most dangerous spanish hacker arrested because of his stupidity appeared first on Information Security Newspaper | Hacking News.

When a consumer makes a purchase through Genesis, they are really acquiring the opportunity to have all of the victim’s authentication cookies loaded into their browser. This enables the buyer to access online accounts belonging to the victim without the need for a password, and in certain circumstances without the necessity for multi-factor authentication. The price of Genesis bots varied quite a little, but in general, bots that had access to particular financial services like as PayPal and Coinbase, or ones that had a big quantity of passwords and authentication cookies, tended to fetch much higher rates.

During the course of its history, Genesis Market is responsible for a lot of developments that are used by cybercriminals. Genesis Security is probably the greatest example of this because it is a special Web browser plugin that can load a Genesis bot profile. This allows the browser to imitate practically every key characteristic of the victim’s device, from screen size and refresh rate all the way to the one-of-a-kind user agent string that is attached to the victim’s online browser. Genesis Security is probably the best example because it is probably the finest example. According to experts, the administrators of Genesis Market assert that they are a group of experts with “deep expertise in the area of systems metrics.” They claim that they were able to construct the Genesis Security program by doing research on the 47 most popular browser fingerprinting and tracking systems, in addition to the systems used by different banking and payment companies.

According to specialists in cybersecurity, Genesis and a few other bot marketplaces are popular among cybercriminals who strive to locate and acquire bots within corporate networks. These cybercriminals then offer access to these networks to ransomware gangs. One of the aspects of Genesis that sets it apart from other bot shops is the ability for customers to keep access to infected systems in real-time. This means that if the legitimate owner of an infected system establishes a new account online, those new credentials will be stolen and presented in the web-based panel of the Genesis client who bought that bot. This is one of the aspects of Genesis that sets it apart from other bot shops.

But, at an earlier time today, the homepages of various domains affiliated with Genesis were replaced with a seizure notice from the FBI. The notification said that the domains were taken in accordance with a warrant issued by the United States District Court for the Eastern District of Wisconsin. The  law enforcement agencies in the United States, Canada, and throughout Europe are currently serving arrest warrants on dozens of individuals who are believed to support Genesis in one of two ways: either by maintaining the website or by selling the service bot logs from infected systems. The information was provided by the sources. The notice of seizure has the official seals of numerous different law enforcement agencies from across the world, including those from Australia, Canada, Denmark, Germany, the Netherlands, Spain, and Sweden, as well as the United Kingdom.

The post Genesis Market, one of biggest identity theft platforms in darkweb hacked by FBI appeared first on Information Security Newspaper | Hacking News.

The hackers claim that they tried to extort a ransom from the firm via “conversation,” but the company declined to interact with them. Sun Pharmaceuticals did not respond to the hackers’ claims.

The hackers claim that Sun Pharmaceuticals purposefully downplayed the significance of the data leak by claiming in public that it was only a “small issue.”

In addition, the hackers claim that the company’s information technology staff is continuously attempting to arrest the criminals operating inside the company’s network by putting in place a variety of honeypot traps.

In filings with the Bombay Stock Exchange, Sun Pharmaceuticals, which is the fourth-largest specialty generic pharmaceutical business in the world, said that attempts to contain and eliminate the ransomware are underway, and that a cybersecurity firm has been recruited to assist react to the situation. The pharmaceutical medicines manufactured by this Mumbai-based corporation were sold in more than one hundred different countries in 2022, resulting in sales of $5 billion. It has more than 37,000 workers under its payroll.

The business has acknowledged that an anonymous ransomware gang has claimed responsibility for the attack; however, they have not identified the group. On March 24, the infamous Black Cat/AlphV ransomware organization posted information about the firm on their leak site.

The hackers have made threats to release material linked to the company’s alleged doping study, and they have threatened to do so many times. 

The purported data breach at Sun Pharmaceutical Industries Ltd. may have severe and far-reaching repercussions in the event that it was confirmed to have occurred.

The price of Sun Pharma’s stock was lower than expected when trading began in Mumbai. Nevertheless, it was trading at 980.30 rupees, a gain of 0.8%, on the BSE at 9.40 in the morning after recovering from its losses. The BSE Sensex had a gain of 0.4%.

This comes at a time when there is an increasing risk of similar attacks being carried out on the healthcare industry in India, which is the industry that has been targeted the most, followed by education, research, the government, and the armed forces.

As compared to other industries in India, the healthcare sector had the highest number of cyberattacks. In 2022, an organization in India was attacked an average of 1,866 times each week. In 2022, there was a 38% year-on-year rise in the number of global cyberattacks.

The post Fourth-largest generic pharmaceutical company warns of revenue loss after big ransomware attack appeared first on Information Security Newspaper | Hacking News.

The total number of government websites that victims were accessing when their credentials were compromised is as follows:

Chile:105
Mexico: 431
Peru: 265
The following is a list of online banking websites in latin america that victims were using when their credentials were compromised and subsequently stolen:

In these campaigns, strategies, tactics, and processes known as TTPs were used that are similar to the banking trojan known as Mispadu.
ESET made the discovery of the malware known as Mispadu around 2019; it is known to target nations in South America via spamming and malicious advertising activities. Because of the group’s malware-as-a-service mode of operation as well as the high level of activity it displays in the area, it is vital to keep an eye on this organization. As a consequence of this, the gang has been continually launching new sorts of operations. These campaigns feature many levels of obfuscation as well as new methodologies, which makes it challenging to adequately safeguard systems against the threat.

Compromising genuine websites and using them as Command & Control Servers for the purpose of furthering the propagation of malware is one of their primary techniques. They achieve this by scanning for websites using outdated versions of content management systems, like WordPress, and compromising those websites. From that point on, they leverage these websites to spread malware in a customized manner. For example, they may filter out countries that they do not wish to infect, drop different types of malware depending on the country that is being infected, and even deploy a one-of-a-kind malicious RAT (Remote Administration Tool) when they detect an interesting device, such as a computer belonging to an employee of a bank.

Throughout these campaigns, the gang will not consider a victim if that person’s system language is any of the following:

Spanish Spain
The English United States of America
Portuguese – Brazil

Since the cybercriminals have automated a method for producing payloads, they are able to swiftly distribute new kinds of malware. As a result, they can extend their operations and run many campaigns in simultaneously.

According to the findings of research of the malware, it is abundantly evident that the gang has an in-depth understanding of the major financial institutions and banks located inside the Latin American nations under attack. The use of several Spanish terms in their malware provides evidence that some of the programmers may be of Latino descent; more precisely, the slang that was used in the comments provides evidence that some of the programmers may be from Chile.

Researchers found numerous additional strategies that were incorporated in this enormous outbreak, which allowed the cybercriminals to access hundreds of different credentials. .

Its multi-stage infection method breaks the dangerous tactics down into their constituent parts, making it more difficult to spot. The following figure provides a visual representation of this tactic:

In order to make it more difficult to detect, cybercriminals embed malware inside of false certificates. They then utilize an authorized Windows tool called “certutil” in an improper manner in order to decode and run the banking malware.

Although while Mispadu campaigns were successful in compromising thousands of users, the infection rate of corporate users (who typically have both an antivirus and an EDR/XDR) is still relatively low. This is because corporate users generally have both of these security measures in place.

However, businesses need to operate under the assumption that at some point in the not-too-distant future, one of their employees will be compromised. As a result, they should devise a plan that will help cut down on the amount of time it takes to detect and respond to security threats, while also improving the SOC’s monitoring, detection, and response capabilities.

The post Mispadu Banking Trojan Is Stealing Millions From Victims In Chile, Mexico, Peru And Portugal appeared first on Information Security Newspaper | Hacking News.

BreachForums quickly became the go-to site for hackers looking to buy stolen data and sell troves of information obtained during hacks and attacks. The forum was recently in the headlines when hackers released on the site data taken from Washington, D.C.’s healthcare exchange platform, including confidential information of House members and employees.

But, in a message posted earlier today on the official Breach Forums Telegram channel, Baphomet confirmed the forum’s permanent closure. In a statement, Baphomet apologized to forum members for any inconvenience and stressed that their decision was taken for everyone’s benefit and safety.

Administrator Baphomet’s original goal was to keep Breach Forums open, but what changed their minds? The administrator said in a statement that they decided to shut down the site after discovering that someone had entered into an old forum CDN server on March 19th at 1:34 EST, 2023, indicating that federal officials had access to Fitzpatrick’s equipment.

While the closure of Breach Forums is considered as a commendable effort, it may become a rabbit hole for investigators, cybersecurity journalists, and academics. With no dependable community to turn to, fraudsters may resort to dumping stolen datasets on Russian-language forums, posing a wider and larger-scale danger to unwary people and institutions.

Baphomet, who has not been recognized, intends to switch the site’s domains to a new one while continuing to operate a Telegram channel.

The administrator will create a new Telegram group for anybody interested in developing a cybercriminal replacement site.

Baphomet also said that they are interested in collaborating with “some of the rival forum moderators and different service operators” who have reached out in the last few days to create a new community “that will contain the greatest elements of Breached, while lowering the attack surfaces we never adequately addressed.” “As with anything like this, I have no doubt our userbase will be swallowed by another community,” the administrator added. “But, if there is patience, I aim to bring something back that will challenge any other community that can take our place.”

The post Why famous cyber criminal forum Breach Forums has been closed down forever? appeared first on Information Security Newspaper | Hacking News.

What is Darknet?

“The Dark Net” is a hidden segment of the Internet designed for anonymous communication, trading, and file sharing. “Hidden” means that you can find the pages in it in the familiar search engines, nor can you visit them by a link. It would be best if you had special software to do this, for example, the modern site tor2door url.

Darknet is an anonymous and uncontrolled part of the Internet, inaccessible to ordinary search engines like Google. It operates in a non-centralized way, accessible through particular browsers that route encrypted messages via several servers to disguise the user’s location. This way, almost complete anonymity is preserved.

In addition, there can be more than one darknet simultaneously. However, several other obstacles exist: “verified” users or people with special privileged status must often recommend new members to closed communities. All of this makes it even more difficult for law enforcement to monitor the darknet.

Interesting facts about the dark side of the Internet

10 distinctive features of the dark web that everyone needs to know about are the following:

• It is possible to use the darknet for good purposes, such as file sharing or registration on specific sites if they are banned in the territory of the user’s state;
• The use of an encrypted connection allows you to protect your rights and freedoms and “escape” from political repression;
• The darknet uses domains that cannot be accessed through a typical network using standard browsers. These are often pseudo-domains in the .onion or .i2p domain zone and others;
• Dark networks are a great way to monitor the actions of criminal organizations, as well as to anticipate and prevent military action;
• If you imagine the Internet as an ocean, the darknet will be its third, deepest layer, where users of Chrome, Safari, and Edge never penetrate; an experienced diver will detect the darknet or a set of anonymous computer networks;
• An additional level of protection during the application of the browser network will provide a change of user after each login and other settings;
• Any object intended for wide distribution will be available to a specific part of the audience with permission to copy;
• Users can copy objects if they can, and if they want this;
• High bandwidth channels connect users;
• It is always possible to keep data and complete privacy, even on the darknet, if you use leak preservation guidelines and find a good service provider with positive reviews.

There are many reasons for users to remain anonymous on the Web. First, not everyone is ready to put up with intelligence agencies and online platforms collecting data about them. Secondly, authoritarian states increasingly block unwanted sites. That is why the darknet remains millions of people’s only source of independent information. Finally, suppose you use a reliable service provider, tor2door. In that case, that takes care of your online users and does not allow your personal and payment data to be leaked; the advantages of the invisible side of the Internet are obvious.

The post <strong>10 things to know about the dark web – you’ll be surprised</strong> appeared first on Information Security Newspaper | Hacking News.