#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Honeypot | Breaking Cybersecurity News | The Hacker News

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

May 29, 2024 Cyber Crime / Data Breach
The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow , Dark Web Informer , and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, who has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. This includes full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. However, in an interesting twist, visitors of the site are now being asked to sign up for an account in order to view the content. The development follows a joint law enforcement action that seized all the new domains belonging to BreachForums (breachforums[.]st/.cx/.is/.
Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Apr 22, 2024 Ransomware / Cyber Defense
Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to another Cyber Extortion operation with the same victim) or stolen data that has been travelling and re-(mis-)used. Either way, for the victims neither is good news.  But first thing's first, let's explore the current threat landscape, dive into one of our most recent research focuses on the dynamics of this ecosystem; and then explore our dataset on Law Enforcement activities in this space. Might the re-occurrence that we observe be foul play by threat actors and thus show how desperately they are trying to regain the trust of their co-offenders after disruption efforts by Law Enforcement? Or are th
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

Nov 23, 2023 Vulnerability / Cyber Threat
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. "The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful," Akamai  said  in an advisory published this week. Details of the flaws are currently under wraps to allow the two vendors to publish patches and prevent other threat actors from abusing them. The fixes for one of the vulnerabilities are expected to be shipped next month. The attacks were first discovered by the web infrastructure and security company against its honeypots in late October 2023. The perpetrators of the attacks have not been identified as yet. The botnet, which has been codenamed InfectedSlurs due to the use of racial and offensive language in the command-and-control (C2) servers and hard-coded strings, is a 
cyber security

Instantly See How Much Time You Can Save by Automating Compliance

websiteVantaAutomate Compliance
Get an instant calculation of how much time you could save by automating compliance with Vanta.
Unpacking 2024's SaaS Threat Predictions

Unpacking 2024's SaaS Threat Predictions

Jun 05, 2024SaaS Security / Artificial Intelligence
Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens
The Hidden Dangers of Public Wi-Fi

The Hidden Dangers of Public Wi-Fi

Aug 24, 2023 Network Security / DNS
Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With the rise of remote work, people can now work from virtually anywhere: a cafe close to home, a hotel in a different city, or even while waiting for a plane at the airport. Next, let's explore the risks of connecting to public Wi-Fi, both for you personally and for businesses. According to the  Forbes Advisor  the majority of people (56%) connect to public Wi-Fi networks that don't require a password. This convenience comes at a price, and many are unaware that attackers can steal card details, passwords, and other sensitive information. Man-in-the-Middle (MITM) Attacks:  This is one of the most common threats on public Wi-Fi. In an MITM attack, the hacker secretly intercepts and possibly alters the communication between two parties. The user believes they are directly communicating with a website, email server, or another user, but the hacker is relaying t
Why Honeytokens Are the Future of Intrusion Detection

Why Honeytokens Are the Future of Intrusion Detection

May 10, 2023 Intrusion Detection / Honeypot
A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on  the state of cybersecurity . During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their defenses and increase their chances of detecting, thwarting or minimizing attack [...] Honeypots , or fake accounts deliberately left untouched by authorized users,  are effective at helping organizations detect intrusions or malicious activities that security products can't stop ". "Build honeypots" was one of his seven pieces of advice to help organizations avoid some of the attacks that might require engagement with Mandiant or other incident response firms. As a reminder, honeypots are  decoy systems  that are set up to lure attackers and divert their attentio
Honeypot-Factory: The Use of Deception in ICS/OT Environments

Honeypot-Factory: The Use of Deception in ICS/OT Environments

Feb 13, 2023 OT and ICS Security
The recently published Security Navigator report of Orange Cyberdefense shows there has been a  rapid increase of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point.  Though the data does not indicate at this point that a lot of threat actors specifically target industrial systems – in fact, most evidence points to purely opportunistic behaviour – the tide could turn any time, once the added complexity of compromising OT environments promises to pay off. Criminals will take any chance they get to blackmail victims into extortion schemes, and halting production can cause immense damage. It is likely only a matter of time. So cybersecurity for operational technology (OT) is vitally important.  Deception is an effective option to improve threat detection and response ca
The Pirate Bay relaunch is FBI's Honeypot? Pirate Bay Team Responds,'NO WAY'

The Pirate Bay relaunch is FBI's Honeypot? Pirate Bay Team Responds,'NO WAY'

Feb 04, 2015
After almost two months of untimely and unexpected outage, The Pirate Bay (TPB) finally came back this weekend. But the re-launch of the infamous torrent-indexing website raised a question among those suspicious about this new setup — Is it really The Pirate Bay? A few days back we reported that The Pirate Bay – a widely popular file-sharing website predominantly used to share copyrighted material free of charge – had made its return to the Internet once again after suffering two months of outage following a police raid in Sweden late last year. Many users, including I, thought the site left dead as last took down was the longest outage the torrenting site has ever experienced. But history repeats and The Pirate Bay made its way a day before it claimed. Pirate lovers around the world rejoiced while others noticed something very suspicious. IS THE FBI RUNNING THE PIRATE BAY ? The truth behind The Pirate Bay , like who was driving the re-emergence of the site or who w
Chinese Hackers Caught by US water control system Honeypots

Chinese Hackers Caught by US water control system Honeypots

Aug 05, 2013
A notorious Chinese hacker collective known as APT1 or Comment Crew, possibly linked to the Chinese Army, have been caught red handed breaking into a fake United States water control system i.e. known as a Honeypot . Kyle Wilhoit, a researcher with security company Trend Micro has just revealed the details at BlackHat Conference on Wednesday.  Hackers hacked a water control system for a US municipality back in December last year, but it was merely a decoy set up by Kyle Wilhoit using a Word document hiding malicious software to gain full access.  The honeypots directly mimicked the ICS/Scada devices used in many critical infrastructure power and water plants. Cloud software was used to create realistic Web-based login and configuration screens for local water plants seemingly based in Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have been tracked back to the APT1 Group, which security company Mandiant has claimed operate
Expert Insights
Cybersecurity Resources