Jump to content
OpenSecurity.global
Sign in to follow this  

About This Club

A group for specialists to discuss ideas for intelligence collections, analysis, and monitoring, on behalf of private entities. Together we hit harder, after all. This game isn't easy alone.

  1. What's new in this club
  2. Hi everyone. I believe that there is value in documenting which data breach leak forums are currently alive. Data breach leak forums and communities: RaidForums.com BreachForums.com Cracked.to Please post with recommended additions, and we can grow the list!
  3. Breach Advisory: XKCD Forums XKCD forums were breached in July 2019. Only 1.5 months later, the credentials are already freely available on RaidForums. The take-away from this is that data breaches are happening more than ever before, and in many cases, are quickly becoming available in a thriving data market; often, data quickly becomes publicly accessible (freely). HIBP Advisory: https://haveibeenpwned.com/PwnedWebsites#XKCD "In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies." Breach date: 1 July 2019 Date added to HIBP: 1 September 2019 Compromised accounts: 561,991 Compromised data: Email addresses, IP addresses, Passwords, Usernames RaidForums Discussion: https://raidforums.com/Thread-XKCD-Forums Line count: 506,041 Site name: Forums.XKCD.com Format: Email : PHPBB/Bcrypt passwords Cracked lines: https://hashes.org/leaks.php?id=2588 Notes: Slightly less lines than the one that is being traded/sold by various other parties, so if you want the most up to date July dump then by all means inquire with them.
  4. A big thank you to Redorhcs who saw this thread and made contributions for Norway, Netherlands, Ireland, Romania, Spain, Sweden, Czech Republic, Indonesia, Germany, Italy, Japan, Australia, Belgium and France! Very much appreciated. Also, get in contact with me if you'd like a forum invite, Redorhcs! There are a lot of CERT/CIRT/CSIRT sources on this page: https://www.sei.cmu.edu/education-outreach/computer-security-incident-response-teams/national-csirts/ If someone has some time before I do, and wants to contribute, it would be useful to start identifing alerts & advisory pages from the mention sources in CMU's dataset. Cheers.
  5. Hi everyone! In the past year or so, National CERT teams have been ramping up their involvement in the cybersecurity industry. I have found their "Alerts & Advisories" pages to be very useful, and I'd like to compile a list of them. Please add to this list where you deem it necessary. I will track changes on this Github page: https://github.com/crypto-cypher/CERT-Alerts/blob/master/README.md Once a larger list is built, I'll compile the RSS sources and make a public RSS feed! - Canada - Alerts & advisories: https://cyber.gc.ca/en/alerts-advisories - Hong Kong - GovCERT alerts: https://www1.crisp.govcert.gov.hk/portal/govcert/en/alerts.xhtml - GovCERT advisories: https://www.govcert.gov.hk/en/advisories.html - GovCERT weekly bulletins: https://www.govcert.gov.hk/en/secbulletins.html - Jamaica - Ja-CERT advisories: https://www.cirt.gov.jm/cirt-advisories - Ja-CERT alerts: https://www.cirt.gov.jm/cirt-alert - Ja-CERT global alerts & advisories: https://www.cirt.gov.jm/global-alerts-and-advisories - New Zealand - CERT NZ advisories: https://www.cert.govt.nz/it-specialists/advisories/ - Singapore - SingCERT advisories & alerts: https://www.csa.gov.sg/singcert/news/advisories-alerts - United Kingdom - NCSC news: https://www.ncsc.gov.uk/section/keep-up-to-date/ncsc-news - Reports & advisories: https://www.ncsc.gov.uk/section/keep-up-to-date/reports-advisories - Weekly threat reports: https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports - NCSC blogs: https://www.ncsc.gov.uk/section/keep-up-to-date/all-blogs - United States - US-CERT alerts: https://www.us-cert.gov/ncas/alerts/2019 - US-CERT bulletins: https://www.us-cert.gov/ncas/current-activity - US-CERT current activities: https://www.us-cert.gov/ncas/current-activity - US-CERT analysis reports: https://www.us-cert.gov/ncas/analysis-reports - NJCCIC alerts & advisories: https://www.cyber.nj.gov/alerts-and-advisories Resources aside, has anyone else found these alerts and advisories very useful? If so, in what contexts did they help you and/or your organization?
  6.  

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy