Search cyberveille.decio.ch

Found 7 bookmarks

Custom sorting

On Lockbit's plaintext passwords

Today it was discovered that an unknown actor had managed to exploit a vulnerability in Lockbit’s PHPMyAdmin instance (on their console onion site). Apparently they were running PHP 8.1.2 which is vulnerable to an RCE CVE-2024-4577. Which uhh… lol? It probably would have been prudent to do a post-paid penetration test on their own infrastructure at some point. Further compounding the unfortunate situation, the actor was able to dump their database. This contained, as stated by Bleeping Computer, a number of tables such as bitcoin addresses, data about their build system such as bespoke builds for affiliates, A ‘chats’ table containing negotiation messages, which we’ll go through in a later post. And finally, of interest today, the usernames and passwords of LockBit agents using the console. Of special importance, making our work markedly easier, these passwords were not hashed. Which sure is a choice, as an organization that performs ransomware attacks. The vast majority of the passwords in this table as reasonably secure; it’s not solely hilariously weak credentials, but there still are a number that display poor security hygiene. The weak passwords Before going into my standard analysis, I’ll list off all of the weak passwords in question, and then we’ll go through the statistics of the whole set. The fun to highlight passwords: Weekendlover69 CumGran0Salis Lockbit123 Lockbitproud321 * Lavidaloca18

#dak.lol #EN #2025 #Lockbit #leak #passwords #complexity #PHPMyAdmin #analysis

·dak.lol·May 8, 2025

On Lockbit's plaintext passwords

Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse

In February 2025, the cybersecurity community witnessed an unprecedented leak that exposed the internal operations of Black Basta.

#trustwave #EN #2025 #BlackBasta #leak #analysis

·trustwave.com·Apr 9, 2025

Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

#404media #EN #2024 #Graykey #leak #analysis #Apple #Google #ios #Android #forensics

·404media.co·Nov 19, 2024

Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock

stardom dreams, stalking devices and the secret conglomerate selling both

people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously. at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us. half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here? starting our descent

#maia.crimew.gay #EN #2024 #Tracki #shady #business #investigation #stalkerware #security #analysis #sqli #leak #exploit #nyancrimew #maia-arson-crimew #switzerland #hacktivism #developer

·maia.crimew.gay·Aug 19, 2024

stardom dreams, stalking devices and the secret conglomerate selling both

PCTattletale leaks victims' screen recordings to entire Internet

PCTattletale is a simple stalkerware app. Rather than the sophisticated monitoring of many similarly insecure competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection. Afterward the observer can log in to an online portal and activate recording, at which point a screen capture is taken on the device and played on the target's browser.

#ericdaigle #EN #2024 #PCTattletale #analysis #stalkerware #screen #recordings #leak

·ericdaigle.ca·May 28, 2024

PCTattletale leaks victims' screen recordings to entire Internet

A first analysis of the i-Soon data leak

Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.

#malwarebytes #EN #2024 #i-Soon #data #leak #analysis

·malwarebytes.com·Feb 21, 2024

A first analysis of the i-Soon data leak

#FuckStalkerware pt. 3 - ownspy got, well, owned

we continue our series on stalkerware with a write-up and batch of data sent to me by a source last night. this time it is the brazilian ownspy (aka webdetective and saferspy, by mobileinnova) that has been completely hacked. among other things ownspy claims to be the #1 most privacy focused "parental control app" allegedly featuring E2E encryption, if this sounds too good to be true that's because it mostly is, but more on that later.

#FuckStalkerware #stalkerware #research #analysis #leak #sqli #exploit #nyancrimew #maia-arson-crimew #android #switzerland #hacktivism #lucerne #developer

·maia.crimew.gay·Aug 28, 2023

#FuckStalkerware pt. 3 - ownspy got, well, owned