Registration information of more than 480,000 members of RaidForums cybercriminal forum has been leaked on ‘Exposed,’ a new underground platform that has recently emerged as a replacement to the now-defunct RaidForums.

RaidForums was a popular marketplace that offered for sale data obtained from data breaches, including credit cards, bank account numbers and credentials needed to access online accounts.

As per media reports, the leaked data included registration information of RaidForums members who registered between March 2015 and September 2020, as well as usernames, email addresses, hashed passwords, and other info. Currently, it’s unclear where the leaked database came from or who and why had created it.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

The number of phishing domains dropped after Meta lawsuit against Freenom

Meta lawsuit has led to a substantial decline in phishing domains tied to the Netherlands-based domain name registrar Freenom, which manages top-level domains of the Central African Republic (.cf), Equatorial Guinea (.gq), Gabon (.ga), Mali (.ml), and Tokelau (.tk) and is favored by cybercriminals due to its policy of hiding the identities of its customers.

In March 2023, social media giant Meta sued Freenom, alleging cybersquatting violations and trademark infringement. Following the lawsuit Freenom halted domain registrations.

It seems that the lawsuit proved to be effective, as the number of phishing domains linked to Freenom’s commercialized ccTLDs dropped from 60% in November 2022 to meager 15% in the months following the lawsuit.

Private details of nearly 9M of MCNA Dental patients exposed after Lockbit ransomware attack

Around 9 million people had their personal data compromised following a ransomware attack on MCNA (Managed Care of North America) Dental, one of the largest dental insurers for government-sponsored Medicaid and CHIP programs in the United States.

The company said it detected unauthorized activity in its network on March 6, 2023 and launched an investigation, which showed that the attackers stole customers’ personal information. The impacted data included first and last name, address, date of birth, phone number, email, Social Security numbers, information about health insurance and other medical data.

On March 7, the notorious Lockbit ransomware gang claimed responsibility for the hack and asked for a $10 million ransom, threatening to publish 700 GB of data allegedly stolen from MCNA Dental. Apparently, the company did not pay the ransom, so LockBit leaked the stolen data on April 7.

Emby remotely shuts down user servers after the hack

Emby, a software company behind the eponymous media server, remotely shut down an undisclosed number of user-based media server instances after a threat actor took advantage of a vulnerability to hijack systems and install a malicious plugin for harvesting login credentials.

The Emby team developed a firmware update to scan for the offending plugin and shut down systems where it was discovered.

In other news, network security solutions provider Barracuda Networks disclosed that some of its customers’ Email Security Gateway (ESG) appliances have been compromised via a now-patched zero-day vulnerability, with hackers dropping at least three types of malware acting as backdoors on affected systems, as well as exfiltrating data.

The company said that the threat actors have been exploiting the zero-day (CVE-2023-2868) since October 2022, possibly earlier. The vendor did not disclose the number of impacted organizations, but provided a list of endpoint and network Indicators of Compromise (IoCs), as well as YARA rules to help defenders identify the threat.

Arbitrum's Jimbos Protocol hacked for $7.5M

Jimbos Protocol, an Arbitrum-based liquidity protocol, fell victim to a flash loan attack on May 28 that saw $7.5 million worth of Ether (ETH) tokens stolen. According to experts, the attacker took advantage of the weakness in the JimboController contract to manipulate price ranges for ETH-Jimbo conversion for personal profit.

The team behind Jimbos Protocol has acknowledged the hack on Twitter and offered the exploiter to return 90% of the stolen funds or face prosecution.

At the time of writing, it’s not clear whether Jimbos received any response from the hacker.

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

Europe’s Largest Pirate IPTV Operation Dismantled in the Netherlands

US Offering a $10M Bounty For Info On Russian Ransomware Hacker

Uber’s Ex-CSO Gets Three Years' Probation Over 2016 Hack Cover Up