Nov 14 2023

Hackers Selling Exploits For Critical Vulnerabilities On The Dark Web

Category: Dark Web,Information Securitydisc7 @ 1:31 pm

Dark forums and Telegram channels have become great places for threat actors to sell critical vulnerabilities and exploits.

These vulnerabilities and exploits were associated with the Elevation of Privilege, Authentication Bypass, SQL Injection, and Remote Code Execution in products like Windows, JetBrains software, Microsoft Streaming Service Proxy, and Ubuntu kernels.

Recent discoveries state that these vulnerabilities were sold in underground forums even before the Vendor officially assigned them.

One such example was the Microsoft Streaming Server vulnerability (CVE-2023-36802) that was on sale in February, though the CVE was officially assigned in September 2023.

Key Vulnerabilities

According to the reports shared with Cyber Security News, several critical and high-severity vulnerabilities were sold in the underground forums, which certain ransomware groups used to gain initial access and lateral movement inside the victim network.

Critical Vulnerabilities

CVE-2023-34362: MOVEit RCE Vulnerability (Exploited By Cl0p Ransomware Group)

This vulnerability was published in NVD on June 02, 2023. However, it was observed to be exploited by threat actors since May 2023. This vulnerability had a severity of 9.8 (Critical) and was patched by Progress. 

This vulnerability arises due to insufficient sanitization of user-provided data, which enables unauthenticated remote attackers to access the MOVEit application. With this vulnerability, the Cl0p ransomware group targeted more than 3000 organizations in the US and 8000 organizations worldwide.

CVE-2023-3519: Citrix ADC And Gateway Vulnerability (Exploited By Unknown Threat Actor)

NVD published this vulnerability on June 19, 2023, and Citrix patched it in July 2023. However, threat actors were seen to be exploiting this vulnerability in June 2023, which affected Netscaler ADC and Gateway versions.

A threat actor can use this vulnerability to execute remote code on affected Citrix ADC and Gateway systems to steal sensitive information without any authentication. The severity of this vulnerability was given as 9.8 (Critical).

Exploits Vulnerabilities Dark Web

CVE-2023-42793: JetBrains Unauthenticated RCE (Exploited By North Korean Threat Actors)

This vulnerability could allow an unauthenticated threat actor to access the TeamCity server and execute remote code,, which could compromise the source code and add to a supply chain attack.

This vulnerability was published in NVD in September 2023 and was found to be sold in the underground forums in October 2023. This authentication bypass leading to RCE vulnerability was given a severity of 9.8 (Critical).

Exploits Vulnerabilities Dark Web

According to Microsoft, this vulnerability was potentially used by North Korean nation-state threat actors like Diamond Sleet and Onyx Sleet to install malware and backdoors on their targets.

complete report about the vulnerabilities sold on the underground market, their associated threat groups, and other information has been published.

Users of these products are recommended to patch the affected versions accordingly and take precautionary measures to prevent them from getting exploited by threat actors.

The Darkest Web: Drugs, Death and Destroyed Lives . . . the Inside Story of the Internet’s Evil Twin

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Hackers Selling Exploits, The Darkest Web

May 14 2022

He sold cracked passwords for a living – now he’s serving 4 years in prison

Category: Dark Web,Hacking,Password SecurityDISC @ 12:07 pm

In this article, it turns out to be the first name (in Latin script, anyway) of a convicted cybercriminal called Glib Oleksandr Ivanov-Tolpintsev.

Originally from Ukraine, Tolpintsev, who is now 28, was arrested in Poland late in 2020.

He was extradited to the US the following year, first appearing in a Florida court on 07 September 2021, charged with “trafficking in unauthorized access devices, and trafficking in computer passwords.”

In plain English, Tolpintsev was accused of operating what’s known as a botnet (short for robot network), which refers to a collection of other people’s computers that a cybercriminal can control remotely at will.

A botnet acts as a network of zombie computers ready to download instructions and carry them out without the permission, or even the knowledge, of their legitimate owners.

Tolpintsev was also accused of using that botnet to crack passwords that he then sold on the dark web.

What to do?

Tolpintsev’s ill-gotten gains, at just over $80,000, may sound modest compared to the multi-million dollar ransoms demanded by some ransomware criminals.

But the figure of $82,648 is just what the DOJ was able to show he’d earned from his online password sales, and ransomware criminals were probably amongst his customers anyway.

So, don’t forget the following:

  • Pick proper passwords. For accounts that require a conventional username and password, choose wisely, or get a password manager to do it for you. Most password crackers use password lists that put the most likely and the easiest-to-type passwords at the top. These list generators use a variety of password construction rules in an effort to generate human-like “random” choices such as jemima-1985 (name and year of birth) ahead of passwords that a computer might have selected, such as dexndb-8793. Stolen password hashes that were stored with a slow-to-test algorithm such as PBKDF2 or bcrypt can slow an attacker down to trying just a few passwords a second, even with a large botnet of cracking computers. But if your password is one of the first few that gets tried, you’ll be one of the first few to get compromised.
  • Use 2FA if you can. 2FA, short for two-factor authentication, usually requires you to provide a one-time code when you login, as well as your password. The code is typically generated by an app on your phone, or sent in a text message, and is different every time. Other forms of 2FA include biometric, for example requiring you to scan a fingerprint, or cryptographic, such as requiring you to sign a random message with a private cryptographic key (a key that might be securely stored in a USB device or a smartcard, itself protected by a PIN). 2FA doen’t eliminate the risk of crooks breaking into your network, but it makes individual cracked or stolen passwords much less useful on their own.
  • Never re-use passwords. A good password manager will not only generated wacky, random passwords for you, it will prevent you from using the same password twice. Remember that the crooks don’t have to crack your Windows password or your FileVault password if it’s the same as (or similar to) the password you used on your local sports club website that just got hacked-and-cracked.
  • Never ignore malware, even on computers you don’t care about yourself. This story is a clear reminder that, when it comes to malware, an injury to one really is an injury to all. As Glib Oleksandr Ivanov-Tolpintsev showed, not all cybercriminals will use zombie malware on your computer directly against you – instead, they use your infected computer to help them attack other people.

The Darkest Web

The Darkest Web (Allison Barton Book 2) by [Kristin Wright]

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: cracked passwords, dark web, The Darkest Web