Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again.
However, questions have been raised over whether it is a genuine attempt to revive the forums once again or set up as a lure by law enforcement to entrap more data dealers and cybercriminals.
Read more…
Source: Malwarebytes labs
Related:
- AstraLocker ransomware shuts down and releases decryptors
July 4, 2022
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files ...
- British Army Twitter and YouTube feeds hijacked by crypto-promos
July 4, 2022
The British Army has apologizsed after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs. As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: “The Anomalies is a collection of special Possessed 1/1s”. According to Web3-watcher Web3 is going just great – the ...
- Crypto sleuths pin $100 million Harmony theft on Lazarus Group
July 1, 2022
Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. The company said it had tracked the movement of some of the stolen cryptocurrency to a so-called mixer used to launder such ill-gotten funds. Blockchain startup Harmony announced June 23 ...
- #StopRansomware: MedusaLocker
June 30, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. ...
- Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
June 30, 2022
Since it became operational in April, Black Basta has garnered notoriety for its recent attacks on 50 organizations around the world and its use of double extortion, a modern ransomware tactic in which attackers encrypt confidential data and threaten to leak it if their demands are not met. The emerging ransomware group has continued to ...
- Toll fraud malware: How an Android application can drain your wallet
June 30, 2022
Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique ...

