Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Darkode forum was supposed to be resuscitated, but …

The experts at the Damballa’s Threat Discovery Center have discovered the revive Darkode forum. On July 2015, an international joint effort of law enforcement allowed the arrest of dozen people active on the popular Darkode crime forum. Darkode was a black market specialized in the sale of exploit kits and hacking tool, its seller also offered spam services and […]

Darkode forum was supposed to be resuscitated, but …

The experts at the Damballa’s Threat Discovery Center have discovered the revive Darkode forum.

On July 2015, an international joint effort of law enforcement allowed the arrest of dozen people active on the popular Darkode crime forum.

Darkode was a black market specialized in the sale of exploit kits and hacking tool, its seller also offered spam services and services for malware customization.

The FBI along with Europol and the Brazil’s Federal Police were monitoring the cybercriminal forum since March, the operation has resulted in 62 arrests in 18 countries worldwide, Colombia, Germany, India and UK.

According to the administrator which uses the online pseudonym Sp3cial1st, following the seizure of Darkode on 14 July he waited for the disclosure of the identities of arrested in order to decide to before deciding to bring the forum back online.

At the end of July, the administrator of the Darkode hacking forum announced the imminent return online of the platform with new security improvements.

Last July, Damballa’s Threat Discovery Center discussed the infamous web forum, Darkode, that was supposed to be resuscitated by sp3cial1st.

Since then, Damballa’s Threat Discovery Center has been monitoring the dark web searching for a new Darkode forum. The experts discovered the revive Darkode Reloaded. Obviously, the Darkode forum was deployed in the dark web for “security” reasons and anonymity, but the forum remains also accessible without the Tor client a circumstance that manifests a poor design.

darkode forum -reloaded-image3

darkode forum reloaded

According to experts at Damballa, the current administrator of Darkode forum, Sven, is a previous member of the forum.

Sven has implemented a Jabber service that runs on the domain darkode.club and is hosted on a dedicated server at 86.105.227[.]13 located in Russia.

Also in this case, the experts noticed serious security issues and a poor design, the Openfire version installed on the server (ver. 3.10.2) is affected by a number of vulnerabilities.

“The server is poorly configured. We know that this server runs a software called Jetty 9.2 Snapshot. This software comes along with Openfire. Openfire is a Jabber server software and the version 3.10.2 is installed. The Jetty software listens on port 7070 by default and this port is wide open on the server. The administration interface for the jabber server is also accessible with the default configuration port 9090.” states a blog post published by Damballa.

The lack of security and poor a configuration shows that Darkode cannot be trusted.

darkode forum reloaded-image6
Experts at Damballa have criticized the new Darkode forum defining it “a bad Darkode imitation with rigorous rules.
The experts noticed the absence of discussions and threads about banking trojans or other high profile malware.

The Darkode reloaded is far from the previous one.

Pierluigi Paganini

(Security Affairs – cybercrime, Darkode forum)