A suspected developer of a new malware strain called Styx Stealer made a “significant operational security error” and leaked data from his computer, including details about clients and earnings, researchers have found.

Styx Stealer is “a powerful malware” capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. The Israel-based cybersecurity firm Check Point, which analyzed the malware, said that it was used against its customers, though further details were not provided.

“The developer made a fatal error and leaked data from his computer, which allowed Check Point to obtain a large amount of intelligence,” researchers said in a report published last week.

The developer of Styx Stealer was found to be linked to one of the Agent Tesla threat actors known as FucosReal, who

One of the largest companies that conducts background checks confirmed that it is the source of a data breach causing national outrage due to the millions of Social Security numbers leaked.

In a statement on Friday, National Public Data said it detected suspicious activity in its network in late December, and subsequently a hacker leaked certain tranches of data in April and throughout the summer.

“The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light,” the Florida-based company said.

“The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”

National Public Data said it “cooperated with law

Popular flight-tracking app FlightAware has admitted that it was exposing a bunch of users' data for more than three years.

It made the admission via a notification filed last week with Rob Bonta, California's attorney general, saying the leak began on January 1, 2021, but was only detected on July 25 of this year.

The incident was blamed on an unspecified configuration error. It led to the exposure of personal information, passwords, and various other personal data points you'd expect to see in a breach, depending on what information the user provided in their account.

The full list of potentially impacted data points is below:

• User ID
• Password
• Email address
• Full name
• Billing address
• Shipping address
• IP address
• Social media accounts
• Telephone numbers
• Year of birth
• Last four digits of your credit card number
• Information about aircraft owned
• Industry
• Title
• Pilot status (yes/no)
• Account activity (such as flights viewed and comments posted)
• Social Secu

A Kentucky man who hacked into a state registry and faked his own death to avoid paying child support was sentenced on Monday to 81 months in prison.

In January 2023, Jesse Kipf used stolen login credentials belonging to a physician to access the Hawaii Death Registry System, where he submitted and “certified” his own death — thereby avoiding paying more than $116,000 in owed child support.

He also hacked into other state death registry systems, as well as “governmental and corporate networks” using stolen credentials, and tried to sell access to those entities on the darkweb.

“Working in collaboration with our law enforcement partners, this defendant who hacked a variety of computer systems and maliciously stole the identity of others for his own personal gain, will now pay the price,” said Michael E. Stansbury, special

CrowdStrike – a company that advertises itself as stopping breaches using “AI-native cybersecurity” – recently failed to deliver in a spectacular fashion.

One of its faulty updates (for Windows) caused a massive global outage across different industries and services, including hospitals and airports.

This latest poster child for “single point of failure,” and why IT systems should not be centralized to the degree they are, now apparently sees making false copyright claims, thus abusing the DMCA, as one way of damage control.

The recipient of the takedown attempt is a parody site, ClownStrike. Created by IT consultant David Senk, clownstrike.lol went online on July 24, in the wake of the embarrassing and costly (damages are said to run into billions) episode caused by CrowdStrike.

![](https://links.hackliberty.org/pictrs/image/52cc4de6-56dd-488c-b6

3TOFU: Verifying Unsigned Releases

By Michael Altfield
License: CC BY-SA 4.0
https://tech.michaelaltfield.net

This article introduces the concept of 3TOFU - a harm-reduction process when downloading software that cannot be verified cryptographically.

Verifying Unsigned Releases with 3TOFU

⚠ NOTE: This article is about harm reduction.

It is dangerous to download and run binaries (or code) whose authenticity you cannot verify (using a cryptographic signature from a key stored offline). However, sometimes we cannot avoid it. If youre going to proceed with running untrusted code, then following the steps outlined in this guide may reduce your risk.

TOFU

TOFU stands for [Trust On First Use](https://en.wikipedia.o

Local authorities in Crimea are warning of internet disruptions from distributed denial-of-service (DDoS) attacks targeting telecommunication providers.

The “massive” DDoS attacks, which overwhelm targeted networks with a flood of junk internet traffic, were launched against Crimean telecom companies on Wednesday and are still ongoing, according to Crimean officials.

“Work is underway to repel attacks. There may be interruptions in providing internet services,” said Oleg Kryuchkov, the advisor to the Crimea region, which has been occupied by Russian forces since 2014.

In Crimea’s largest city, Sevastopol, the attackers mostly targeted local internet provider Miranda Media, which is connected to Russian national telecom provider Rostelecom. Miranda Media was [sanctioned](https://web.archive.org/web/20240629151819

Australia's Federal Police (AFP) has charged a man with running a fake Wi-Fi network on at least one commercial flight and using it to harvest flier credentials for email and social media services.

The man was investigated after an airline "reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight."

The AFP subsequently arrested a man who was found with "a portable wireless access device, a laptop and a mobile phone" in his hand luggage.

That haul led the force to also search the 42-year-old's home – after securing a warrant – and then to his arrest and charging.

It's alleged the accused's collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment. Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities "at locations linked to the man's previous employment."

Wherever the accused's rig ran, when

Polish prosecutors are investigating a suspected Russian cyberattack on the country’s state news agency.

The likely goal of the May attack on the Polish Press Agency, or PAP, was disinformation “aimed at causing serious disturbances in the system or economy of the Republic of Poland by an undetermined person or persons involved in or acting on behalf of foreign intelligence,” a spokesperson for the Warsaw District Prosecutor's Office told the state outlet.

This offense is punishable by no fewer than eight years in prison under local law. The probe has been assigned to the Internal Security Agency.

During the attack, hackers published fake news on the PAP website claiming the country’s authorities had announced a partial mobilization of 200,000 men who were to be sent to fight in a war in Ukraine.

After the article was deleted by PAP, the hackers reposted

Software company TeamViewer says that a compromised employee account is what enabled hackers to breach its internal corporate IT environment and steal encrypted passwords in an incident attributed to the Russian government.

In an update on Sunday evening, TeamViwer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company’s internal IT environment.

The company reaffirmed that the hackers were not able to gain access to the company's product environment or customer data, and that the breach, first reported last week, appears to be contained.

“The risk associated with the encrypted passwords contained in the directory has been mitigated in coll

Summary

In this proof-of-concept report, Recorded Future's Identity Intelligence analyzed infostealer malware data to identify consumers of child sexual abuse material (CSAM). Approximately 3,300 unique users were found with accounts on known CSAM sources. A notable 4.2% had credentials for multiple sources, suggesting a higher likelihood of criminal behavior. The study reveals how infostealer logs can aid investigators in tracking CSAM activities on the dark web. Data was escalated to law enforcement for further action.

Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers

Background

Infostealer malware steals sensitive user information such as login credentials, cryptocurrency wallets, payment card dat

A new vulnerability affecting Linux systems has caused alarm over the last 48 hours among security researchers, although some experts have cast doubts about whether widespread exploitation of the bug is likely.

On Monday, researchers from cybersecurity firm Qualys unveiled a report on CVE-2024-6387 — colloquially known as “RegreSSHion.” A patch is available to resolve the issue.

The vulnerability is found in OpenSSH’s server in glibc-based Linux systems.

Saeed Abbasi, product manager of vulnerability research at Qualys, told Recorded Future News the best way to understand the issue is to imagine a very secure lock on your front door that only lets people in if they have the right key.

“This lock is used

An international coalition of law enforcement agencies have taken action against hundreds of installations of the Cobalt Strike software, a penetration testing tool notoriously abused by both state-sponsored and criminal hackers involved in the ransomware ecosystem.

Britain’s National Crime Agency (NCA) announced on Wednesday that it coordinated global action against the tool, tackling 690 IP addresses hosting illegal instances of the software in 27 countries.

Cobalt Strike, now owned by a company called Fortra, was developed in 2012 to simulate how hackers break into victims’ networks. However, it works so well — easing the processes involved in trying to break into a victim’s network — that pirated versions of the tool have been widely deployed by real malicious actors over the last decade.

The a

Ticketmaster shot down claims made on the dark web that hackers have access to working ticket barcodes for several upcoming Taylor Swift concerts and other events.

On Friday, a hacker allegedly offered for sale event barcodes for Taylor Swift’s Eras Tour concert dates in New Orleans, Miami and Indianapolis.

The barcodes are typically scanned at the entrance for events. In total, the hacker offered about 170,000 barcodes for sale, with about 20,000 for sale at each show.

The hacker also threatened Ticketmaster with more leaks if they are not paid $2 million — claiming to have 30 million more barcodes for NFL games, Sting concerts and more.

A spokesperson for Ticketmaster debunked the claims made in the post in comments to Recorded Future News.

“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode eve

A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board.

According to the unnamed netizen, the information includes "basically all source code belonging to The New York Time Company," amounting to roughly 5,000 repositories and 3.6 million files now available for download from peer-to-peer networks. Details on how to get the files were shared by the poster on 4chan.

While The Register has seen what's said to be a list of files in the purported leak, we have not yet verified the legitimacy of the leak, and the newspaper did not respond to inquiries about the case.

Of the code listed - whose filenames indicate everything from the blueprints to Wordle to email marketing campaigns and ad reports - "less than 30" are "encrypted," the 4channer claimed. Again, take this with a healthy dose of salt considering the source — an unnamed 4chan user.

The Register will update this story if and when we receive a response from

The U.S. service Docker Hub, widely used for developing software, has suspended its operations in Russia without giving advance notice to local users, according to media reports.

Russian users lost access to Docker Hub repositories on Thursday and couldn’t access the service even through virtual private networks (VPNs), reported Russian news website Kommersant.

Developers use the cloud-based platform to store, share and manage their container images — digital packages that include everything needed to run an application.

Docker Hub stated in a message displayed to those trying to access the platform from Russia that it is blocking services in Cuba, Iran, North Korea, Sudan, Syria and Russian-annexed Crimea to “adhere to U.S. export control rules.” Russia itself wasn’t included in the message.

At the time of publication, the platform’s operator, Docker Inc., hasn’t responded t

A strain of malware named Chalubo wrecked over 600,000 routers for small offices and homes in the U.S. last year.

In a new report from Lumen Technologies’ Black Lotus Labs, researchers described a “destructive” incident between October 25-27 in which hundreds of thousands of routers made by Sagemcom and ActionTec were rendered permanently inoperable.

Chalubo was first discovered in 2018 by researchers from Sophos, which said it was used to infect devices and add them to powerful botnets that could perform distributed denial of service (DDoS) attacks.

Black Lotus Labs did not name the internet service provider (ISP) that deployed the routers but Reuters said an analysis of news coverage indicated it was likely Arkansas-based Windstream, whi

A bipartisan pair of House lawmakers is pressing for more details about the breach of a water facility in Texas that was carried out by a group with suspected ties to the Russian government.

In an April 23 letter, Reps. Pat Fallon (R-TX) and Ruben Gallego (D-AZ) asked Homeland Security Secretary Alejandro Mayorkas for a briefing on the January incident, which caused a tank at a water facility in Muleshoe, Texas, to overflow.

The Google-owned security firm Mandiant later issued a report that said the group purportedly behind the attack, the Cyber Army of Russia, is linked to a Russian state actor, Sandworm — which has gained global notoriety for its past, and present, digital assaults on Ukraine.

The group has since [claimed credit for a cyberattack](https://therecord.media/russia-hackers-cyb

A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy.

In his trial yesterday, Jareh Sebastian Dalke pleaded guilty to six counts of attempted transmission of top-secret info to a foreign agent as announced by the US Department of Justice.

He had worked at the NSA as an information systems security designer for just under a month from June to July 2022, making quick work of the short period by accumulating top secret documents with national defense information (NDI).

Between August and September that year, shortly after leaving the NSA, Dalke made contact with a person he thought was a Russian agent. To prove his "legitimate access and willingness to share," he then emailed the apparent spy snippets of three top secret, classified documents with NDI. Dalke then said he'd be willing to sell the full documents and more for jus

NATO will establish a new cyber center at its military headquarters in Mons, Belgium, a senior official confirmed to Recorded Future News on Wednesday. The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.

The shift, as officially set out in NATO’s Strategic Concept (2022), states that “cyberspace is contested at all times,” meaning it cannot just be a concern for the military alliance during moments of crisis or conflict. NATO needs to constantly engage with adversaries on computer networks — not just when Article 4 or Article 5 are triggered by allies.

Although allies last year endorsed the creation of a NATO cyber center during the cyber defense conference in Berlin, at that time the exact plan was unclear. Suggestions ranged from an institu