Whiteintel

💥 A native OpenCTI connector for Dark Web Informer is now up for review. https://t.co/QmVo1cJRqY It ingests the prebuilt STIX 2.1 bundles directly (feed, ransomware, IOCs, all) and passes them straight through, no conversion layer. Validated end-to-end. Requires a DWI API key. Many thanks to the unnamed customer who requested this and was patient with me putting this together.

Red Hat Miasma Supply Chain Attack - What We Know. The compromised GitHub credentials were visible in infostealer logs 6 weeks before the attack went public. 📅 Apr 13: Credentials & session cookie first seen in stealer logs 📅 May 15: Same identity resurfaces in a second log 📅 May 29: Malicious commit pushed to RedHatInsights repos 📅 Jun 1: Attack publicly disclosed https://t.co/1QuJlGzSZO

http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid[.]onion/r/336b257f582b17573c97578efd4b22762bf77344 Trellix has disclosed a breach of its source code repository. The company which is formed from the merger of McAfee Enterprise and FireEye, protects over 200 million endpoints and 50,000 business and government customers worldwide. The attack was claimed by RansomHouse and Trellix confirmed it is working with forensic experts and has notified law enforcement, but has not disclosed whether customer data was accessed or a ransom was demanded yet. Sources: https://t.co/p0I4HdIQtt

A threat actor is selling a 73GB database allegedly belonging to IUNGO Cloud, a Brazilian cloud-telephony provider containing 21 million customer records. The dataset includes PII, call detail records, customer account balances, email addresses, phone numbers, and passwords. It's being offered as a one-time exclusive sale. Telecom providers are high-value targets. Call records reveal who you talk to, when, and for how long. Combined with account credentials, that's a complete profile.

5.4 million credentials in Email:Pass format from Badoo, Tinder, Meetup, and Flickr are being freely distributed on darkweb forum Crackingx. Dating platform credentials are not treated as high-value by most people. Attackers and predatory marketing companies see it differently. These accounts come with something more useful than passwords: demographic profiles. Age, location, relationship status, interests, photos. This data fuels both romance scam operations and targeted marketing campaigns. Scammers use it to pre-profile victims before the first message is sent. Data brokers and predatory advertisers use it to build shadow profiles - targeting people based on emotional vulnerabilities, loneliness, or relationship status with ads for financial products, subscriptions, and services they never consented to be profiled for.

ShinyHunters has released Vimeo's data after negotiations failed. The group compromised Vimeo's Snowflake and BigQuery instances via Anodot, a third-party analytics provider. After the company "failed to reach an agreement," ShinyHunters posted the data publicly today on their breach forum. The post reads: "The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care." https://breachforums[.]rs/Thread-DATABASE-Vimeo-Inc

NEW BLOG POST Your domain appeared in a 2019 breach. Security team spends hours investigating. Affected employee left the company years ago. Meanwhile, fresh credentials hit marketplaces yesterday and nobody noticed. Building a credential monitoring program that actually works: https://t.co/JsAnU0mGU8

A ransomware negotiator hired to protect victims was secretly feeding their insurance limits and negotiation strategies to the BlackCat gang and pocketing a cut. Angelo Martino, 41, worked at cybersecurity firm DigitalMint as an incident responder. Across five separate cases in 2023, he told BlackCat exactly what each victim's insurance would cover and how far they'd negotiate maximizing the ransoms they were forced to pay. He then went further. Together with two other cybersecurity professionals from DigitalMint and Sygnia, he actively deployed BlackCat ransomware, extorting over $1.2 million from one victim alone. The proceeds went to a food truck and a luxury fishing boat. On Monday, Martino pleaded guilty to conspiracy to deploy ransomware and extort U.S. victims. Law enforcement seized $10 million in assets. He faces up to 20 years. He is the third ransomware negotiator charged in the same scheme. Source: https://t.co/qDwiWvfza8

Threat actors running infostealer marketplaces on the darkweb are increasingly using free credential drops as a customer acquisition strategy. A threat actor was observed distributing 1,000 free Mystic Stealer logs on darkweb forums not for financial gain, but to drive traffic to their onion-based stealer marketplace. The free logs serve as proof of quality, building credibility with potential buyers. The infostealer economy has matured to the point where actors are running proper funnels: free samples, product listings, customer support, trial periods and marketing campaigns. Also the name SiberianShelves sounds like a knock-off version of RussianMarket