U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). Researchers from cyber threat intelligence firm Cyble reported that a threat actor is offering in a darkweb black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). The company manufactures a variety […]

BEML

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML).

Researchers from cyber threat intelligence firm Cyble reported that a threat actor is offering in a darkweb black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). The company manufactures a variety of heavy equipment (bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers), such as that used for earthmoving, transport and mining.

As part of the regular monitoring of cybercrime forums and markets in the deep-web and darkweb, Cyble researchers spotted a threat actor named as R3dr0x who leaked (BEML) internal documents. According to the researchers, the data breach has occurred in May 2020 and the data was published on May 25.

“As per our research team, the actor R3dr0x (seem to be a Pakistan actor) has targeted the part of the BEML website detailing about their Indigenisation Levels, which seem to be a warning for the extremist government of Indian that they would face in the near future for their actions.” reads the post published by Cyble.

The actor leaked sensitive files from 7 email accounts of BEML employee accounts along with a text file containing seven employee’s internal email addresses and their login passwords.

The leaked data includes multiple BEML’s email conversations, customer’s detailed records, multiple interoffice memos, freight invoices, and others documents. Below some snapshots of the dump:

BEML
BEML

Experts speculate the data leak could be an act of a hacktivist or politically motivated attackers, but they have no technical evidence suggesting the involvement of a nation state actor.

“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated.” concludes Cyble. “At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be the likely the case.”

People who are concerned about their exposure in darkweb can register at the Cyble AmiBreached.com data breach lookup service to ascertain their exposure.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – BEML, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]