Bezbedan Balkan

Welcome, Guest

You have to register before you can post on our site.

Search Forums

Forum Statistics

» Members: 141
» Latest member: Baya_Vanta
» Forum threads: 1,444
» Forum posts: 4,002

Full Statistics

Latest Threads

Kompromitovani nalozi zap...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 11:39 AM
» Replies: 2
» Views: 56

Na prodaju su pristupi sm...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 11:22 AM
» Replies: 0
» Views: 34

Na prodaju je SSH pristup...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 11:16 AM
» Replies: 0
» Views: 16

Na prodaju pristupi e-mai...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 11:11 AM
» Replies: 1
» Views: 1,395

Kompromitovani nalozi zap...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 11:03 AM
» Replies: 3
» Views: 183

Kompromitovani nalozi zap...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 10:35 AM
» Replies: 2
» Views: 25

Kompromitovan nalog zapos...
Forum: Kompromitovani resursi
Last Post: VincaSec
Yesterday, 10:05 AM
» Replies: 1
» Views: 20

patika, fashion, itd scam...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-18-2024, 02:32 PM
» Replies: 90
» Views: 23,728

Slučajnost ili nešto više...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-18-2024, 02:11 PM
» Replies: 72
» Views: 11,245

Multi-scam: Pošta, Unicre...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-18-2024, 01:09 PM
» Replies: 2
» Views: 195

Aktivnosti u Decentrale u DC Krovu za Novembar 2023

Posted by: 1van - 11-17-2023, 08:05 AM - Forum: Seminari, predavanja, radionice, konferencije - No Replies

	Izvor: https://forum.dmz.rs/t/plan-za-novembar-2023/321/17

Hacker Leaks 35 Million Scraped LinkedIn User Records

Posted by: VincaSec - 11-14-2023, 10:40 PM - Forum: Vesti, zanimljivosti i razno - No Replies

Quote:The scraped LinkedIn database was leaked in two parts: one part contained 5 million user records, while the second part contained 35 million records.

https://www.hackread.com/hacker-leaks-sc...r-records/

Poziv za program Zaštita privatnosti u medijima - pravni i etički standardi

Posted by: 1van - 11-14-2023, 02:56 PM - Forum: Inicijative - No Replies

Quote:Povrede privatnosti u medijima postale su deo naše svakodnevnice. Žrtve su neretko najosetljiviji među nama - deca, žrtva nasilja u porodici, socijalno ugroženi..., a institucije do sada ne da nisu imale odgovor na ovaj problem, već su često i same doprinosile povredama.

Nakon višegodišnjeg praćenja stanja u medijima, i zagovaranja za jačanje principa odgovornosti u oblasti zaštite podataka, Partneri Srbija, Balkan Investigative Reporting Network (BIRN) i SHARE Fondacija udružili su snage i već godinu dana rade na projektu Cena privatnosti.

U okviru projekta organizujemo program obuke za medije, predstavnike lokalnih samouprava, policije, centara za socijalni rad i civilnog sektora o pravnim i etičkim standardima zaštite privatnosti u medijima.

Poziv je otvoren do 30. novembra, a svi detalji dostupni su na linku: https://birnsrbija.rs/poziv-za-program-z...standardi/

Data of 800K Chess.com players scraped and released

Posted by: VincaSec - 11-14-2023, 01:05 AM - Forum: Vesti, zanimljivosti i razno - No Replies

Quote:The most popular platform for chess players, Chess.com, has had some of its user data leaked in a fresh scraping attempt.

https://www.hackread.com/hacker-leaks-sc...r-records/

Objavljeni privatni podaci građana Srbije javno (locatefamily.com)

Posted by: VincaSec - 11-14-2023, 12:11 AM - Forum: Privatnost - Replies (2)

	Ovaj jeziv sajt iz nekog razloga objavljuje javno privatne podatke ljudi. Ime, prezime, broj telefona, kućna adresa Attached Files Thumbnail(s)

Kompromitovani subdomeni mef.edu.rs

Posted by: VincaSec - 11-13-2023, 11:41 PM - Forum: Kompromitovani resursi - Replies (1)

Lista subdomena koji su bili ili i dalje pod defacement

https://www.zone-h.org/mirror/id/40649829

Code:
mmc.mef.edu.rs

rusija-media.mef.edu.rs

ispit.mef.edu.rs

beta.mef.edu.rs

in.mef.edu.rs

marketing.mef.edu.rs

kvm.mef.edu.rs

jpmnt.mef.edu.rs

nastava2.mef.edu.rs

nastava.mef.edu.rs

moodle.mef.edu.rs

mef.it.edu.rs

mef-inventar.elektronskoposlovanje.rs

testdevelop.mef.edu.rs

studentapi.mef.edu.rs

student.mef.edu.rs

robotika.mef.edu.rs

nir.mef.edu.rs

is.mef.edu.rs

akreditacija-sp.mef.edu.rs

akreditacija.mef.edu.rs

assets.mef.edu.rs

betaru.mef.edu.rs

djole.it.edu.rs

Attached Files Thumbnail(s)

Kompromitovan ilovetravels.net

Posted by: VincaSec - 11-13-2023, 04:41 PM - Forum: Kompromitovani resursi - Replies (2)

	Procureli podaci sajta ilovetravels.net (nickname ,first_name ,last_name , description) Attached Files Thumbnail(s)

Kompromitovan jedan ipc.rs mejl nalog i korišćen za malware spam

Posted by: milos_rs - 11-13-2023, 12:24 PM - Forum: Phishing / Scam / Spam kampanje - No Replies

mejl:

Headeri:

Code:

Received: from DB8PR03CA0001.eurprd03.prod.outlook.com (2603:10a6:10:be::14)

 by DB8P189MB0828.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:12b::24) with

 Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.29; Tue, 7 Nov

 2023 10:08:48 +0000

Received: from DB5PEPF00014B9A.eurprd02.prod.outlook.com

 (2603:10a6:10:be:cafe::7) by DB8PR03CA0001.outlook.office365.com

 (2603:10a6:10:be::14) with Microsoft SMTP Server (version=TLS1_2,

 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.28 via Frontend

 Transport; Tue, 7 Nov 2023 10:08:48 +0000

Authentication-Results: spf=none (sender IP is 94.127.6.167)

 smtp.mailfrom=sbarlbaink.com; dkim=pass (signature was verified)

 header.d=ipc.rs;dmarc=pass action=none header.from=ipc.rs;compauth=pass

 reason=100

Received-SPF: None (protection.outlook.com: sbarlbaink.com does not designate

 permitted sender hosts)

Received: from cpanel.ipc.rs (94.127.6.167) by

 DB5PEPF00014B9A.mail.protection.outlook.com (10.167.8.167) with Microsoft

 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

 15.20.6977.16 via Frontend Transport; Tue, 7 Nov 2023 10:08:47 +0000

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ipc.rs;

    s=default; h=Content-Type:Message-ID:Subject:To:From:Date:MIME-Version:Sender

    :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:

    Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

    In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

    List-Post:List-Owner:List-Archive;

    bh=cZYkLnjNKNjW2c5YJgNtFJml+ZsE54de7jAf44FwRYE=; b=OTlP2ucYm/N8RB5/3y4xWZivWw

    Lddyq029fy8rkIi1Wt1NDGQb/JWvLMtymoLsIWhgPQXlNi9ryXFkP2q5/aO1M0Pbl1sqrY8lc3zVL

    vt+ji3FrYGrvZh7OT2ibADoUv1WcHq9lglyW1Sme+wzPUGTpmtxBZT2sbuhFAJHzxPg9Tv8DABuP+

    CtJxjr4JLBUmoAFjhKxnsU05IA42JcrdQaRwWjosX0GeZ2f3O2GnYGg7WB1TcVllswBygo3/YhKDX

    7LR6NIUVUuClWB2hCmQSywDRRzaQyc1t56caZFLsubgjO1i4pRKf+mx/qpwRf3pwxWz8Bk3g/ezK5

    v460icpA==;

Received: from [127.0.0.1] (port=35078 helo=cpanel.ipc.rs)

    by cpanel.ipc.rs with esmtpa (Exim 4.93)

    (envelope-from <[email protected]>)

    id 1r0Ivl-00025E-47; Tue, 07 Nov 2023 11:03:33 +0100

MIME-Version: 1.0

Date: Tue, 07 Nov 2023 11:03:32 +0100

From: Sberbank <[email protected]>

To: undisclosed-recipients:;

Subject: =?UTF-8?Q?Mese=C4=8Dni_izvod_za_kreditnu_karticu?=

Message-ID: <[email protected]>

X-Sender: [email protected]

User-Agent: Roundcube Webmail/1.3.15

Content-Type: multipart/mixed;

 boundary="=_a74b6febc5bfd849d1f46873c077ec56"

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - cpanel.ipc.rs

X-AntiAbuse: Original Domain - XXXXXXX

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - sbarlbaink.com

X-Get-Message-Sender-Via: cpanel.ipc.rs: authenticated_id: [email protected]

X-Authenticated-Sender: cpanel.ipc.rs: [email protected]

X-Source:

X-Source-Args:

X-Source-Dir:

X-From-Rewrite: rewritten was: [[email protected]], actual sender does not match

Return-Path: [email protected]

Za attachment virustotal se upalio ko božićna jelka: https://www.virustotal.com/gui/file/9924...a00777ef06

EMERGE 2023

Posted by: 1van - 11-13-2023, 11:29 AM - Forum: Seminari, predavanja, radionice, konferencije - No Replies

Quote:EMERGE 2023 Forum: Usklađivanje opšte veštačke inteligencije za budućnost čovečanstva

Ponedeljak, 20. novembar u Dorćol Placu, Dobračina 59, Beograd, Srbija.

Jednodnevni forum, koje organizuju Institut za filozofiju i društvenu teoriju Univerziteta u Beogradu i Institut za veštačku inteligenciju Srbije okupiće istaknute pionire VI i mislioce iz celog sveta, sa ciljem razgovora o društvenim implikacijama novih tehnologija veštačke inteligencije.

Detalji: https://emerge.ifdt.bg.ac.rs/

Multi-phishing od strane istog aktera: Raiffeisen, Pošta, SBB

Posted by: milos_rs - 11-11-2023, 08:34 PM - Forum: Phishing / Scam / Spam kampanje - Replies (7)

Ovaj deo za Raiffesisen je sa twittera https://twitter.com/nklmilojevic/status/...5207175309

Ostale kampanje u daljim komentarima

Pretpostavljam da hoće da se dodaju kao dodatni uređaj na online banking, posle čega će da pokradu pare.

Ovo je verovatno povezano sa ovim drugim skorašnjim Raiffeisen phishingom https://bezbedanbalkan.net/thread-371.html a verovatno je i potpuno ista ekipa jer lažni sajt ima istu staru vest na stranici sa starim datumom 30.04.2021

Mejl takođe podseća malo na ovaj phish iz kraja 2022 https://bezbedanbalkan.net/thread-333.html ali ne mora da znači, očigledno je u oba slučaja korišćen neki automatski prevodilac.

mejl koji je stigao, Return-Path: <www-data @ eunethosting.trabajardesdecasamontandocosas .net>

Nema razloga da postoji ovaj poddomen na ovom sajtu ali postoji. Možda je kompromitovan pristup hosting panelu za trabajardesdecasamontandocosas .net i onda dodat poddomen.

Code:
eunethosting.trabajardesdecasamontandocosas.net has address 85.215.35.76 

eunethosting.trabajardesdecasamontandocosas.net mail is handled by 10 eunethosting.trabajardesdecasamontandocosas.net.

link u mejlu je na IPFS-u: bafybeidrhpzwsuzbqwjb5cgpo4k4g35yanxdwnha2r4khd6ke34hse77sy.ipfs.dweb .link

redirektuje ali nije klasičan redirekt nego u sorsu ima:

Code:
<script type="text/javascript">

<!--

document.write(unescape('%3Cobject%20data%3D%22https%3A%2F%2Fmyhosting.sbb.domen.marktshopping.com%2Frs%2F%22%3E%3C%2Fobject%3E'));

//-->

</script>

uz razne pokušaje prevencije analize:

dakle ide na myhosting.sbb.domen.marktshopping .com/rs/

Code:
myhosting.sbb.domen.marktshopping.com has address 34.102.1.2

dalje otvara kao myhosting.sbb.domen.marktshopping .com/rs/auth/login.php

izuzetno dobro kopiran sajt Raiffeisen online bankinga otvara samo sa mobilnih UA:

Posle unosa "podataka":

zanimljivo mi je da kada unesem SMS code on pošalje ovakav POST na myhosting.sbb.domen.marktshopping .com/rs/auth/action.php :

Code:

ss=9999&ClientLastname=adrian&ClientName=cadem+&[email protected]&SmsSessionID=&step=sms&captcha=

odakle ovo i zašto ne znam, možda neki ostatak od nekog drugog phisha što će možda pomoći da se ovaj phish poveže sa drugima od iste ekipe. Više puta sam probao i svaki put je dodao ove parametre kao post, uz SMS code koji je ovde ss=

SSL sertifikat na sajtu ima dodatni alt name za pay.posta-serbije.marktshopping.com koji na /rs/ otvara isti ovaj Raiffeisen sajt, možda je za poštu neki drugi folder

marktshopping.com je naizgled legitiman sajt iz Saudijske Arabije što može značiti da su im kompromitovali hosting panel i dodali sebi DNS za ove poddomene kao što sumnjam i da se desilo na poddomenu sa kog je poslat mejl.

Pages (144): « Previous 1 … 49 50 51 52 53 … 144 Next »

Login
Username/Email:
Password:	Lost Password?
	Remember me