fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Notorious Maza Cybercrime Forum Attacked By Other Hackers

Notorious Maza Cybercrime Forum Attacked By Other Hackers

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.

Maza, aka Mazafuka, is one of the oldest cybercrime forums where the rest of the community must vote on aspiring members before they are granted access.

“Maza is considered to be one of the oldest and elite crime communities with one of the highest barriers of entry for hackers since the days of DirectConnection forum (home of the Dridex operators),” cybersecurity intelligence firm Advanced Intel’s Vitali Kremez told BleepingComputer.

Last night, BleepingComputer was contacted by a newly registered Twitter user who stated that the Maza forum was hacked and member data was leaked.

“Maza forum hacked and credentials leaked! Verified, Dread, club2crd and now maza, are the darkweb forums safe anymore?,” the Twitter user stated along with the following screenshot of the leak.

Tor site announcing Maza hack and data leak

Also Read: The Importance Of Knowing Personal Data Protection Regulations

The leaked data consists of approximately 2,982 user records and contains members’ user IDs, user names, email addresses, redacted passwords, certificate file names, certificate passwords, and members’ contact information on icq, aim, yahoo, msn, and skype.

Leaked Maza account info
Redacted by BleepingComputer

Unlike most forums, Maza requires its members to generate a certificate and a corresponding password used along with a username and password to log into the forum. This additional security creates a more secure authentication where only those who have the proper certificate can log in.

Maza members’ certificate passwords were also exposed in this leak but not the certificates themselves.

While not all fields contained contact info, some of the accounts listed ICQ accounts, which are commonly used to communicate with other threat actors, making this valuable information for law enforcement.

Russian-speaking hacker forums under attack

Maza is not the only Russian-speaking hacker forum targeted in recent attacks.

The person who shared the Maza leak with BleepingComputer last night also shared screenshots of posts made to Verified, Dread, and Club2Crd about recent attacks on their forums.

According to FlashPoint, the ‘Verified’ cybercrime community was forcefully taken over on February 15th by unknown operators who claimed to exploit a vulnerability to take control of the site.

The screenshot shared with BleepingComputer is for a post where the new operator explains how they took over the forums and their plans for the site.

Post explaining takeover of Verified forum

A day later, ‘mak,’ a staff member of the ‘Club2Crd’ carding and cybercrime forum, announced that his Club2Crd account had been hacked to perform scams on the site and steal money from other members.

“Additionally, one of the oldest super-moderators of the mid-tier forum Club2Crd “mak” experienced a complete account takeover resulting in the appearance of the multiple new scam services and decreasing trust in cybercrime communities,” Kremez explained to BleepingComputer.

Finally, the Reddit-like ‘Dread’ dark web site experienced attacks in February around the same time that has led them to institute new protective measures to prevent future cyberattacks.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

Post to the Dread forum

It is unknown if the person who contacted BleepingComputer is the one who attacked these forums or is simply a member of all of them.

However, these attacks illustrate that no one is safe from cyberattacks, including the hackers themselves.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us