Search the Community

An osint tool that uses Ahmia.fi to get Tor hidden services and descriptions that match with the users query. [Hidden Content]

Billing Book is a PHP/jQuery-based web-based application that allows you to manage your invoices, customers, suppliers, and stock. The application has an Easy POS system for a faster billing system. A very responsive web template has been used, the application contains complete source code and is easy to modify it as per your needs. The application can be ready to install on the local computer or on an online server with an easy installation process. [Hidden Content] [hide][Hidden Content]]

Google’s Threat Analysis Group (TAG) has confirmed that Android users around the world are being targeted by the Alien spyware family, which is commercial spyware. Tracking shows that the malware family is an advanced malware family developed by Cytrox Technologies of the Republic of North Macedonia in the Balkans of Southeastern Europe. The company primarily sells it to certain national government agencies or groups backed by those government agencies for the purpose of hacking and spying on targeted Android users. In essence, this is no different from the Pegasus spyware launched by the Israeli commercial spyware company NSO, except that the Alien spyware is for Android. Analysis shows that the Alien spyware family mainly exploits zero-day vulnerabilities and certain known outdated flaws, and is mainly spread by email. For example, after the email of the target user is known, a phishing email is sent to induce the user to click on the link, and the Predator virus can be automatically loaded after clicking. The organization that launched the attack uses a short-link system. When a user clicks, the virus will be loaded for the first time, and then they will jump to the website mentioned in the phishing email to confuse the user. The three campaigns identified by Google’s threat analysis team belong to the Alien malware family, and there are currently dozens of Android users under attack. Obviously, this is also a targeted attack, and the attacker will only carry out targeted attacks after selecting the target. Google writes: Analysis revealed that the Alien malware family has features such as audio recording, hiding apps, stealing user data, and turning on microphones for monitoring. Zero-day vulnerabilities that have been discovered by Google will be fixed soon, but for most Android users, there is no way to update the system in time to fix it. In particular, many of the vulnerabilities exploited by the malware are outdated, meaning they have long been fixed by Google but the OEM has not sent an update to the user. This makes the security of the Android system very weak, because many outdated vulnerabilities have been published long ago, and virtually any attacker can exploit the vulnerabilities. Google reminded that users should not click on links in unknown emails, and users should double-check the sender to ensure that the email is safe before clicking on the link.

NAS maker QNAP continues to issue security alerts, and QNAP says ransomware called DeadBolt is looking for NAS servers exposed on the public internet. Earlier this month, QNAP issued an alert saying it had detected a large number of attacks of unknown origin, which sought to exploit vulnerabilities and weak passwords in devices exposed on the public Internet. QNAP did not mention whether the ransomware in the warning was related to the attack at the beginning of the month, but judging from the content of the two warnings, it should be the same batch of attacks. “DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users’ data for Bitcoin ransom,” the company said. “QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version.” QNAP said in the announcement that the ransomware called DeadBolt ransomware is looking for exposed NAS on the network, and then looking for potential vulnerabilities to try to launch an attack. The company said that the ransomware is not complicated and mainly relies on the vulnerabilities of the old QTS system, so it is very important for users to update the QTS system in a timely manner. It is worth noting that in the two warnings, QNAP strongly advised users not to expose their devices to the public Internet. However, for users, not being exposed to the public network means that they cannot connect to the public network, and it is very difficult and inconvenient to access the server content when going out. QNAP even suggested that users turn off the UPnP function of the router. The following are safety recommendations: Use the built-in security advisory function of the QNAP device to scan the potential risks of the device, including detecting whether the device is exposed to the public network and specific open ports. If the scanning shows that the system management service can be accessed from an external address then the device is at high risk and the user should follow the security advisor guidelines to disable public network access. Including disabling external address access, disabling exposed ports, turning off port forwarding or UPnP on the router, and DMZ to ensure that the internal network cannot be accessed from the outside. Of course, the result of this is that users will not be able to access QNAP devices through the external network. If you really need external network access, you can try other methods to strengthen security. Including but not limited to using multi-factor authentication, using high-strength passwords, non-repeating passwords, or using encrypted tunnels to connect to the intranet before using the intranet to access.

Description Windows 11 is the first new Windows OS to release in 5 years. While there are a lot of similarities between Windows 10 and Windows 11, there are also several differences, especially when it comes to the user interface. This course is aimed at IT pros and help desk professionals who may be tasked with helping users transition from Windows 10 to Windows 11. Instructor Brien Posey covers common installation and post-installation management tasks. He also leads you through key changes from Windows 10 and important new features of Windows 11. [1] Introduction [2] 1. Installing Windows 11 [3] 2. Postinstallation Tasks [4] 3. The Start Menu [5] 4. The Windows 11 Interface [6] 5. Non-Keyboard Interfaces [7] 6. Gaming [8] Conclusion [Hidden Content] [hide][Hidden Content]]

Reminder PRIV8 users may not disseminate any information posted on this website in other forums or websites. Failure to comply with this rule will result in their definitive expulsion.

Only days after the T-Mobile data breach, the same threat actor is selling 70 million AT&T users’ records. The mobile service provider denied the data leak claim, saying the data didn’t come from any of their systems. ShinyHunters, the same group of threat actors that posted T-Mobile users’ data for sale just days ago, is now selling 70 million records that allegedly belong to another mobile service provider – AT&T. The sample of data for sale includes AT&T users’ full names, social security numbers, email addresses, and dates of birth. ShinyHunters is selling the database for a starting price of $200,000. AT&T denied the claim that the data was leaked, suggesting that it is either inauthentic or gathered from other sources. “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems,” MarketWatch quoted the cellphone carrier. AT&T has suffered a data breach before. In 2015, the company agreed to pay a $25 million fine for an insider breach. As a matter of fact, in May, a threat actor was looking to hire a T-Mobile and/or AT&T employee, presumably to help them stage an insider attack on their employer. The claim of yet another enormous user database comes only days after another mobile service provider T-Mobile has confirmed a data breach. According to their latest statement, an attacker illegally accessed a database containing information on more than 40 million past, current, and prospective users of T-Mobile US. Late last week, T-Mobile was tipped about claims in an online forum that a threat actor has compromised T-Mobile systems. The company announced it had located and immediately closed the access point that might have been used to illegally gain access to the organization’s servers. “Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a press release. The experts we spoke to insisted that this data could be used for social engineering and identity theft. ShinyHunters is a notorious threat actor group and is responsible for multiple major data breaches. According to HackRead, they have targeted companies like Mashable, 123RF, Minted, Couchsurfing, Animal Jam, and others. Source

Cybersecurity researchers from Bitdefender discovered a new malware, “MosaicLoader,” which is targeting users looking online for pirated software. Adversaries often target users with various phishing tactics. But sometimes, unwitting users fall into a hacker’s trap, revealing their private data to attackers. Cybersecurity researchers from Bitdefender recently identified a new malware variant that targets users who are looking online for pirated software. Tracked as MosaicLoader, the malware is distributed via paid advertisements in search results, specially crafted to trick users into clicking the malicious ads link and infect their devices. Once deployed on the system, MosaicLoader creates a complex chain of processes and automatically downloads additional payloads like cookie stealers, crypto-currency miners, and backdoors like Glupteba. Glupteba is a malware Trojan with advanced features that could turn the infected system into a remotely controlled bot and steal personal information. MosaicLoader’s Infection Flow Initially, the MosaicLoader malware adds local exclusions in Windows Defender for legitimate-looking filenames to evade security detections. The malware then deploys additional malware payloads to gain persistent access to the targeted device. The execution flow of MosaicLoader include: Creating a fake software file > Code obfuscation with execution order > Auto-downloading with several malware strains. Impact In addition to MosaicLoader, Bitdefender researchers also identified a malware sprayer distributing Facebook cookie stealers to access users’ login cookies from browsers. This allows threat actors to take over victims’ Facebook accounts, deploy malware, and steal identities. They even leveraged a variety of RATs like AsyncRAT and Powershell Dropper for their cyberespionage campaigns to obtain users’ log keystrokes, audio from the microphone, and images from the infected system. “Due to MosaicLoader’s capabilities, user privacy may be severely affected. The malware sprayer can deliver Facebook cookie stealers on the system that might exfiltrate login data, resulting in complete account takeovers, posts that can harm the reputation of businesses or persons, or posts that spread malware. Another significantly dangerous malware delivered through MosaicLoader is the Remote Access Trojans. They can log keypresses on the system, record audio from the microphone and images from the webcam, capture screenshots, etc. With this private information, attackers can take over accounts, steal digital identities and attempt to blackmail victims,” Bitdefender said. Indicators of Compromise URLs t1.cloudshielding.xyz c1.checkblanco.xyz s1.chunkserving.com m1.uptime66.com 5a014483-ff8f-467e-a260-28565368d9be.certbooster.com 0129e158-aa17-4900-99a6-30f4a49bd0a4.nordlt.com Integral.hacking101.net IP Address 195.181.169.92 Mitigation While the MosaicLoader campaign has not targeted any specific countries or sectors, the attackers are mostly targeting personal computers. To prevent MosaicLoader infections: Organizations should apply the indicators of compromises (IOCs) to endpoint detection and response (EDR) systems Ensure employees avoid downloading pirated software or applications Always download from authentic sources Keep devices updated

WARNING — Malware Found in CamScanner Android App With 100+ Million Users ◾️Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store. ◾️So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store.

WordPress Import Export WordPress Users plugin version 1.3.1 suffers from a CSV injection vulnerability. View the full article

With PlayTube users can view & Interact with lasted videos and like and comment and more, now using the application is easier, and more fun! PlayTube is easy, secured, and it will be regularly updated. Demo: [Hidden Content] [HIDE][Hidden Content]]

WordPress Export Users to CSV plugin version 1.1.1 suffers from a CSV injection vulnerability. View the full article