Перейти к содержанию


  • Публикаций

  • Зарегистрирован

  • Посещение


1 Neutral

Информация о MachineGunKelly

  • Звание
    Rank №4
  1. https://uplovd.com/l0F171Wao8/185_txt
  2. Europe 363k zabugor

  3. USA 288K YAHOO

  4. https://uplovd.com/rcS4a5Wfoc/200k_bugor_txt
  5. Ищу прием WU в CA

    Проверь личку
  6. Продам разово Корп Юса валид 95% в Наличии 35к + бонус На гаранта согласен) Отдам сразу весь кусок, по 2-3к разбирать на продажу не буду, извините цена 3$ за 1к или 105$ 35к + бонус 10к валида юсы по типу att comcast и т.д. связь лс
  7. доступ в лк. куки+ип+юа лог:пасс 40$
  8. Vanilla cc

    Ищу людей с картами vanilla либо любые виртуалки. балансы до 20$ ,бывает уже что то били и там есть остаток 2-4-7$ вот нужны такие отработки в большем количестве
  9. нужно написать индивидуально под меня, напиши мне если интересно
  10. FBI, CISA Echo Warnings on ‘Vishing’ Threat

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. “The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate virtual private networks (VPNs) and elimination of in-person verification,” the alert reads. “In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting — with the end goal of monetizing the access.” As noted in Wednesday’s story, the agencies said the phishing sites set up by the attackers tend to include hyphens, the target company’s name, and certain words — such as “support,” “ticket,” and “employee.” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The joint FBI/CISA alert (PDF) says the vishing gang also compiles dossiers on employees at the specific companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research. From the alert: The alert notes that in some cases the unsuspecting employees approved the 2FA or OTP prompt, either accidentally or believing it was the result of the earlier access granted to the help desk impersonator. In other cases, the attackers were able to intercept the one-time codes by targeting the employee with SIM swapping, which involves social engineering people at mobile phone companies into giving them control of the target’s phone number. The agencies said crooks use the vished VPN credentials to mine the victim company databases for their customers’ personal information to leverage in other attacks. “The actors then used the employee access to conduct further research on victims, and/or to fraudulently obtain funds using varying methods dependent on the platform being accessed,” the alert reads. “The monetizing method varied depending on the company but was highly aggressive with a tight timeline between the initial breach and the disruptive cashout scheme.” The advisory includes a number of suggestions that companies can implement to help mitigate the threat from these vishing attacks, including: Restrict VPN connections to managed devices only, using mechanisms like hardware checks or installed certificates, so user input alone is not enough to access the corporate VPN. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Employ domain monitoring to track the creation of, or changes to, corporate, brand-name domains. Actively scan and monitor web applications for unauthorized access, modification, and anomalous activities. Employ the principle of least privilege and implement software restriction policies or other controls; monitor authorized user accesses and usage. Consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to authenticate the phone call before sensitive information can be discussed. Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts. Verify web links do not have misspellings or contain the wrong domain. Bookmark the correct corporate VPN URL and do not visit alternative URLs on the sole basis of an inbound phone call. Be suspicious of unsolicited phone calls, visits, or email messages from unknown individuals claiming to be from a legitimate organization. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information. If possible, try to verify the caller’s identity directly with the company. If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement. Limit the amount of personal information you post on social networking sites. The internet is a public resource; only post information you are comfortable with anyone seeing. Evaluate your settings: sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.
  11. Операторы вымогательского ПО Maze сообщили о взломе систем южнокорейской компании SK hynix, которая является третьим в мире производителем микросхем (после Intel и Samsung Electronics) и входит в пятерку ведущих производителей оперативной памяти. На сайте киберпреступников опубликован ZIP-архив размером 570 МБ, который, по словам Maze, представляет собой лишь 5% от похищенных данных. Предположительно, вымогатели похитили около 11 ТБ данных в результате взлома сети южнокорейской корпорации. Как сообщил источник изданию The Register, архив содержит конфиденциальные соглашения с компанией Apple о поставке флэш-памяти NAND, а также различные персональные и корпоративные файлы. Группировка Maze в первую очередь известна своим одноименным вымогательским ПО. Операторы взламывают корпоративные сети компаний, похищают конфиденциальные файлы и затем шифруют данные, требуя выкуп за расшифровку. Если жертва отказывается платить выкуп и решает восстановить данные из резервных копий, преступники создают запись на своем «web-сайте утечек» и угрожают опубликовать конфиденциальные данные жертвы после второй попытки вымогательства. Затем жертве дается несколько недель, чтобы обдумать свое решение, и в противном случае Maze публикует файлы на своем портале.
  12. https://uplovd.com/laS4m7O4of/192kNumPass_txt