Brave, the web browser that insists on privacy, exposes users' activities to its Internet Service Providers on Tor's secret servers, or "dark web." In its browser, Brave has solved a data protection problem that sends queries for .onion domains to a DNS solution, instead of a Tor node path, so that access to the dark website is shown to users. In a hotfix release, the bug was addressed.
Recently, a hacking threat group has supposedly infected the data of 1.7 billion users, which is being investigated by Oxfam Australia – a humanitarian and non-profit organization that witnessed data breach and blatant violation of privacy.
Estate agent Foxtons Group is under tremendous pressure after a daily newspaper named ‘publication i’ asserted that critical information pertaining to customers’ card and other personal details have been uploaded to a dak web site. As per the reports of publication i, on October 12 last year, a customer discovered card information, addresses, and personal messages belonging to over 16,000 individuals.
In yet another data breach, sensitive information of almost 3.25 lakh clients of India-based global cryptocurrency exchange and wallet, BuyUcoin, have been exposed on the Dark Web. The information leak incorporates names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers), and deposit history.
Headquartered in Hammersmith, London (UK)- AnyVan is a European online platform for the patrons to access consignment, transport, and removal services from their chain network of transport partners. It focuses on European moves only. Also, it is one of the front runners of Europe in terms of moving services as it can easily compare the delivery path of the patron with that of the transport service provider and associate them to mitigate costs and eliminate CO2 emissions by optimizing storage space and haulage. However recently AnyVan affirmed its users about the unauthorized data break-in and embezzlement of personal details of its patrons by the hackers.
DarkMarket, purportedly the world's biggest dark web marketplace, has been taken down by a Europol-coordinated international operation, as indicated by authorities. Europol upheld the takedown with specialist operational analysis and coordinated the cross-border collaborative effort of the nations.
The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol
A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.
To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.
The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.
Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.
Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.
"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.
In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.
The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.
The data of 10 Crore Indian cardholders has been sold on the Dark Web for an unknown amount. The information has been disclosed by the independent cybersecurity researcher Rajshekhar Rajaharia who further stated that ‘hackers attacked the server of Bangalore-based digital payments portal Juspay and after the server was compromised they leaked the data of 10 Crore Indian debit and credit card holders on Dark Web’.
As the pandemic continues to spread globally via a new Covid-19 variant, the attacks on medical agencies surge likewise. Pharmaceutical industries and government organizations continue to face the wrath. As per the sources, the European Medicines Agency (EMA) became the victim of the latest attack, from where “several documents related to the Covid-19 vaccine are allegedly stolen and are released in the Darkweb market, security experts said”.
A data broker has been allegedly selling stolen user data of twenty-six companies on a hacker forum. Reportedly, the hacker who has put on sale the stolen data for certain companies at a particular price – is yet to decide the pricing for the rest of the stolen databases.