By Habiba Rashid
A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “Ransomware Diaries: Volume 3 - LockBit’s Secrets'' exposes LockBit's activities, their targets, and the challenges they've been facing.
This is a post from HackRead.com Read the original post: LockBit Ransomware Gang in Decline, May Be Compromised, Report

*   LockBit’s leadership vanished for two weeks in August 2023. This suggests that the gang may have been compromised or that there was internal conflict.

*   LockBit has been unable to consistently publish victim data. This has led to victims refusing to pay ransoms and affiliates leaving the program.

*   LockBit’s updated infrastructure is not as effective as it claims to be. This is evidenced by the fact that LockBit is still struggling to publish victim data.

*   LockBit’s affiliates are leaving for its competitors. This is because LockBit is not providing the support and resources that affiliates need.

*   LockBit ransomware gang missed its most recent release date. This suggests that the gang is struggling to develop new ransomware variants.

*   LockBit wants to steal ransomware from its rivals. This is a sign that LockBit is desperate and is willing to resort to unethical tactics to stay ahead of the competition.

LockBit, a prominent but infamous ransomware gang that has wreaked havoc across numerous industries, recently vanished from the cybercriminal scene, leaving affiliates and partners in a state of uncertainty. However, their reemergence after a brief hiatus has raised questions about their operational integrity.

A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “**Ransomware Diaries: Volume 3 – LockBit’s Secrets**” exposes LockBit’s activities, their targets, and the challenges they’ve been facing.

Dimaggio delved deep into LockBit’s operations and uncovered critical shortcomings within the gang’s modus operandi. In his extensive report, the researcher has highlighted LockBit’s struggles with data publication, deteriorating affiliate partnerships, and a lack of timely support responses. DiMaggio believes LockBit may have been compromised.

In 2022, LockBit reigned as the foremost ransomware group and Ransomware-as-a-Service (RaaS) provider globally. In a shift from traditional ransomware groups, LockBit’s unique approach involves maintaining the ransomware’s functionality, leasing access to it, and assisting affiliates in deploying attacks.

The model has enabled LockBit to foster a wide network of attackers, resulting in diverse tactics, techniques, and procedures employed during ransomware incidents. Affiliates employing the LockBit RaaS model have targeted entities spanning various sectors, including finance, education, healthcare, and government, leaving no industry immune to its malicious grip.

However, Lockbit’s reputation as a ransomware group has taken a serious hit following a series of events that DiMaggio’s exposé of the gang reveals. Earlier this year, they successfully breached and compromised Royal Mail, the United Kingdom’s largest postal service provider, and Maximum Industries.

The gang went on to **claim to breach** an aerospace manufacturing company with connections to SpaceX. But they failed to publish the data? This, too, after numerous claims that the data will be publicly available if ransomware demands were not met.

LockBit did the same in April 2023 when it **announced compromising Darktrace**, a British cybersecurity company. The claims were investigated and quickly dismissed by the company, and researchers never saw the claimed data. Instead, publicly available photos of Darktrace founder Poppy Gustafsson were published by the gang.

Photos of Poppy Gustafsson published by LockBit as proof of hack (Screenshot: Hackread.com)

Intriguingly, LockBit has started to rely on empty threats and propaganda to pressure victims into paying the ransom, even though it struggles with publishing victim data consistently due to backend limitations and bandwidth issues. This strategy, coupled with a strong narrative on criminal forums, is an attempt to maintain LockBit’s reputation which frankly, everyone can see through.

Not to mention, instead of the usual roster of legitimate victims, LockBit populated its site with entirely fictitious company names and websites, such as “1.com” and “123.com.” The situation took a funnier twist when LockBit issued a deadline for these fabricated entities to pay a relatively modest $60,000 ransom or face the publication of their nonexistent data.

A threat intelligence company casts doubt on the claims of the LockBit ransomware gang.

The abnormality of the situation became apparent to keen observers. First, the choice of victims itself raised eyebrows – LockBit was demanding an unusually low ransom, inconsistent with their usual greedy demands. Cybersecurity analysts noted that if this had been a genuine case, LockBit would have typically demanded a much larger sum.

Seeing LockBit’s dramatic antics and failure to live up to expectations, affiliate partners, essential for LockBit’s operations, are increasingly dissatisfied due to the gang’s struggles with data hosting and communication.

The research indicates that many affiliates have left LockBit’s program in favour of its competitors, driven by frustrations with unresolved support queries and the gang’s inability to deliver on its data publication promises.

The gang’s use of the secure communication application **Tox** has led to a growing issue of prolonged wait times for affiliates seeking support. LockBit’s high volume of attacks and expanding partner network has overwhelmed its communication infrastructure, resulting in **frustrated affiliates** struggling to obtain timely responses to critical queries.

While LockBit has hinted at the possibility of implementing a ticketing system, challenges in ensuring security and confidentiality remain a significant obstacle.

LockBit’s supposed commitment to innovation is challenged by its inability to release significant ransomware updates. Despite their previous successes with LockBit Red and LockBit Black, recent attempts at an update have fallen short, and the gang was found to be using outdated or stolen ransomware from other criminal groups. 

According to DiMaggio, the once-feared LockBit ransomware gang appears to be grappling with a cascade of issues, from faulty data publishing and strained communication to outdated ransomware variants and attempts to acquire competitors’ technology.

Overall, the report paints a picture of a ransomware gang that is in decline. LockBit is facing a number of challenges, including technical problems, internal conflict, and competition from other ransomware gangs. It is likely that LockBit will continue to lose ground in the coming months.

**RELATED ARTICLES**

1.  Cyber Security Firm Mandiant Denies Hacking Claims By LockBit
2.  Accenture claims to fight off LockBit ransomware gang with backup
3.  LockBit ransomware gang claims PayBito crypto exchange as new victim

LockBit Ransomware Gang in Decline, May Be Compromised, Report

By Habiba Rashid
Emergence of Gigabud Banking Trojan Threatens Financial Institutions Globally.
This is a post from HackRead.com Read the original post: New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

*   **New Malware Variant:** Gigabud introduces a fresh wave of sophisticated cyber danger.

*   **Global Operation:** Gigabud has targeted at least 25 companies, financial institutions, and government departments across several countries.

*   **Bypasses 2FA:** Gigabud malware can adeptly circumvent two-factor authentication (2FA).

*   **Targets Financial Giants:** Financial institutions face a growing threat from Gigabud’s focused attacks.

*   **Gigabud family:** Gigabud.Loan variant presents itself as a fake loan application, luring victims with promises of low-interest loans.

*   **Emerging Cyber Risk:** The rise of Gigabud underscores the evolving landscape of financial cyber threats.

A new banking trojan named Gigabud has emerged as a formidable adversary, posing a persistent danger to financial institutions worldwide. Originating as an Android Remote Access Trojan (**RAT**), Gigabud first came to the attention of security experts in September 2022 when it targeted a Thailand-based financial organization and its customers across the Asia-Pacific region.

Group-IB’s experts, in response to a customer’s request, undertook a comprehensive analysis of the malware to decode its intricate tactics. The defining feature of Gigabud is its cautious approach to executing malicious actions.

Unlike conventional malware that acts immediately upon infiltration, Gigabud waits for user authorization within the malicious application, a strategy that makes it notably elusive. Instead of relying on HTML overlay attacks, Gigabud employs screen recording to gather sensitive information, further complicating its detection.

One standout feature of Gigabud is its use of accessibility services, which allows it to perform actions on the victim’s device remotely. This capability, known as “TouchAction,” enables the attacker to perform gestures on the user’s device, giving them the power to evade defence mechanisms, including two-factor authentication (**2FA**).

Gigabud RAT has targeted at least 25 companies, financial institutions, and government departments across several countries, aiming to mimic their identities and deceive users.

Researchers also uncovered a parallel threat within the Gigabud family: Gigabud.Loan. This variant presents itself as a fake loan application, luring victims with promises of low-interest loans. Once users engage with the app, they are coerced into providing sensitive personal information, which can later be exploited by the threat actors.

Gigabud.Loan’s modus operandi involves impersonating fictional financial institutions from various countries, such as Thailand, Indonesia, and Peru.

The distribution strategy for both Gigabud.RAT and Gigabud.Loan centers around phishing websites. These websites are disseminated through tactics like “smishing,” where victims are sent misleading messages via instant messengers, SMS, or social networks, leading them to malicious links. In certain cases, the malware is even delivered directly through messages on platforms like **WhatsApp**.

Watch as Group-IB’s researchers looks into Gigabud RAT

Over the course of 2022 to 2023, Group-IB’s researchers detected over 400 Gigabud RAT samples and more than 20 Gigabud.Loan samples using advanced hunting techniques. 

To counteract the threat posed by Gigabud, **Group-IB suggests** a multi-pronged defence strategy. Organizations should prioritize proactive monitoring of user sessions, prioritize client education on safe online practices, and employ digital protection tools.

Users, in turn, are advised to exercise caution when clicking on links, refrain from downloading risky apps, and utilize **reliable VPNs** on public Wi-Fi networks.

**RELATED ARTICLES**

1.  FakeTrade Android Malware Attack Steals Crypto Wallet Data
2.  Android banking malware distributed with fake Google reCAPTCHA
3.  New Android banking malware Xenomorph found in Play Store apps
4.  Experts concerned over emergence of Android banking trojan S.O.V.A.
5.  Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

By Waqas
Amid the data breach, Discord.io has shut down all of its operations indefinitely in the foreseeable future.
This is a post from HackRead.com Read the original post: Discord.io Admits Data Breach: Info of 760K Users Sold Online

*   **Massive Discord.io Data Breach Unveiled:** Hacker “Akhirah” exposes a vast data breach on Discord.io, an unofficial service that provides redirect and invite links to Discord servers.

*   **Over 760,000 Users Impacted:** The breach, occurring on August 14, 2023, has jeopardized the personal information of more than 760,000 users.

*   **Discord.io Halts Operations:** In response to the breach, Discord.io has taken the unprecedented step of shutting down its operations indefinitely.

*   **Hacker Talks to Hackread.com:** Akhirah wants Discord.io to remove malicious content from the site in order to put an end to the database sale.

*   **Exposed Data Includes Sensitive Details:** Stolen information from the breach includes usernames, Discord IDs, email addresses, and salted and hashed passwords.

*   **Urgent Call to Action:** Discord.io urges users to update their passwords to mitigate the impact of the breach, while financial information remains reportedly untouched. Hackread.com is actively seeking more details from the hacker to provide comprehensive insights into the incident.

A hacker using the pseudonym “Akhirah” has unleashed a massive data breach against Discord.io, a non-official service known for providing redirect and invite links to Discord servers. The data breach, which occurred on Monday, August 14, 2023, has put the personal information of approximately 760,000 users at grave risk.

Currently, the database is being sold on the **new version of Breach Forums** that surfaced recently under the leadership of the infamous ShinyHunter hackers.

Discord.io database on Breach Forums (Screenshot: Hackread.com)

Initial glimpses into the database are troubling, as usernames, Discord IDs, email addresses, and salted and hashed passwords have all fallen prey to this data breach. Although the hashed nature of passwords may offer a thin silver lining, the potential for decryption looms large, underscoring the urgent need for users to fortify their defences which is why Discord.io has urged users to reset and update their passwords.

Additionally, Discord.io maintains that no financial data has been infiltrated or exposed in this breach. However, while the extent of this breach is still unfolding, Discord.io has taken a drastic step in response. The service, which was already skating on thin ice, has decided to cease all operations indefinitely in the “foreseeable future.”

Visitors to Discord.io are now greeted with a message detailing the severity of the breach. The company, in an act of transparency, has laid out the compromised data fields. This initiative aims to provide clarity to affected users about what information is now exposed and what remains untouched in the cataclysmic wake of this incident.

> “We have cancelled existing premium subscriptions and we’ll be reaching out as soon as possible on an individual basis. As of this message, we have not yet been contacted by the people responsible for this breach nor have we reached out to them. As far as we currently know, the database itself has not yet been shared publicly.”
> 
> Discord.io

Here is a screenshot from Discord.io admitting the data breach and providing in-depth details about what data was stolen and which information remained untouched.

Homepage of Discord.io right now (Screenshot: Hackread.com)

**Interview with the hacker Akhirah**

Akhirah responded to Hackread.com, and we managed to ask him a couple of questions about the breach. Akhirah claims he is least interested in selling data; however, he wants Discord.io to remove malicious content from their site and get in touch with him to resolve the issue – no retribution or bounty required.

Hackread.com: Discord.io has shut down its operations. Would you share your thoughts on that? and share some details of how did you manage to breach them, and if you have access to their payment section as well?

Akhirah: First I have to say I hate Discord and its audience, I think most of them are paedophiles, I put the data on the market to sell but I’m not sure about it, and I haven’t sold it to anyone yet, but there are so many demands, I want to talk to the management of discord.io and agree on some issues. Plus, I don’t have access to payment-related data, just stuff I’ve shared an example of

Hackread.com: By talking to them do you mean resolving the issue and discarding the data or asking them for some sort of retribution?

Akhirah: I want to talk to him about sissy, femboy etc content and blacklisting of paedophile talks from now on.

Hackread.com: So if they remove the malicious content and people you would agree to safely discard the data and that would be the end of it?

Akhirah: Yes, that can be said. Too many children want to buy this data, it’s true that I sell data, but I’m not sure I want to sell this data. I just want to talk and agree with the admin about the sensitive issues I mentioned.

Hackread.com: Have you contacted Discord.io?

Akhirah: No, they are the victims right now and they didn’t try to talk to me, I invite them to talk, I would appreciate it if you could share this on your site.

Discord.io becomes the latest platform to shut down due to data breaches. Just a week ago, LetMeSpy Android Spyware Service also **announced its permanent closure** following a hacker’s successful breach and access to user data.

**RELATED ARTICLES**

1.  Teen “Hackers” on Discord Selling Malware for Quick Cash
2.  Roblox Data Breach: PII of Thousands of Developers Stolen
3.  Pink Drainer Posed as Journalists, Stole $3M from Discord Users
4.  Data Breach at New BreachForums: 4,000 members’ data leaked
5.  Original BreachForums Breached, PII Data of 210K Users Sold Online

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Discord.io Admits Data Breach: Info of 760K Users Sold Online

By Waqas
Trellix Uncovers Deceptive Chrome Browser Update Campaign Leveraging NetSupport Manager RAT.
This is a post from HackRead.com Read the original post: Fake Chrome Browser Update Installs NetSupport Manager RAT

*   **Fake Chrome Browser Update Scam:** Trellix exposes a scheme using fake Chrome browser updates to sneak NetSupport Manager onto victim computers, granting cybercriminals control and data access.

*   **Possible SocGholish Link:** While resembling SocGholish, differences in tools raise doubt about a direct connection, highlighting evolving tactics.

*   **Compromised Sites as Launchpads:** Compromised websites act as launchpads for the attack, affecting diverse sectors, including government and finance.

*   **Deceptive Path to RAT:** Victims fall for the fake update, unknowingly downloading a malicious JavaScript file, “Browser\_portable.js,” which activates NetSupport Manager.

*   **Urgent Need for Vigilance:** Trellix’s discovery underscores the critical importance of global threat intelligence and advanced security solutions in countering evolving cyber threats.

Cybersecurity firm Trellix has identified a new cyber campaign exploiting unsuspecting victims by disguising itself as a legitimate Chrome browser update. The deceptive scheme employs a malicious remote administration tool (RAT) known as NetSupport Manager RAT, allowing threat actors to gain unauthorized access to victims’ computers and seize control.

Moreover, the Trellix Advanced Research Center uncovered striking similarities to a previously reported SocGholish campaign, although a definitive connection remains elusive. Yet, concrete links between the two campaigns remain scarce.

The campaign, which came to light in late June 2023, exploits compromised websites as a platform for delivering the fraudulent Chrome update. Victims are lured into downloading and installing the fake update, unwittingly inviting the NetSupport Manager RAT onto their systems. The malware allows cybercriminals to pilfer sensitive information and manipulate victim computers to their advantage.

The modus operandi of the campaign involves injecting compromised websites with a carefully crafted HTML script tag that retrieves JavaScript content from the attackers’ command and control server.

This technique, seemingly automated, hinges on the unsuspecting victims falling for the fake browser update ruse. The success of the scheme relies heavily on the prevalence of compromised websites.

Trellix researchers found evidence of this campaign infiltrating a Chamber of Commerce website, with traffic from governmental entities, financial institutions, and consulting services. Although the site has since been cleansed of the injected script, it suffered compromise for at least one day.

The deceptive journey commences when victims encounter the injected script on a compromised website, leading them to a fake browser update page. This manipulation, which directs users to unwittingly install the NetSupport RAT, isn’t novel; similar tactics have been documented in past instances like the SocGholish campaign.

Fake Chrome Browser Update page (Screenshot: Trellix)

However, it’s the tools employed in the present campaign that stand apart from SocGholish. SocGholish exploited PowerShell with WMI capabilities to facilitate RAT download and installation. In contrast, the current campaign utilizes batch files (.BAT), VB scripts, and the Curl tool to carry out its malevolent operations. The use of these distinct tools underscores the evolving strategies of cybercriminals.

Should a victim succumb to the allure of the fake browser update and click on the “Update Chrome” link, a ZIP archive named “UpdateInstall.zip” containing a malevolent JavaScript file, “Browser\_portable.js,” is initiated for download. This script serves as a downloader for the ensuing stage of the attack.

Upon extraction of the NetSupport Manager RAT via the downloaded 7-zip utility, execution transpires via a scheduled task, orchestrated by the “2.bat” batch file. Furthermore, this batch file also engenders persistence for the RAT, ensuring automatic execution upon system startup.

The malevolent configuration file (“client32.ini”) for the RAT reveals a gateway address set to 5.252.178.48. At this juncture, with the RAT firmly entrenched within the victim’s system, threat actors possess substantial control, enabling them to execute further malware deployment, data exfiltration, network reconnaissance, and lateral movement.

The infection chain (Screenshot: Trellix)

In conclusion, this campaign serves as a reminder that threat actors consistently exploit successful techniques to advance their malicious agendas. The deployment of familiar lures, such as the phony browser update, underscores the persistent nature of these attacks.

The proliferation of RATs, while not always updated, showcases their enduring utility for cybercriminals. As attackers adopt increasingly sophisticated tactics, the challenge of detection intensifies. The utilization of native Windows scripting languages, like VBScript and Batch script, combined with tools like Curl, exemplifies their adaptability and innovation.

Joseph Tal, Senior Vice President of Trellix’s Advanced Research Center, cautioned that the prevalence of these NetSupport RAT attacks underscores the need for comprehensive global threat intelligence and innovative security solutions.

Commenting on this, Dr Klaus Schenk, senior vice president, Security and Threat Research at Verimatrix told Hackread.com that _“_The reports of threat actors exploiting fake Chrome browser updates to spread the NetSupport Manager Remote Access Trojan are concerning. While the attack vector of abusing browser updates is common, this particular campaign stands out for its sophistication and targeting. The attribution to the SocGholish group, known for cyber espionage aligned with Russian state interests, makes this a high-priority threat._“_

_“_While the details connecting this attack to SocGholish are inconclusive, the examination by Trellix seems reliable. The threat actors clearly spent time crafting a credible lure using Chrome’s market dominance. I recommend to wait a bit to see if this attacks manifests — but it would be a good idea to prioritise incident response and user education to detect and mitigate this threat,” Tal added.

_“_Even though users must still click a malicious link, the sophistication of this attack makes it likely to evade defenses. We should continue monitoring for new developments, but organisations should act swiftly to harden systems, update browsers, and inform personnel about this threat,” Tal recommend.

Nevertheless, the continually evolving threat landscape necessitates a proactive and holistic approach to cybersecurity, particularly as more enterprises rely on Chromium-based browsers for their web applications.

**RELATED ARTICLES**

1.  New malware in pirated games disables Windows Updates
2.  Fake ROBLOX &Nintendo game cracks drop ChromeLoader malware
3.  Fake Chrome & Firefox browser update lead users to malware infection
4.  Over 20 million Chrome users have installed fake malicious Ad Blockers
5.  Big Head Ransomware Found in Malvertising and Fake Windows Updates

Fake Chrome Browser Update Installs NetSupport Manager RAT

By Habiba Rashid
Renowned Mac security researcher Patrick Wardle recently unveiled potential weaknesses within Apple’s macOS Ventura, shedding light on vulnerabilities…
This is a post from HackRead.com Read the original post: macOS Ventura Background Task Flaws Can Be Exploited for Malware

*   **Background Task Weaknesses:** macOS Ventura’s Background Task Management has vulnerabilities that allow hackers to evade detection and install malware.

*   **Researcher’s Revelation:** Patrick Wardle, a respected Mac security researcher, unveiled these vulnerabilities at the Defcon hacker conference.

*   **Monitoring Tool’s Purpose:** Background Task Management is intended to detect and alert users to software persistence, ensuring data retention after restarts.

*   **Sophisticated Exploitation:** Despite alerts and notifications, Wardle’s research shows that advanced malware can bypass the monitoring system, even without root access.

*   **Apple’s Response Awaited:** Apple has yet to respond to these findings, raising concerns about the efficacy of macOS Ventura’s security enhancements.

Renowned Mac security researcher Patrick Wardle recently **unveiled** potential weaknesses within Apple’s macOS Ventura, shedding light on vulnerabilities in the Background Task Management mechanism. This revelation calls into question the efficacy of Apple’s latest monitoring tool designed to detect and mitigate malware.

Image: Patrick Wardle

During his **presentation** at the Defcon hacker conference held in Las Vegas, Wardle shared insights into how malicious actors can exploit macOS Ventura’s Background Task Management to bypass monitoring and potentially compromise user devices.

The Background Task Management tool, introduced with **macOS Ventura**, aims to detect instances of software “persistence,” which is when malicious software establishes itself on a device and remains active even after restarts. Such persistence is crucial for legitimate applications, ensuring users’ apps, data, and preferences are retained across device reboots.

However, Wardle’s findings suggest that the implementation of this monitoring tool is not foolproof. Apple **added** Background Task Management to send notifications to users and third-party security tools if a “persistence event” occurs, alerting users to unexpected or potentially malicious persistence. Despite this enhancement, Wardle’s **research** demonstrates that sophisticated malware can easily evade the monitoring mechanism.

Wardle’s research focused on pinpointing vulnerabilities within the Background Task Management’s structure. He highlighted that some bypass techniques require root access, effectively granting attackers full control over a compromised device, allowing them to manipulate persistence notifications and install malware without user awareness.

More concerning are two other bypass methods that don’t necessitate root access, exploiting flaws in how the alerting system communicates with the operating system’s core (the kernel) and leveraging the capability to put processes to sleep.

The security researcher’s findings reflect broader concerns about the efficacy of macOS Ventura’s security enhancements. Wardle emphasized that the rushed implementation of monitoring tools can give users a false sense of security, potentially overlooking critical security risks.

Apple has not yet responded to requests for comment regarding Wardle’s findings. Despite the vulnerabilities exposed, Wardle remains hopeful that these revelations will encourage Apple to refine its security measures further, ensuring a safer environment for Mac users. 

**More Findings from Patrick Wardle**

1.  Hackers Targeting Apple’s M1 Chip with Mac Malware
2.  Apple approved malware camouflaged as Adobe Flash Player
3.  How easily macOS user warnings can be bypassed by malware
4.  LockBit Ransomware Expands Attack Spectrum to Mac Devices
5.  Cryptocurrency users on Discord & Slack hit by MacOS malware
6.  Researcher creates app to notify users of evil maid attack on MacBook

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

macOS Ventura Background Task Flaws Can Be Exploited for Malware

By Owais Sultan
JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. 
This is a post from HackRead.com Read the original post: Investing in Ethereum Blockchain-based JasmyCoin: Guide

This article will explore the Ethereum Blockchain-based JasmyCoin market, its advantages, how to get started with JasmyCoin investment, the related risks, and how it relates to other cryptocurrencies. Whether you are a seasoned investor or new to cryptocurrencies, this guide will provide valuable insights to make informed investment decisions.

**The Benefits of Investing in JasmyCoin**

Investing in JasmyCoin offers several benefits:

1.  It provides an opportunity for diversification in your investment portfolio.
2.  Given its increasing value and market demand, JasmyCoin has the potential for high returns.
3.  Investing in JasmyCoin allows for easy and quick transactions, eliminating the need for intermediaries and reducing transaction costs. Get to know the latest JasmyCoin Price and get started. 

**Understanding the JasmyCoin Market: Trends and Insights**

The JasmyCoin market has experienced significant growth and popularity in recent years. JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. The market trends and insights indicate a promising future for JasmyCoin, with increasing adoption and acceptance by businesses and individuals worldwide.

**How to Get Started with JasmyCoin Investment**

To get started with JasmyCoin investment, you need to follow a few simple steps. Firstly, choose a reliable cryptocurrency exchange platform that supports JasmyCoin. Create an account and complete the necessary verification process. Once your account is set up, deposit funds into your account and start trading JasmyCoin. It is essential to conduct thorough research, stay updated with market trends and consider consulting with financial advisors before making investment decisions.

**Analyzing the Risks Associated with JasmyCoin Investment**

While JasmyCoin investment offers potential rewards, it is crucial to analyze the associated risks. The cryptocurrency market is highly volatile, and the value of JasmyCoin can fluctuate significantly. Also, there is a risk of security breaches and hacking attempts, which can result in financial losses. Investing only what you can afford to lose and implementing proper security measures to protect your investments is advisable.

**JasmyCoin vs. Other Cryptocurrencies: A Comparative Analysis**

When comparing JasmyCoin to other cryptocurrencies, it is essential to consider factors such as market capitalization, technology, adoption rate and use cases. While Bitcoin remains the most popular and widely accepted cryptocurrency, JasmyCoin offers unique features and advantages. Its focus on privacy, security and scalability sets it apart from other cryptocurrencies, making it an attractive investment option.

In conclusion, investing in JasmyCoin can be a lucrative opportunity for investors. However, it is crucial to understand the market trends, benefits, risks and how it compares to other cryptocurrencies. By following the steps outlined in this guide and staying informed, you can make informed investment decisions and potentially reap the rewards. 

**RELATED ARTICLES**

1.  How To Use ChatGPT To Trade Cryptocurrency
2.  What Makes Bitcoin NFTs Different from Other NFTs?
3.  Tracing the Path: Unraveling the Full History of Toncoin
4.  The Rise of Blockchain Gaming and Secure Marketplaces
5.  Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Investing in Ethereum Blockchain-based JasmyCoin: Guide

By Owais Sultan
Powered by Oracle Cloud, Stellar Cyber Open XDR offers best-in-class cyberattack detection and response capabilities to Oracle Cloud Infrastructure users.
This is a post from HackRead.com Read the original post: Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

*   Stellar Cyber partners with Oracle Cloud to enhance cybersecurity capabilities.

*   Stellar Cyber’s Open XDR platform now available on Oracle Cloud Infrastructure (OCI).

*   Joint customers can reduce cyber risk and improve security operations efficiency.

*   Stellar Cyber’s AI-driven platform streamlines threat monitoring and response across diverse environments.

*   OCI customers can access Stellar Cyber solutions through the Oracle Cloud Marketplace.

SAN JOSE – August 14, 2023 – Stellar Cyber, the innovator of Open XDR technology, announced that the Stellar Cyber Open XDR platform is available on Oracle Cloud Infrastructure (OCI) to help users manage their security operations. Joint customers of Oracle and Stellar Cyber can expect to reduce cyber risk and improve security analyst efficiency and effectiveness. 

“We find that OCI is a user-friendly platform, which correlates directly to our commitment to making security operations simpler,” said Andrew Homer, VP of Strategic Alliances for Stellar Cyber. “We are excited to work with OCI to deliver the security solutions our shared customers require and trust.”

With integrations and support for all enterprise data sources, field-vetted AI/ML-driven correlation, and purpose-built intelligent automation, the Stellar Cyber Open XDR platform eliminates manually-intensive security tasks while enabling security teams to quickly monitor, identify, and respond to threats in their cloud, on-premises, OT and hybrid environments. By running on OCI, the Stellar Cyber platform offers its best-in-class security outcomes to OCI users. 

“Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes—all for a single license and price on a single platform,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber. “This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI.” 

“We designed OCI with a security-first mindset, which is one of the many reasons why enterprises continue to trust Oracle with their data,” said David Hicks, Group Vice President, of Worldwide ISV Cloud Business Development, Oracle. “Stellar Cyber on OCI provides our joint customers with an industry-leading Open XDR solution to manage their cloud security posture and help protect their data.”

Stellar Cyber is a member of Oracle PartnerNetwork (OPN). OCI customers now can purchase Stellar Cyber via the Oracle Cloud Marketplace, applying Oracle Universal Credits (OUCs) toward the purchase price. 

**About Stellar Cyber**

The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully.

With Stellar Cyber, organizations reduce risk with early and precise identiﬁcation and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, contact Stellarcyber.ai.

**About Oracle PartnerNetwork**

Oracle PartnerNetwork (OPN) is Oracle’s partner program designed to enable partners to accelerate the transition to the cloud and drive superior customer business outcomes.

The OPN program allows partners to engage with Oracle through track(s) aligned to how they go to market: Cloud Build for partners that provide products or services built on or integrated with Oracle Cloud; Cloud Sell for partners that resell Oracle Cloud technology; Cloud Service for partners that implement, deploy and manage Oracle Cloud Services; and License & Hardware for partners that build, service or sell Oracle software licenses or hardware products.

Customers can expedite their business objectives with OPN partners who have achieved Expertise in a product family or cloud service.  To learn more visit Oracle.

Charlie Rubin  
Story PR  
charlie@storypr.com  
510-908-3356

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

By Waqas
Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.
This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

*   **Critical vulnerabilities unveiled in popular data center management platforms, posing serious security risks.**

*   **CyberPower’s PowerPanel Enterprise and Dataprobe’s iBoot PDU were found to have multiple vulnerabilities.**

*   **Potential exploitation could lead to power disruption, malware deployment, and digital espionage.**

*   **Urgent fixes released by vendors, urging affected customers to patch their systems immediately.**

*   **Emphasis on network isolation, remote access management, password updates, and regular software updates to mitigate risks.**

Trellix’s Advanced Research Center has unveiled a series of critical vulnerabilities in **data center** management platforms, shedding light on potential security risks that could cripple the foundation of our interconnected world.

**The Vulnerabilities Unveiled**

In an ongoing research effort to bolster cybersecurity and resilience in the digital realm, Trellix’s Advanced Research Center turned its attention to critical vulnerabilities within data center management platforms.

This initiative aligns seamlessly with the recently announced **2023 National Cybersecurity Strategy**, underscoring the importance of securing national critical infrastructures and enhancing overall digital ecosystem security.

The team’s initial focus was on power management and supply technologies, key components of data center infrastructure. Through detailed investigation, Trellix’s researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.

**CyberPower’s PowerPanel Enterprise Vulnerabilities**

Trellix’s research identified four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform:

1.  **CVE-2023-3264:** Use of Hard-coded Credentials
2.  **CVE-2023-3267:** OS Command Injection (Authenticated RCE)
3.  **CVE-2023-3266:** Improperly Implemented Security Check for Standard (Auth Bypass)
4.  **CVE-2023-3265:** Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass)

These vulnerabilities, if exploited in tandem, could grant attackers full access to these systems. Such access could lead to substantial damage and potentially pave the way for broader network compromise.

**Dataprobe’s iBoot PDU Vulnerabilities**

Dataprobe’s iBoot Power Distribution Unit (PDU) also exhibited five critical vulnerabilities:

1.  **CVE-2023-3261:** Buffer Overflow (DOS)
2.  **CVE-2023-3262:** Use of Hard-coded Credentials
3.  **CVE-2023-3260:** OS Command Injection (Authenticated RCE)
4.  **CVE-2023-3259:** Deserialization of Untrusted Data (Auth Bypass)
5.  **CVE-2023-3263:** Authentication Bypass by Alternate Name (Auth Bypass)

The potential impact of these vulnerabilities is profound, encompassing scenarios such as power disruption, widespread malware deployment, and **digital espionage**.

**The Implications of Vulnerabilities**

The implications of these vulnerabilities are far-reaching. With data centers forming the backbone of critical services, the risks extend to both consumers and enterprises. The exploitation of such vulnerabilities could lead to the following outcomes:

*   **Power Off:** Attackers could disrupt operations across multiple data centers by cutting power to connected devices, causing extensive outages and financial losses.
*   **Malware at Scale:** Compromised data center equipment could serve as a launchpad for massive ransomware, DDoS, or wiper attacks, potentially surpassing infamous incidents like StuxNet and WannaCry.
*   **Digital Espionage:** Nation-state actors and advanced persistent threats (APTs) could exploit these vulnerabilities for cyberespionage, potentially exposing sensitive information to foreign governments.

It is worth noting that Trellix researchers presented their **findings** on August 12th at the Black Hat security conference in Las Vegas, United States.

Fortunately, these vulnerabilities were discovered before they could be exploited by threat actors, minimizing the risk of malicious exploitation. Nonetheless, data centers remain attractive targets for cybercriminals due to their extensive attack surface and potential for widespread impact.

**Strategies for Mitigation and Future Preparedness**

To address these vulnerabilities, both CyberPower and Dataprobe have promptly released fixes for their affected products. Trellix strongly advises affected customers to implement these patches immediately and adopt additional precautions:

1.  **Network Isolation:** Ensure that data center management platforms are reachable only within secure intranets, shielding them from wider internet exposure.
2.  **Remote Access Management:** Disable remote access to devices and platforms when not needed, reducing potential attack vectors.
3.  **Password Management:** Update passwords for user accounts associated with vulnerable systems and revoke any compromised credentials.
4.  **Regular Updates:** Stay vigilant by applying the latest software and firmware updates promptly to reduce exposure to future vulnerabilities.

**Conclusion**

Trellix’s Advanced Research Center’s findings underscore the critical role played by data centers in modern operations and the urgent need to fortify their defences. By collaborating with vendors, promptly addressing vulnerabilities, and embracing best practices, the digital ecosystem can continue to evolve securely, resiliently, and without compromise.

**RELATED ARTICLES**

1.  China attack National Data Center with watering hole attack
2.  Login Details of Tech Giants Leaked in Two Data Center Hacks
3.  Top sites affected after OVH data center catches disastrous fire
4.  NATO bunker’s dark web data center seized for hosting child porn
5.  BlackCat (ALPHV) Claims Ransomware Attack on NCR Data Center

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Data center flaws spurred disruptions, espionage and malware attacks

By Deeba Ahmed
Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm…
This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

*   **Cybersecurity researchers uncover cyberattack targeting South African power-generating firm.**

*   **Attackers deploy new variant of SystemBC malware, named DroxiDot, with CobaltStrike beacons.**

*   **Speculation that attack could be an initial stage of a ransomware attack, occurring in March 2023.**

*   **DroxiDot variant is a compact 8kb payload, serves as a system profiler, and sets up SOCKS5 proxies on target computers.**

*   **Attacker’s C2 infrastructure linked to energy-oriented domain potentially tied to Russian ransomware group FIN12.**

Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm was targeted with a new variant of the SystemBC malware and a yet unidentified hacking group carried out the attack.

It is worth noting that a variant of SystemBC was also identified in the 2021 cyber attack against Colonial Pipeline, a major American oil pipeline system. In the recent attack, however, attackers deployed the proxy-capable backdoor with CobaltStrike beacons.

According to Securelist, the new SystemBC malware variant is dubbed DroxiDat. Attackers used these tools to compromise systems and remotely access the electricity generator. However, researchers speculated that it could be the “initiate stage of a ransomware attack” that took place in the third or fourth week of March 2023.

For your information, SystemBC payload is a “changing, malicious” malware-as-a-service backdoor available on darknet forums since 2018. It is a C/C++-based commodity malware first observed in 2019.

“This platform is made up of three separate parts: on the server side, a C2 web server with admin panel and a C2 proxy listener; on the target side is a backdoor payload,” Securelist’s report revealed.

Compared to previously detected SystemBC variants that were around 15-30kb+, DroxiDot is a compact, 8kb variant that serves as a system profiler, and its main job is to set up SOCKS5 proxies on target computers so that attackers can tunnel malicious traffic.

The malware can also retrieve usernames, IP addresses, and machine names from an active device, encrypts the data, and transfers it to the attacker’s C2 server. This variant doesn’t feature many of SystemBC’s functionalities and acts as a system profiler to exfiltrate information to a remote server.

However, it doesn’t feature download or executing capabilities and can only connect with “remote listeners, pass data back and forth, and modify the system registry.”

This variant, however, allows attackers to simultaneously target multiple devices through automating tasks. If the credentials are legit, they can even deploy ransomware using built-in Windows tools without manually controlling the process.

 The attacker’s C2 infrastructure involved an energy-oriented domain “powersupportplancom,” which resolved to a suspicious IP host. Researchers believe this host was previously used in an APT activity to improve the attack’s potential.

Furthermore, researchers discovered that DroxiDot was used in another healthcare-related incident during the same time when it delivered Nokoyawa ransomware.

Regarding the attackers, researchers claim that evidence suggests the involvement of a Russian ransomware group, probably FIN12 (also known as Pistachio Tempest). This group is known for deploying SystemBC with Cobalt Strike Beacons to launch ransomware attacks against healthcare facilities in 2022.

**RELATED ARTICLES**

1.  Fake Tor Browser Installers Distributing Clipper Malware
2.  Big Head Ransomware Found in Fake Windows Updates
3.  SmugX: Chinese Hackers Targeting Embassies in Europe
4.  Hackers targeting embassies with trojanized TeamViewer
5.  Cyber-Partisans hit Belarus railroad system with ransomware
6.  New malware hides behind free VPN, pirated security software

South African Power Supplier Hit by DroxiDat Malware

By Waqas
The victim of the data breach is the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil.
This is a post from HackRead.com Read the original post: Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients

*   **Thesnake02 hacker group exposes sensitive data from Brazilian Plastic Surgery Clinic.**

*   **Breach occurred in July 2023, leaking 1.25 GB of private patient data, including surgery-related images and financial documents.**

*   **Trend of healthcare cyberattacks continues; Roberto Polizzi Plastic Surgery Clinic joins the list of victims.**

*   **Detailed analysis reveals trove of confidential patient info, nude images, and PII, but no passwords or credit/debit card data.**

*   **While primarily in Portuguese, leaked nude images pose significant risks; potential for exploitation by cybercriminals.**

*   **Previous cybercrime groups like REvil, The Dark Overlord, and Tsar Team targeted plastic surgery clinics, extorting ransom payments and leaking data.**

*   **Breach underscores urgent need for improved healthcare cybersecurity to protect patient confidentiality and data.**

A group of hackers operating under the alias Thesnake02 have leaked a trove of sensitive data belonging to the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil.

The breach, which occurred on July 26th, 2023, has resulted in the leak of approximately 1.25 GB of highly sensitive and private data, including surgery-related images, financial documents, and personal information of patients.

The clinic, managed by Dr. Roberto Polizzi, has become the latest victim of a growing trend of cyberattacks targeting healthcare and medical institutions. The leaked data, initially made public on the latest version of Breach Forums, has been closely examined by Hackread.com.

Post of the Breach Forums (Screenshot: Hackread.com)

Detailed analysis of the compromised data reveals a vast trove of confidential patient information, including nude images related to surgical procedures, WhatsApp messages, audio notes, receipts, CVs, invoices, internal clinic documents, and contact details.

The breach also exposed a wealth of personally identifiable information (PII), such as driver’s licenses, CPF IDs (Brazil’s equivalent of social security numbers), Covid certificates, and more. Importantly, no credit card or debit card information was among the leaked data.

The leaked data has been blurred over privacy concerns. (Screenshot: Hackread.com)

While the leaked records are primarily in Portuguese, we warn that the exposure of surgery-related nude images carries substantial potential risks. Cybercriminals could exploit this sensitive content in various harmful ways, including extortion and blackmail.

In the past, several notorious cybercrime syndicates, including REvil hackers (also known as the Sodinokibi group), The Dark Overlord, and Tsar Team, were involved in cyberattacks targeting plastic surgery clinics. These groups would extort ransom payments from their victims and, when these demands went unmet, proceeded to expose sensitive data online.

In December 2020, The Hospital Group, situated in Manchester, England, fell victim to REvil’s cyber attack. The plastic surgery clinic London Bridge Plastic Surgery (LBPS) was targeted by The Dark Overlord in October 2017, while Tsar Team successfully hacked and subsequently leaked data from Grozio Chirurgija, a cosmetic surgery clinic located in Kaunas, Lithuania back in May 2017.

As for the Roberto Polizzi Plastic Surgery Clinic, given the language barrier, the immediate impact of this breach might be somewhat limited. However, the incident underscores the critical need for enhanced cybersecurity measures within the healthcare sector, where patient confidentiality and data protection are of paramount importance.

**RELATED ARTICLES**

1.  Hacked Finnish psychotherapy clinic files for bankruptcy
2.  Dental clinic alerted to ransomware attack via hacker phone call
3.  Plastic surgery tech firm leaks images of 100,000s of customers
4.  Breast Cancer Charity Exposed Sensitive Images of U.S. Patients
5.  Medical software firm leaked personal data of 3.1 million patients

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism