LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen

iT4iNT SERVER LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace VDS VPS Cloud #LeakBase #Cybercrime #StolenCredentials #DataBreach #CyberSecurity

Tennessee Man Hacks Supreme Court System
Read More: buff.ly/HhMtMV6

#CyberCrime #CourtSystems #StolenCredentials #AccountTakeover #GovSecurity #DataPrivacy #JusticeDepartment #InfosecNews #CyberLaw

Taiwanese Web Hosting Infrastructure Hit by UAT-7237  A recent report from Cisco Talos exposes a cyber intrusion by a suspected Chinese-government-backed hacking collective, tracked as UAT-7237, into a Taiwanese web hosting provider. The attackers aimed to steal credentials and implant backdoors, enabling persistent and covert access to sensitive infrastructure. The outfit has been active at least since 2022, based on forensic analysis of a remote server hosting SoftEther VPN—a favored tool for maintaining their foothold. The chosen VPN's configuration indicated a preference for Simplified Chinese, hinting at the attackers' origins.  Talos researchers believe UAT-7237 is a subgroup of the broader Chinese APT UAT-5918, which is notorious for targeting Taiwan's critical infrastructure and overlapping with other Chinese cyber gangs like Volt Typhoon and Flax Typhoon. Despite similarities, Talos distinguishes UAT-7237 by its unique operational tools and strategies.  UAT-7237 predominantly deploys Cobalt Strike as its main backdoor implant, while UAT-5918 leans on Meterpreter-based reverse shells and a greater number of web shells for remote access. UAT-7237, in contrast, uses a selective approach, deploying fewer web shells and leveraging direct remote desktop protocol (RDP) access and SoftEther VPN clients.  The report highlights that UAT-7237 exploits unpatched vulnerabilities on internet-facing servers for initial access. Once inside, the crew conducts quiet reconnaissance, seeking out valuable assets and setting up prolonged access. Their toolset blends custom and open-source software; notably, the SoundBill shellcode loader (based on VTHello, featuring decoy files from Chinese IM software QQ) is used for malware deployment.  For privilege escalation, UAT-7237 employs JuicyPotato, a tool favored by Chinese-speaking hackers, while credential stealing is achieved through multiple methods—Mimikatz for extracting credentials, registry and disk searches, and further exploitation with BAT files. The ssp_dump_lsass project, found on GitHub, is also used to dump LSASS memory and steal credentials. Network scanning is performed using FScan, allowing the group to map open ports on IP subnets and gather information about SMB services on target endpoints. Attackers then use stolen credentials to pivot laterally within the victim’s network, seeking further targets of interest.  Although Talos has not revealed the full scope of UAT-7237’s campaign or disclosed the vulnerabilities exploited, the findings underscore the importance of patching exposed systems and maintaining vigilant security practices. The published indicators of compromise serve as practical tools for organizations facing similar threats.

Taiwanese Web Hosting Infrastructure Hit by UAT-7237 #ChineseHackers #CyberAttacks #StolenCredentials

Cyber Insights Today March 25, 2025

mailchi.mp/4560841250eb...

Welcome back to our Cybersecurity weekly Series! Enjoy this week's podcast addressing how #stolencredentials are contributing to how attackers are using them to penetrate companies. LIKE IT! POST a comment or question & SHARE!

3.9 Billion Passwords Stolen—Infostealer Malware Blamed The infostealer threat to your passwords continues to grow—now there are 3.9 billion reasons why you need to take it seriously.

www.forbes.com/sites... #cybersecurity #infostealers #StolenCredentials #PC #macOS #corporatepasswords #Gmail #Outlook #ActiveDirectory #FederationServices #RemoteDesktop

From Credentials to Identity: Understanding Digital Identity and Access - Cybersecurity Insiders AI is evolving at a rapid pace, and the uptake of Generative AI (GenAI) is revolutionising the way humans interact and leverage this technology. GenAI is

🔐 From Credentials to Identity: Strengthen #DigitalSecurity

With over 24 billion #stolencredentials monitored in 2024, credential breaches account for 1/3 of all #security incidents.

🟢 Adopt MFA, Zero Trust & strengthen access control.

👉 Read more: www.cybersecurity-insiders.com/from-credent...

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket
www.securityweek.com/honeypot-sur...
#Infosec #Security #Cybersecurity #CeptBiro #HoneypotSurprise #StolenCredentials #S3Bucket