Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/16/24 in all areas

  1. Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the U.S. Federal Bureau of Investigation (FBI). The operation is the result of a collaborative effort from authorities in Australia, Iceland, New Zealand, Switzerland, the U.K., the U.S., and Ukraine. The FBI has also taken control of the Telegram channel operated by Baphomet, who became the administrator of the forum following the arrest of his predecessor Conor Brian Fitzpatrick (aka pompompurin) in March last year. It's worth noting a prior iteration of BreachForums, hosted at breached.vc/.to/.co and managed by pompompurin, was seized by law enforcement in late June 2023. "This Telegram chat is under the control of the FBI," a message posted on the channel reads. "The BreachForums website has been taken down by the FBI and DOJ with assistance from international partners." "We are reviewing the site's backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us: https://t.me/fbi_breachforums breachforums@fbi.gov breachforums.ic3.gov." It's currently not clear if Baphomet and his other fellow administrator ShinyHunters have been arrested, although the seizure banner depicts the profile pictures associated with both of them as behind bars. "From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clearnet marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services," the agencies said. BreachForums emerged in March 2022 following the law enforcement dismantling of RaidForums and the arrest of its owner "Omnipotent." Following its shutdown in 2023, it resurfaced again after Baphomet teamed up with ShinyHunters to launch a new site under the same name. Source: https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html
    1 point
  2. Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols. The method "involves downgrading victims to a less secure network by spoofing a trusted network name (SSID) so they can intercept their traffic or carry out further attacks," TopVPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef. "A successful SSID Confusion attack also causes any VPN with the functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed." The issue underpinning the attack is the fact that the Wi-Fi standard does not require the network name (SSID or the service set identifier) to always be authenticated and that security measures are only required when a device opts to join a particular network. The net effect of this behavior is that an attacker could deceive a client into connecting to an untrusted Wi-Fi network than the one it intended to connect to by staging an adversary-in-the-middle (AitM) attack. "In our attack, when the victim wants to connect to the network TrustedNet, we trick it into connecting to a different network WrongNet that uses similar credentials," researchers Héloïse Gollier and Vanhoef outlined. "As a result, the victim's client will think, and show the user, that it is connected to TrustedNet, while in reality it is connected to WrongNet." In other words, even though passwords or other credentials are mutually verified when connecting to a protected Wi-Fi network, there is no guarantee that the user is connecting to the network they want to. There are certain prerequisites to pulling off the downgrade attack - The victim wants to connect to a trusted Wi-Fi network There is a rogue network available with the same authentication credentials as the first The attacker is within range to perform an AitM between the victim and the trusted network Proposed mitigations to counter SSID Confusion include an update to the 802.11 Wi-Fi standard by incorporating the SSID as part of the 4-way handshake when connecting to protected networks, as well as improvements to beacon protection that allow a "client [to] store a reference beacon containing the network's SSID and verify its authenticity during the 4-way handshake." Beacons refer to management frames that a wireless access point transmits periodically to announce its presence. It contains information such as the SSID, beacon interval, and the network's capabilities, among others. "Networks can mitigate the attack by avoiding credential reuse across SSIDs," the researchers said. "Enterprise networks should use distinct RADIUS server CommonNames, while home networks should use a unique password per SSID." The findings come nearly three months after two authentication bypass flaws were disclosed in open-source Wi-Fi software such as wpa_supplicant and Intel's iNet Wireless Daemon (IWD) that could deceive users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. Last August, Vanhoef also revealed that the Windows client for Cloudflare WARP could be tricked into leaking all DNS requests, effectively allowing an adversary to spoof DNS responses and intercept nearly all traffic. Source: https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html
    1 point
  3. Dap, interesant dar de citit partea asta. E la fel de "eficient" ca Evil Twin, doar ca aici cred ca se poate face conexiunea automat. Oricum in practica MiTM nu e asa de util, majoritatea clientilor valideaza certificatele. Sunt desigur exceptii urate care pot duce la probleme serioase, dar un atac cap-coada e destul de greu de pus la punct.
    1 point
×
×
  • Create New...