Apr 03 2023

Tor Project Creates New Privacy-Focused Browser using VPN Layer

Category: Information Privacy,Web SecurityDISC @ 3:18 pm

The Tor browser guarantees that your communication remains operational through a decentralized network of transfers maintained by volunteers located worldwide.

It safeguards your internet connection from prying eyes by preventing any individual from monitoring the websites you visit, shields your physical location from being disclosed to the websites you browse, and enables access to blocked websites.

Numerous reasons exist for why individuals may seek to share files anonymously, with the most prominent being the case of whistleblowers or political activists striving to avoid persecution.

When a user initiates Tor, it initially passes through the first node in the circuit chosen from a pool of 2500 out of 7000 computers referred to as the “Entry Guard.” These nodes are known for their high uptime and availability.

New Mullvad Browser

A new browser was launched today, featuring an alternative infrastructure that includes a layer of VPN support in place of the Tor network.

With the new Mullvad Browser, anyone can fully utilize the privacy features developed by the Tor Project.

“Mullvad Browser, a free, privacy-preserving web browser to challenge the all-too-prevalent business model of exploiting people’s data for profit,” Torproject said.

This could be another privacy-focused browser that does not require extensions or plugins to bolster its privacy features.

“Our goal was to give users the privacy protections of Tor Browser without Tor. For instance, the Mullvad Browser applies a “hide-in-the-crowd” approach to online privacy by creating a similar fingerprint for all of its users.”

The Mullvad Browser has a default private mode that obstructs third-party trackers and cookies while providing convenient cookie deletion options.

Mullvad aims to handle all of that for you, allowing you to open the browser with the assurance that you are not easily traceable.

“Our mission at the Tor Project is to advance human rights by building technology that protects people’s privacy, provides anonymity and helps them bypass censorship.”

“We want to free the internet from mass surveillance and a VPN alone is not enough to achieve privacy. From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project’s but with a VPN instead of the Tor Network,” says Jan Jonsson, CEO at Mullvad VPN.

The Tor Project has released a statement affirming that the Tor Browser will continue to evolve and enhance its capabilities.

Dark Web Onion Sites For Anonymous Online Activities: Browse The Dark Web Safely And Anonymously

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: dark web, Privacy-Focused Browser, Tor Project

Jan 02 2023

Cyber Crime: The Dark Web Uncovered

Category: Cybercrime,Dark Web,Information SecurityDISC @ 2:54 pm

Cyber Crime: The Dark Web Uncovered

11 of the world’s top cyber security experts gather to discuss how to protect ourselves against cybercrime. Includes interviews with Rob Boles, Jesse Castro, Michael Einbinder-Schatz, Rick Jordan, Konrad Martin, Rene Miller, Paul Nebb, Will Nobles, Adam Pittman, Leia Shilobod, and Peter Verlezza.

Directors Jeff Roldan Starring 11 Top Cyber Security Experts

Genres Documentary SubtitlesEnglish [CC] Audio languagesEnglish

Tags: cyber crime, dark web

Dec 09 2022

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

Category: Hacking,MalwareDISC @ 1:44 pm

ThreatFabric’s security researchers have reported a new dark web platform through which cybercriminals can easily add malware to legitimate Android applications.

Dubbed Zombinder, this platform was detected while investigating a campaign in which scammers were distributing multiple kinds of Windows and Android malware, including Android banking malware like Ermac, Laplas “clipper,” Erbium, and the Aurora stealer, etc.

This comes just days after a new dark web marketplace called InTheBox surfaced online, serving smartphone malware developers and operators.

Further probe helped researchers trace the adversary to a third-party dark web service provider called Zombinder. It was identified as an app programming interface binding service launched in March 2022.

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

According to ThreatFabric’s blog post, numerous different threat actors are using this service and advertising it on hacker forums. On one such forum, the service was promoted as a universal binder that binds malware with almost any legitimate app.

The campaign is designed to appear as it helps users access internet points by imitating the WiFi authorization portal. In reality, it pushes several different malware strains.

What does Zombinder Do?

In the campaign detected by ThreatFabric’s researchers, the service is distributing the Xenomorph banking malware disguised as the VidMate app. It is distributed via modified apps advertised/downloaded from a malicious website mimicking the application’s original website. The victim is lured to visit this site via malicious ads.

The Zombinder-infected app works just as it is marketed while the malicious activity carries on in the background and the victim stays unaware of the malware infection.

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

At the moment, Zombinder is focusing entirely on Android apps but the service operators are offering Windows apps binding services. Those who downloaded the infected Windows app were delivered the Erbium stealer as well. It is an infamous Windows malware distributed to steal stored passwords, cookies, credit card details, and cryptocurrency wallet data.

It is worth noting that two downloaded buttons on the malicious website’s landing page, one for Windows and the other for Android. when a user clicks on the Download for Windows button, they are delivered malware designed for Microsoft operating system, including Aurora, Erbium, and Laplas clipper. Conversely, the Download for Android button distributes the Ermac malware.

How to Stay Protected?

If you want to stay safe, do not sideload apps even if you are desperate to make a specific product work. Also, avoid installing apps from unauthentic or unknown sources onto your Android mobile phone and rely on legitimate sources such as Google Play Store, Amazon Appstore, or Samsung Galaxy Store. Always check the app’s rating, and reviews, and check out the app developers’ website before installing a new app.

Cyber Deep Web

Tags: Cyber Deep Web, dark net, dark web, Zombinder

Nov 27 2022

Nearly 500 million WhatsApp User Records Sold Online

Category: Dark Web,Hacking,Social networkDISC @ 10:06 am

The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers.

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile phone numbers on a popular hacking community forum which surfaced as an alternative to popular and now-sized Raidforums.

The 2022 database is said to contain WhatsApp user data from 84 countries with Egypt having the largest chunk of stolen phone numbers (45 million), Italy with 35 million, and the US with 32 million. 

The complete list of countries is included in the original report by Cybernews which also contains the exact amount of numbers up for sale. According to the threat actor, they are willing to sell the US dataset for $7000, the UK one for $2500, and the German one for $2000. 

Nearly 500 million WhatsApp User Records Sold Online

Upon being requested, the threat actor also shared a sample of data with researchers who then confirmed that the numbers included in the sample were in fact WhatsApp users. The exact sample contained 1097 UK and 817 US mobile numbers. 

The seller did not reveal their process for obtaining the database and simply said they “used their strategy” to collect the data. Whatever the method used, the damage that can be caused by this leakage should not be taken lightly.

Such data is readily bought by attackers to use for smishing and vishing attacks. It is advised that you cautiously interact with unknown calls, unsolicited calls, and messages. Impersonation and fraud are also common worries associated with mobile number leakage. 

Meta has refused to comment on this for now, while in their report, Cybernews speculates that this information could have been obtained by harvesting information at scale, also known as scraping, which violates WhatsApp’s Terms of Service. 

However, Hackread.com can confirm that, at the time of writing, the listing was deleted from the hacker forum. Another listing was published in which another threat actor is claiming to sell details of WhatsApp users.

Unfriended: Dark Web

Nearly 500 million WhatsApp User Records Sold Online

Tags: dark web, WhatsApp User

Aug 29 2022

NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

Category: Cyber Threats,Cyber War,Dark Web,Digital cold warDISC @ 1:23 pm

Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

blue hacker hands over keyboard
Source: Andrey Khokhlov via Alamy Stock Photo

NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report.

The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.

Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.

Contradicting the cyberattackers’ claims in their ads, nothing up for grabs is classified information, MBDA said. It added that the data was acquired from a compromised external hard drive, not the company’s internal networks.

NATO, meanwhile, is “assessing claims relating to data allegedly stolen from MBDA,” a NATO official told Dark Reading on Monday.

“We have no indication that any NATO network has been compromised,” the official said.

Double Extortion

MBDA acknowledged in early August that it was “the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks,” in a post on its website.

The company refused to pay the ransom and thus the data was leaked for sale online, according to the post.

Specifically, threat actors are selling 80GB of stolen data on both Russian- and English-language forums with a price tag of 15 bitcoins, which is about $297,279, according to a report from the BBC, which broke the news about the NATO investigation Friday. In fact, cybercriminals claim to already have sold data to at least one buyer.

NATO is investigating one of the firm’s suppliers as the possible source of the breach, according to the report. MBDA is a joint venture between three key shareholders: AirBus, BAE Systems, and Leonardo. Though the company operates out of Europe, it has subsidiaries worldwide, including MBDA Missile Systems in the United States.

The company is working with authorities in Italy, where the breach occurred.

MBDA reported $3.5 billion in revenue last year and counts NATO, the US military, and the UK Ministry of Defense among its customers.

Classified Info & Ukraine

Hackers claimed in their ad for the leaked data to have “classified information about employees of companies that took part in the development of closed military projects,” as well as “design documentation, drawings, presentations, video and photo materials, contract agreements, and correspondence with other companies,” according to the BBC.

Among the sample files in a 50-megabyte stash viewed by the BBC is a presentation appearing to provide blueprints of the Land Ceptor Common Anti-Air Modular Missile (CAMM), including the precise location of the electronic storage unit within it. One of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is currently operational, according to the report.

This might provide a clue about the motive of threat actors; advanced persistent threats (APTs) aligned with Russia began hitting Ukraine with cyberattacks even before the Russian official invasion on Feb. 24.

After the conflict on the ground began, threat actors continued to throttle Ukraine with a cyberwar to support the Russian military efforts.

The sample data viewed by the BBC also included documents labelled “NATO CONFIDENTIAL,” “NATO RESTRICTED,” and “Unclassified Controlled Information,” according to the report. At least one stolen folder contains detailed drawings of MBDA equipment.

The criminals also sent by email documents to the BBC including two marked “NATO SECRET,” according to the report. The hackers did not confirm whether the material had come from a single source or more than one hacked source.

Nonetheless, MBDA insists that the verification processes that the company has executed so far “indicate that the data made available online are neither classified data nor sensitive.”



Cyber War

Tags: cyber threats, cyberwarfare, dark web

May 14 2022

He sold cracked passwords for a living – now he’s serving 4 years in prison

Category: Dark Web,Hacking,Password SecurityDISC @ 12:07 pm

In this article, it turns out to be the first name (in Latin script, anyway) of a convicted cybercriminal called Glib Oleksandr Ivanov-Tolpintsev.

Originally from Ukraine, Tolpintsev, who is now 28, was arrested in Poland late in 2020.

He was extradited to the US the following year, first appearing in a Florida court on 07 September 2021, charged with “trafficking in unauthorized access devices, and trafficking in computer passwords.”

In plain English, Tolpintsev was accused of operating what’s known as a botnet (short for robot network), which refers to a collection of other people’s computers that a cybercriminal can control remotely at will.

A botnet acts as a network of zombie computers ready to download instructions and carry them out without the permission, or even the knowledge, of their legitimate owners.

Tolpintsev was also accused of using that botnet to crack passwords that he then sold on the dark web.

What to do?

Tolpintsev’s ill-gotten gains, at just over $80,000, may sound modest compared to the multi-million dollar ransoms demanded by some ransomware criminals.

But the figure of $82,648 is just what the DOJ was able to show he’d earned from his online password sales, and ransomware criminals were probably amongst his customers anyway.

So, don’t forget the following:

  • Pick proper passwords. For accounts that require a conventional username and password, choose wisely, or get a password manager to do it for you. Most password crackers use password lists that put the most likely and the easiest-to-type passwords at the top. These list generators use a variety of password construction rules in an effort to generate human-like “random” choices such as jemima-1985 (name and year of birth) ahead of passwords that a computer might have selected, such as dexndb-8793. Stolen password hashes that were stored with a slow-to-test algorithm such as PBKDF2 or bcrypt can slow an attacker down to trying just a few passwords a second, even with a large botnet of cracking computers. But if your password is one of the first few that gets tried, you’ll be one of the first few to get compromised.
  • Use 2FA if you can. 2FA, short for two-factor authentication, usually requires you to provide a one-time code when you login, as well as your password. The code is typically generated by an app on your phone, or sent in a text message, and is different every time. Other forms of 2FA include biometric, for example requiring you to scan a fingerprint, or cryptographic, such as requiring you to sign a random message with a private cryptographic key (a key that might be securely stored in a USB device or a smartcard, itself protected by a PIN). 2FA doen’t eliminate the risk of crooks breaking into your network, but it makes individual cracked or stolen passwords much less useful on their own.
  • Never re-use passwords. A good password manager will not only generated wacky, random passwords for you, it will prevent you from using the same password twice. Remember that the crooks don’t have to crack your Windows password or your FileVault password if it’s the same as (or similar to) the password you used on your local sports club website that just got hacked-and-cracked.
  • Never ignore malware, even on computers you don’t care about yourself. This story is a clear reminder that, when it comes to malware, an injury to one really is an injury to all. As Glib Oleksandr Ivanov-Tolpintsev showed, not all cybercriminals will use zombie malware on your computer directly against you – instead, they use your infected computer to help them attack other people.

The Darkest Web

The Darkest Web (Allison Barton Book 2) by [Kristin Wright]

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: cracked passwords, dark web, The Darkest Web

Nov 24 2021

There’s More to Threat Intelligence Than Dark Web Monitoring

Category: Dark Web,Web SecurityDISC @ 10:06 am

Dark web monitoring seems to be a hot buzzword in discussions about cyberthreat intelligence (CTI) and how it helps cybersecurity strategy and operations. Indeed, dark web monitoring enables a better understanding of an attacker’s perspective and following their activities on dark web forums can have a great impact on cybersecurity readiness and

Accurate and timely knowledge of attackers’ locations, tools and plans helps analysts anticipate and mitigate targeted threats, reduce risk and enhance security resilience. So why isn’t dark web monitoring enough? The answer lies in both coverage and context.

When we talk about visibility beyond the organization, one needs to make sure the different layers of the web are covered. Adversaries are everywhere, and vital information can be discovered in any layer of the web. In addition, dark web monitoring alone provides threat intelligence that is siloed and out of context. In order to make informed and accurate
decisions, a CTI plan has to be both targeted, based on an organization’s needs and comprehensive, with extensive source coverage to support diverse use cases.

Be Wherever Adversaries Are

The internet as we know it is actually the open web, or the surface web. This is the top, exposed, public layer where organizations rarely look for CTI. The other layers are the deep web and the dark web, on which some sites are accessed through the Tor browser. Monitoring the deep/dark web is the most common source of CTI. However, to ensure complete visibility beyond the organization and optimal coverage for gathering CTI, all layers of the web should be monitored. Monitoring the dark web alone leaves an organization pretty much, well, in the dark.

The Shadow Brokers is a great example of why it is important to monitor more than just the dark web. In 2016, the Shadow Brokers published several hacking tools, including many zero-day exploits, from the “Equation Group,” which is considered to be tied to the U.S. National Security Agency (NSA). The exploits and vulnerabilities mostly targeted enterprise firewalls, antivirus software and Microsoft products. The initial publication of the leak was through the group’s Twitter account on August 13, 2016, and the references and instructions for obtaining and decrypting the tools and exploits were published on GitHub and Pastebin, both publicly accessible.

The WannaCry ransomware attack in May 2017 was also first revealed on Twitter, as were different reports on the attack.
Coverage of all layers of the web is necessary, yet even with expanded monitoring of additional layers of the web, an organization’s external threat intelligence picture remains incomplete and one-dimensional. There are additional threat intelligence sources to cover in order to get a complete threat intelligence view that is optimized for the needs of an
organization. These include:

Online Data Sources

Dark Web: Cicada 3301

Dark Web: Cicada 3301

Tags: dark web, Dark Web: Cicada 3301, deep web

Nov 03 2021

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Category: Access Control,Cyber Threats,CybercrimeDISC @ 9:02 am

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.

Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations. 

These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.

Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.

Intel 471 experts monitored the activities on the Dark Web over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.

The experts provided multiple examples of the offers they have found:

Disrupting Logistics: Startups, Technologies, and Investors Building Future Supply Chains – “This book presents readers with a straightforward and comprehensive assessment of supply chain innovation and trends and their impact on the industry. With contributions from several industry leaders, it provides critical knowledge and insight that supply chain and logistics managers need to implement disruptive technologies strategically.” 

Tags: dark net, dark web, shipping and logistics

Jul 09 2021

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Category: Hacking,Zero dayDISC @ 3:22 pm

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.  

The threat actor aims at buying malware with zero detection,

The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.

“The TA is willing to buy the following things with the deposited money.” states Cyble.

  • 1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products. 
  • 2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution. 
  • 3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million. 

The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.  

zero-day exploits

“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.

The Dark Web

Tags: cybercrime marketplace, dark web

Apr 08 2021

Italian charged with hiring “dark web hitman” to murder his ex-girlfriend

Category: Cyber Espionage,Web SecurityDISC @ 8:35 am

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”.

According to Europol:

The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill the ex-girlfriend of the suspect.

Heavy stuff, though Europol isn’t saying much more about how it traced the suspect other than that it “carried out an urgent, complex crypto-analysis.”

In this case, the word crypto is apparently being used to refer to cryptocurrency, not to cryptography or cryptanalysis.

In other words, the investigation seems to have focused on unravelling the process that the suspect followed in purchasing the bitcoins used to pay for the “hit”, rather than on decrypting the Tor connections used to locate the “hitman” in the first place, or in tracing the bitcoins to the alleged assassin.

Fortunately (if that is the right word), and as we have reported in the past, so-called dark web hitmen often turn out to be scammers – after all, if you’ve just done a secret online deal to have someone killed, you’re unlikely to complain to the authorities if the unknown person at the other end runs off with your cryptocoins:

Tags: dark net, dark web

Feb 09 2021

How Venturing Into The Shady Side of The Dark Web Will Most Likely Get You Scammed or Arrested

Category: Deepfakes,Web SecurityDISC @ 12:36 pm

The internet has come to be so developed, complex and ‘intelligent’ that, at present, you could say it is alive (like Skynet or The Matrix predicted?). Billions of people are online, every day, using the internet for work, entertainment, advice, you name it -it’s probably on the internet. We are now in the age of Artificial Intelligence and Big Data (or A.I for short). This period is an evolution, a transformation in the digital industry. Not only are petabytes of data being circulated on the internet (millions of terabytes); with A.I and Big Data all of this data is being put to use. This is effectively teaching the internet about user behavior, increasing the knowledge-base and making the internet into a neural-network able to ‘think’ for itself.

That’s all fine and dandy, but what about the dark side of the internet? Well, the evolution of the internet has spread so wide on countless digital channels and platforms, that the need to regulate and police the internet has risen. On such a vast network, there are countless dark organizations and cybercriminals looking to use the practicality of the internet as a communication tool for illegal activity. This can mean hacking and stealing data in the virtual realm, and it can also translate to the worst kinds of illicit activity imaginable in the physical realm.

So, let’s look at what lies beneath, in the underground world beneath the internet which is called the Deep Web. Then we’ll go even deeper down, and find out why the Dark Web is a dangerous and hostile place.

Tags: dark web

Jul 14 2020

A hacker is selling details of 142 million MGM hotel guests on the dark web

Category: Data Breach,Hacking,Security BreachDISC @ 11:06 am

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet

According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.


MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020

Protect Your Organization Against Massive Data Breaches and Their Consequences

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Tags: dark net, dark web

Jun 26 2020

Police arrested 32 people while investigating underground economy forum

Category: CybercrimeDISC @ 12:20 pm

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum.

Source: Police arrested 32 people while investigating underground economy forum

Exploring the Dark Web

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Tags: black market, dark net, dark web