#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Tor network | Breaking Cybersecurity News | The Hacker News

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown
Feb 26, 2024 Dark Web / Threat Intelligence
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise  seized control  of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a  lengthy follow-up message , said some of their websites were confiscated by most likely exploiting a critical PHP flaw tracked as CVE-2023-3824, acknowledging that they didn't update PHP due to "personal negligence and irresponsibility." "I realize that it may not have been this CVE, but something else like 0-day for PHP, but I can't be 100% sure, because the version installed on my servers was already known to have a known vulnerability, so this is most likely how the victims' admin and chat panel servers and the blog server were accessed," they noted. They also cla

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool
Dec 19, 2023 Ransomware / Cybercrime
The U.S. Justice Department (DoJ) has officially  announced  the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat group and gain access to a web panel used for managing the gang's victims, in what's a case of hacking the hackers. The confiscation effort involved collaboration and assistance from multiple law enforcement agencies from the U.S., Germany, Denmark, Australia, the U.K., Spain, Switzerland, and Austria. BlackCat , also called ALPHV, GOLD BLAZER, and Noberus,  first emerged  in December 2021 and has since gone on to be the second most prolific ransomware-as-a-service variant in the world after LockBit. It's also the first Rust-language-based ransomware strain spotted in the

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
Nov 04, 2023 Cyber Threat / Malware
An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat  StripedFly , describing it as an "intricate modular framework that supports both Linux and Windows." The Russian cybersecurity vendor, which first detected the samples in 2017, said the miner is part of a much larger entity that employs a custom  EternalBlue SMBv1 exploit  attributed to the Equation Group in order to infiltrate publicly-accessible systems. The malicious shellcode, delivered via the exploit, has the ability to download binary files from a remote Bitbucket repository as well as execute PowerShell scripts. It also supports a collection of plugin-like expandable features to harvest sensitive data and even uninstall itself. The platform's shellcode is injected in the  wininit.exe proc

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace
Sep 20, 2023 Cyber Crime / Dark Web
Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli)  said  in a brief announcement on Tuesday. "The site has been used in anonymous criminal activities such as narcotics trade." The agency said that the drugs sold on the site were smuggled to Finland from abroad, adding a criminal investigation is underway in coordination with international partners from Germany and Lithuania, along with Europol and Eurojust. It's not immediately clear if any arrests were made. Romanian cybersecurity firm Bitdefender said it provided additional support that helped with the seizure of PIILOPUOTI. "We are extremely pleased that PIILOPUOTI has been seized and would like to congratulate law enforcement, Finnish Customs, and everyone involved," Alexandru Catal

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
Aug 05, 2022
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos  said  in a report shared with The Hacker News. Dark Utilities, which emerged in early 2022, is advertised as a "C2-as-a-Service" (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99. Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts. Additionally, users are provided an administrative panel

Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims

Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims
Nov 19, 2021
The clearnet and dark web payment portals operated by the  Conti  ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to  MalwareHunterTeam , "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their clearweb and Tor domains for the payment site (which is obviously more important than the leak) is down." It's not clear what prompted the shutdown, but the development comes as Swiss cybersecurity firm PRODAFT  offered  an unprecedented look into the group's ransomware-as-a-service (RaaS) model, wherein the developers sell or lease their ransomware technology to affiliates hired from darknet forums, who then carry out attacks on their behalf while also netting about 70% of each ransom payment extorted from the victims. The result? Three members of the Conti team have b

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
May 10, 2021
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu  said  in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months." It's the latest in a series of efforts undertaken to bring to light malicious Tor activity perpetrated by the actor since  December 2019 . The attacks, which are said to have begun in January 2020, were first  documented and exposed  by the same researcher in August 2020. Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms
May 03, 2019
Europol announced the shut down of two prolific dark web marketplaces— Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the world's second largest dark marketplace with more than a million users and 5,400 vendors. Besides this, the operation involving Europol , Dutch police and the FBI also led to the arrests of two major suppliers of narcotics via the Wall Street Market site in Los Angeles, the United States. According to the Europol, the police officers seized the computers used to run the illegal market place, along with more than €550 000 (£472,000 or $621,000) in cash, more than €1 Million in Bitcoin and Monero cryptocurrencies, expensive cars, and other evidence. In a press release published today, Eu

The Tor Project to Beef Up Privacy with Next-Generation of Onion Services

The Tor Project to Beef Up Privacy with Next-Generation of Onion Services
Nov 03, 2017
The Tor Project has made some significant changes to its infrastructure by improving the way the 'onion' network protects its users' privacy and security. Since the beginning, the largest free online anonymity network has been helping users browse the web anonymously, and its onion service provides a network within which encrypted websites can be run anonymously. However, the infrastructure design and encryption behind the service has become little outdated, eventually leaving it vulnerable to potential and resourceful attackers. Tor network has become such a potential target that even Zerodium, a company that acquires and resells zero-day exploits, is ready to pay $1 million for Tor zero-day exploits . Keeping these concerns in mind, the Tor Project has been working to upgrade its infrastructure over the past four years, and the good news is… A few weeks ago, the Tor Project announced the release of Tor 0.3.2.1-alpha that includes support for the next generati

Dark-Web Drug Dealer Arrested After He Travelled US for World Beard Championships

Dark-Web Drug Dealer Arrested After He Travelled US for World Beard Championships
Sep 28, 2017
United States authorities arrested suspected dark web drug kingpin late last month while he was travelling from his base in France to the United States of America for this year's annual World Beard and Mustache Championships. Gal Vallerius, a 38-year-old French national, was travelling to Austin, Texas, for the competition but was caught by U.S. authorities on August 31 upon landing at Atlanta International Airport on a distribution complaint filed in Miami federal court, The Miami Herald reported Tuesday. Authorities confirmed Vallerius' identity to the online moniker " OxyMonster ," which was previously used to sell drugs on an illegal underground dark web marketplace called Dream Market by searching his laptop that the brown-beard contestant carried with him. Alleged Moderator/Admin Of Dark-Web Dream Market According to Drug Enforcement Administration (DEA) affidavit filed in September, Vallerius was an administrator, senior moderator and vendor on Dream

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments
Sep 13, 2017
It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars. Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system. Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy. Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled. The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser. Moreover, the zero-day Tor exploit must work without requiring an

Dark Web Users Suspect "Dream Market" Has Also Been Backdoored by Feds

Dark Web Users Suspect "Dream Market" Has Also Been Backdoored by Feds
Jul 21, 2017
By now you might be aware of the took down of two of the largest online dark websites— AlphaBay and Hansa —in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA (Drug Enforcement Agency) and Dutch National Police. But the interesting aspect of the takedown was that the federal authorities shut down AlphaBay , but took control of the Hansa market and kept it running for at least a month in an effort to monitor the activities of its visitors. The visitors of Hansa market also included a massive flood of Alphabay refugees, as the seizer of AlphaBay Market forced their visitors to join the Hansa market for illegal trading and purchasing. However, not just Hansa, after AlphaBay's shutdown , many of its users also joined another website known as Dream Market, which is believed to be the second-largest dark web marketplace, ahead of Hansa. After the shutdown of both AlphaBay and Hansa, Dream Market

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database
Feb 05, 2017
Dark Web is right now going through a very rough time. Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said: " Hello, Freedom Hosting II, you have been hacked. " Freedom Hosting II is the single largest host of underground websites accessible only through Tor anonymising browser that hosts somewhere between 15 and 20 percent of all sites on the Dark Web, anonymity and privacy researcher Sarah Jamie Lewis estimated . Besides defacing all Dark Web sites hosted on Freedom Hosting II with the same message and stealing its database, the hackers also demanded a ransom for 0.1 Bitcoin (just over $100) to return the compromised data to the hosting service. Now, it has been reported that the stolen database from Freedom Hosting II has publicly been released online to a site hosted on the Tor network, wh

UPDATE Firefox and Tor to Patch Critical Zero-day Vulnerability

UPDATE Firefox and Tor to Patch Critical Zero-day Vulnerability
Dec 01, 2016
The critical Firefox vulnerability being actively exploited in the wild to unmask Tor users has been patched with the release of new browser updates. Both Mozilla and Tor Project has patched the vulnerability that allows attackers to remotely execute malicious code on Windows operating system via memory corruption vulnerability in Firefox web browser. Tor Browser Bundle is a repackaged version of the open-source Mozilla Firefox browser that runs connections through the Tor anonymizing network configured to hide its user's public IP address. However, the exploit code released by an unnamed online user was currently being exploited against Tor Browser users to leak the potentially identifying information of Tor users. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," an official of the anonymity network wrote in an advisory published on Wednesday.  "Even though there is currently...no similar explo

Improve Your Online Privacy And Security Using NordVPN

Improve Your Online Privacy And Security Using NordVPN
Sep 29, 2016
Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped. In short, the simple truth is that you have no or very little privacy when you're online. So, if you're worried about identity thieves, or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to avoid using public networks; use a Virtual Private Network (VPN) instead. When it comes to digital security, the first thing most users probably think of is a good Antivirus for protecting their sensitive data on their systems. But, what they forget is that the data they send over the Internet needs protection, too. That's where Virtual Private Network (VPN) services come in. VPN allows you to access a private network securely and to share data remotely through public networks,

More than 1 million People now access Facebook Over Tor Network

More than 1 million People now access Facebook Over Tor Network
Apr 22, 2016
In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months. Today, when global surveillance system continues to grow, encryption has the power to protect users' security and privacy online. And it is ultimately a good thing that companies like Facebook are competing on users' security. In 2014, Facebook launched a special version of its website that runs only with the help of Tor anonymity software that offers privacy to users. Tor anonymity software or Tor browser secures and encrypts connections to prevent cyber criminals or law enforcement agencies from tracking users' web activity. Tor users can visit Facebook's Tor hidden s

FBI is fighting back against Judge's Order to reveal TOR Exploit Code

FBI is fighting back against Judge's Order to reveal TOR Exploit Code
Mar 29, 2016
Last month, the Federal Bureau of Investigation (FBI) was ordered to reveal the complete source code for the TOR exploit it used to hack visitors of the world's largest dark web child pornography site, PlayPen. Robert J. Bryan, the federal judge, ordered the FBI to hand over the TOR browser exploit code so that defence could better understand how the agency hacked over 1,000 computers and if the evidence gathered was covered under the scope of the warrant. Now, the FBI is pushing back against the federal judge's order. On Monday, the Department of Justice (DOJ) and the FBI filed a sealed motion asking the judge to reconsider its ruling, saying revealing the exploit used to bypass the Tor Browser protections is not necessary for the defense and other cases. In previous filings, the defence has argued that the offensive operation used in the case was " gross misconduct by government and law enforcement agencies, " and that the Network Investigative Technique (NIT)
Cybersecurity Resources