U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Law enforcement seized the carding marketplace BidenCash

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. “The U.S. Attorney’s Office for the Eastern District of Virginia announced today the […]

BidenCash

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation.

The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace.

“The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximately 145 darknet and traditional internet domains, and cryptocurrency funds associated with the BidenCash marketplace.” reads the press release. “BidenCash commenced operations in March 2022. BidenCash administrators charged a fee for every transaction conducted on the website.”

‘BidenCash’ was launched in March 2022 and was initially considered a low-profile credit card shop. The ability of its operators to periodically release fresh dumps and promotional lots for free rapidly increased its popularity.

Underground carding marketplaces are crucial components of the cybercrime ecosystem, they facilitate the sale and purchase of payment card data. One of the most popular carding sites was Joker Stash, its operators retired in February 2021 and shut down their servers and destroyed the backups.

The BidenCash cybercrime marketplace, with over 117,000 users, trafficked over 15M payment cards and generated $17M in revenue. Administrators also gave away 3.3M stolen cards [1, 2] to promote their services.

Between October 2022 and February 2023, the BidenCash marketplace published 3.3 million individual stolen credit cards for free to promote the use of their services.” continues the press relaase. “The stolen data included credit card numbers, expiration dates, Card Verification Value (CVV) numbers, account holder names, addresses, email addresses, and phone numbers.”

The data included full card details and personal information. Authorities have now shut down 145 related domains, redirecting them to law enforcement servers to block future criminal activity.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)