Hackers claim to hack #Resecurity, firm says it was a #honeypot
#resecurity
Hackers claim to hack Resecurity, firm says it was a honeypot
#ScatteredLapsus$Hunters #Resecurity
https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/
Remember the good old days when ShinyHunters proclaimed that they were all one group with Scattered Spider and Lapsus Hunters and would hereafter be known as SLSH or SLH?
Today, they contacted me to tell me they had nothing to do with the attack on Resecurity and that was the work of SLH.
So much for all one group.....
It's been a bit quiet over the last 24 hours, but we've got one interesting story about a high-profile hacking group and a cybersecurity firm playing cat and mouse. Let's dive in:
ShinyHunters vs. Resecurity: Honeypot or Hack? 🎣
- The prominent ShinyHunters hacking group (also known as "Scattered Lapsus$ Hunters") claims to have breached cybersecurity firm Resecurity, alleging the theft of employee data, internal communications, threat intelligence, and client lists.
- Resecurity vehemently denies the breach, asserting that the systems accessed by ShinyHunters were a deliberately deployed honeypot filled with synthetic data, designed to attract and monitor the threat actors.
- The firm detailed how it observed the attackers' tactics, techniques, and infrastructure, collecting telemetry and even identifying attacker IP addresses, which it subsequently shared with law enforcement, leading to a subpoena request.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/shinyhunters-claims-resecurity-hack-firm-says-its-a-honeypot/
#CyberSecurity #ThreatIntelligence #Honeypot #ShinyHunters #Resecurity #InfoSec #CyberAttack #IncidentResponse #ThreatActor
On its Telegram channel, ShinyHunters claims to have compromised @Resecurity, but it looks like they fell for a carefully crafted honeypot.
ShinyHunters claimed they hacked Resecurity and stole internal data. But Resecurity says the hackers only accessed a fake environment set up as a honeypot, with no real data or systems breached.
Full story: https://hackread.com/resecurity-shinyhunters-honeypot-breach/
Just In: ShinyHunters claim to have breached US cybersecurity firm Resecurity, leaking screenshots showing internal systems and employee data.
Read: https://hackread.com/shinyhunters-breach-us-cybersecurity-resecurity-firm/
#Cybersecurity #ShinyHunters #Resecurity #DataBreach #CyberAttack
🕷️ Are you breached? 🕷️ with @RESecurity
Enter your domain at our booth at GISEC and let Resecurity find out how much of your sensitive info is already exposed on the dark web.
Get ready to be shocked by what you discover...
🔒 Cybersecurity starts with Awareness.
📍 Stand B145, Hall 6, Dubai World Trade Centre.
@Resecurity | @emt Distribution META | @emt Distribution META
#DarkWebScan #CyberThreats #GISEC2025 #emtDisti #Resecurity #CybersecurityAwareness
China-based SMS Phishing Triad Pivots to Banks
https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/
#Ne'er-Do-WellNews #CSISSecurityGroup #ALittleSunshine #LatestWarnings #TheComingStorm #googleandroid #SmishingTriad #WebFraud2.0 #FordMerrill #SecAlliance #XinxinGroup #ZachEdwards #Lighthouse #mastercard #Resecurity #SilentPush #Citigroup #iMessage #Darcula #ProDaft #Paypal #Stripe #Z-NFC #Visa
China-based SMS Phishing Triad Pivots to Banks - China-based purveyors of SMS phishing kits are enjoying remarkable success convert... https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/ #csissecuritygroup #neer-do-wellnews #alittlesunshine #latestwarnings #thecomingstorm #googleandroid #smishingtriad #webfraud2.0 #fordmerrill #secalliance #xinxingroup #zachedwards #lighthouse #mastercard #resecurity #silentpush #citigroup #imessage #darcula #prodaft #z-nfc
📬 BlackLock im Visier: Leak-Schwachstelle offenbart Interna der Ransomware-Gruppe
#DarkCommerce #ITSicherheit #BlackLock #Cybercrime #LeakSeite #LFISchwachstelle #Ransomware #Resecurity https://sc.tarnkappe.info/e06d78
Ah, it seems that #Resecurity wished #BlackLock aka #ElDorado a belated Merry Xmas and season's greetings by intruding into their infrastructure.
It's an interesting read.
How Phished Data Turns into Apple & Google Wallets - Carding — the underground business of stealing, selling and swiping stolen payment... https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/ #csissecuritygroup #allaboutskimmers #alittlesunshine #thecomingstorm #andychandler #threatfabric #webfraud2.0 #fordmerrill #secalliance #grantsmith #resecurity #ghosttap #imessage #smishing #google #m3aawg #apple #znfc #rcs
Cyberespionage groups or cybercriminals? UAV and C-UAV vendors and buyers are increasingly targeted.
#Resecurity had an interesting post on the topic.
As an example: about 1 GB of compressed #FortemTechnologies internal files wound up in the hands of an adversary, but Fortem denies there was any breach, claiming (wait for it):
" There was no breach. The files in question were attached to emails that had been shared outside of our network."
Shared intentionally with an adversary or cybercriminal? I tend to doubt that....
How Phished Data Turns into Apple & Google Wallets
https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
#CSISSecurityGroup #AllAboutSkimmers #ALittleSunshine #TheComingStorm #AndyChandler #ThreatFabric #WebFraud2.0 #FordMerrill #SecAlliance #GrantSmith #Resecurity #ghosttap #iMessage #smishing #google #M3AAWG #apple #ZNFC #RCS
📬 V3B-Phishing-Kit: Neues Cybercrime-Tool steht auf Telegram zum Verkauf
#Cyberangriffe #Malware #Cybercrime #PhishingasaService #Resecurity #Telegram #V3BPhishingKit #Vssrtje https://sc.tarnkappe.info/0b4c9b
Resecurity has identified a new version of JSOutProx, a sophisticated attack framework that targets financial institutions in the APAC (Asia-Pacific) and MENA (Middle East and North Africa)regions. This malware, which uses JavaScript and .NET, was first spotted in 2019 and has been linked to phishing campaigns by SOLAR SPIDER. It exploits .NET (de)serialization to interact with a core JavaScript module on the victim's machine, allowing it to load malicious plugins for further attacks.
Before this new campaign, JSOutProx was used in targeted attacks against Indian Cooperative Banks and Finance Companies, with notable incidents in April 2020 involving Indian government establishments and banks. The attackers used malicious archive file attachments containing JavaScript and Java-based backdoors, which were linked to the JSOutProx RAT.
A significant spike in activity was observed around February 8, 2024, when a major system integrator in Saudi Arabia reported an incident targeting customers of one of their banks. The attackers used impersonation tactics, including fake SWIFT payment notifications and Moneygram templates, to trick victims into executing malicious code. Most of the identified payloads were hosted on GitHub repositories, with some being disguised as PDF files.
In March 2024, Resecurity noticed a shift in the attackers' tactics, with the use of GitLab instead of GitHub in a multi-stage infection chain. The attackers registered multiple accounts on GitLab and used them to deploy repositories containing malicious payloads. Once the malicious code was delivered, the actor removed the repository and created a new one, likely to manage multiple payloads and differentiate targets.
The increasing abuse of public cloud and web 3.0 services by threat actors to distribute malicious code is highlighted by the discovery of the new version of JSOutProx and its exploitation of platforms like GitHub and GitLab. This underscores the continuous evolution of cybercriminals' strategies and the relentless efforts of these actors to escalate global malicious campaigns. As these threats become more complex and widespread, Resecurity remains vigilant in tracking JSOutProx and protecting financial institutions and their customers globally from such activities.
#cybersecurity #github #gitlab #JSOutProx #malware #payload #javascript #swift #moneygram #resecurity
Avertismentul unei companii de securitate cibernetică: Lansarea ID-urilor digitale, visul securiștilor Guvernului Mondial dar și al hackerilor https://bit.ly/49ny93J #încălcareaconfidențialității #administrative #atacurialehackerilor #comercialeșicivile #darkweb #Guvernele #IDuridigitale #identificaredigitală #informațiipersonale #jafuldigital #Leaksmas #Resecurity #SecuritateCibernetică #securitateadatelor #tranzacțiijudiciare
#Resecurity identified a zero-day vulnerability in #Schneider #Electric Accutech Manager
https://securityaffairs.com/153684/security/zero-day-schneider-electric-accutech-manager.html
#securityaffairs #hacking
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst