0-Day Exploits for Outlook and Windows, AnyDesk Access Sale, LeadSquared and WeRize Database Leaks
Explore the latest cyber threats with SOCRadar Dark Web Team’s findings. Concerning posts on hacker forums reveal the sale of two new alleged 0-day exploits, targeting Microsoft Outlook and Windows. Furthermore, our team identified major leaks of customer databases, comprising 1.3 terabytes of highly sensitive data.
In addition, we detected unauthorized network access for a prominent Argentinian telecom giant and unauthorized AnyDesk access for a Dutch energy company.
Receive a Free Dark Web Report for Your Organization:
0-day Exploit of Microsoft Outlook is on Sale
The SOCRadar Dark Web Team has uncovered a concerning post on a hacker forum where a threat actor is advertising a new alleged 0-day exploit for Microsoft Outlook. The post claims that this Remote Code Execution (RCE) exploit is effective against all versions of Outlook and has been validated to work. The price for this exploit is $300,000.
Customer Databases of LeadSquared and WeRize are Leaked
The SOCRadar Dark Web Team has detected a message on a hacker forum where a threat actor claims to have leaked significant customer databases from LeadSquared and WeRize. LeadSquared is a provider of CRM and marketing automation software, while WeRize is a fintech company. The leaked data allegedly includes 1.3 terabytes of sensitive information such as names, contact details, addresses, KYC details, and loan information including guarantor and payment details.
The allegation is not new; the threat actor has published it on different dates. On March 15 and 24, the threat actor republished the post, presumably to enhance the visibility of the alleged leak.
0-day Exploit of Microsoft Windows is on Sale
The SOCRadar Dark Web Team has detected a post on a hacker forum where a threat actor is advertising the sale of a new alleged 0-day exploit that targets Microsoft Windows operating systems, including Windows 10, Windows 11, and all versions of Windows Server. According to the threat actor, the exploit for sale is a Local Privilege Escalation (LPE) vulnerability, which purportedly comes with the full source code and is currently operational. The threat actor has set the price for this exploit at $5,000.
Unauthorized Network Access Sale is Detected for an Argentinian Telecommunication Company
The SOCRadar Dark Web Team has detected a post on a hacker forum indicating the sale of unauthorized network access that allegedly belongs to a telecommunications company operating in Argentina. According to this post, unauthorized network access to the systems of “Telecom Argentina” is being offered for sale. The threat actor highlights the extensive capabilities provided by this access, emphasizing the potential for making queries using an individual’s ID to view their subscribed services.
This access apparently allows unauthorized users to see detailed information about a customer’s connections, including both public and private IP addresses of routers, and similar data for other devices such as TVs.
Unauthorized Anydesk Access Sale is Detected for a Netherlands Energy Company
The SOCRadar Dark Web Team has detected a post on a hacker forum advertising unauthorized AnyDesk access, allegedly belonging to an energy company based in the Netherlands. AnyDesk is a remote desktop software that allows users to access and control computers remotely over the internet. It is known for its fast performance and supports various platforms including Windows, macOS, Linux, Android, and iOS. The sale includes access to six domain controllers, with prices starting at $1,500 and increasing by $500 per bid. The access breach, allegedly shielded by Webroot security measures, represents a severe risk to critical infrastructure management within the energy sector.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
