Deep Web Konek

🚨 UPDATE: ONLINE CASINO DOMAINS PART 2

Date Published: July 30, 2024

From January to June 2024, Deep Web Konek has identified 1219 additional Online Casino domains registered in the Philippines. Here’s a summary of the findings:

🔍 Total Suspicious Domains: 1219

Notable Patterns:

– Unregulated Activities: Domains involved in these scams operate without proper authorization or oversight, increasing the risk of financial loss.

– Out of the total suspicious domains, all of them contain the term "bet." These domains are primarily associated with online casino and gambling activities. Many of these sites operate without proper licensing, posing significant risks to users.

For a comprehensive list and detailed analysis, visit the Official Philippine Cyber Threat Pulse on OTX.

Full List: https://t.me/threatpulsephilippines/35

We will be making available the GitHub Repository within week as well on all reports so far we posted for easier to be used by others as suggested.

🚨 BREAKING NEWS: Philippine Air Force Data Breach Expose Reservist Information

Date Published: July 29, 2024

The Deathnote Hackers have gained unauthorized access to the Reservist Data Management Information System (RDMIS), exposing the personal details of 16,961 5th Air Force Wing Reservists.

This includes full names, fingerprints, phone numbers, and addresses. The group also revealed that the PAF has been using the same password for an extended period, making the system highly vulnerable.

They have issued a 24-hour ultimatum for the PAF to implement stronger security measures.

Photo courtesy: DeathNote Hackers International

🚨BREAKING NEWS: The Department of Energy's (DOE) Government Energy Management Program (GEMP) website was defaced by a group called "DeathNote Hackers."

The group left a message and warned the DOE that their security is weak and that they easily broke in, exposing major flaws. The threat actors stressed the risks if more powerful groups attacked.

They urged the DOE to improve their security immediately, suggesting better encryption, regular security checks, and updated software.

There was no data compromised reported on this cyber attack.

Media statement – Data breach incident affecting Vivamax user data

We at Vivamax, Inc., the owner and operator of the internet streaming service Vivamax, would like to inform the public that yesterday, July 26, 2024, were alerted to a possible data breach involving user information contained in our servers.

We would like to assure the public that we are taking this matter very seriously, and that we are exhausting all means to investigate and verify the breach and its possible scope. We have implemented appropriate protocols to secure our system and further protect data against unauthorized access while we conduct our investigation, and we will coordinate with the authorities and provide more information to our customers at the earliest opportunity.

We wish to thank our customers for their continued support and patronage of our service Vivamax.

🚨 UPDATE: Surge in Jili Casino Domains

Date Published: July 26, 2024

From January to June 2024, Deep Web Konek has identified 1462 Jili Casino domains registered both in the Philippines and China. Here’s a summary of the findings:

🔍 Total Suspicious Domains: 1462

Notable Patterns:

– Unregulated Activities: Domains involved in these scams operate without proper authorization or oversight, increasing the risk of financial loss.

– JILI-Linked Sites: Out of the total suspicious domains, all of them contain the term "jili." These domains are primarily associated with online casino and gambling activities, leveraging JILI Games' software. Many of these sites operate without proper licensing, posing significant risks to users.

For a comprehensive list and detailed analysis, visit the Official Philippine Cyber Threat Pulse on OTX.

Full List: https://t.me/threatpulsephilippines/29

Stay vigilant and enhance your security measures.

: Over 16,000 Patient Records Exposed in the Data Breach Affecting the Manila Health Department

Date Published: July 26, 2024

The Manila Health Department is the latest victim to data breach as its database has been compromised, exposing sensitive information of over 16,000 patients and 800 employees. The leaked data includes names, contact details, medical histories, employee IDs, and more.

Affected individuals should monitor their accounts, update passwords, and enable multi-factor authentication.

Stay vigilant and protect your personal information.

Read more: https://kukublanph.data.blog/2024/07/26/over-16-000-patient-data-exposed-on-a-data-breach-that-hits-the-manila-health-department/

:Over 6.8M Subscribers Data of Vivamax Philippines Compromised in a Data Breach

Date Published: July 26, 2024

A massive data breach exposes the personal information of over 6.8 million Vivamax Philippines subscribers that have been for sale on a dark web forum.

The leaked data includes names, emails, phone numbers, and detailed subscription information. The leaked data also includes detailed subscription information, such as subscription type, status, subscription ID, and many more.

Affected users should monitor their accounts, change passwords, and enable multi-factor authentication.

Stay vigilant and protect your personal information.

Read more: https://kukublanph.data.blog/2024/07/26/over-6-8m-subscribers-data-of-vivamax-philippines-compromised-in-a-data-breach

: Data Breach Hits Entrelabel, Exposes 28,000 Customers' Info

Date Published: July 25, 2024

A major data breach at Entrelabel.com exposes 28,000 customers' personal info. Leaked data includes names, addresses, emails, and purchase details.

Affected customers should monitor accounts, change passwords, watch for phishing, and report suspicious activity.

Stay updated with official sources for more info.

Read more: https: //kukublanph.data.blog/2024/07/25/data-breach-at-entrelabel-exposes-customer-information/

🚨 UPDATE: SUSPICIOUS DOMAINS MASQUERADING AS GCASH

Date Published: July 24, 2024

From January to June 2024, Deep Web Konek has identified 79 suspicious domains masquerading as GCash. Here’s a summary of the findings:

🔍 Total Suspicious Domains: 79

Notable Patterns:

– Phishing Sites: Several domains mimic GCash’s donation functionalities to harvest personal and financial information from users.

– Unregulated Activities: Domains involved in these scams operate without proper authorization or oversight, increasing the risk of financial loss.

Tips and Warnings During Crises Like Typhoons:

1. Donation Scams: Many domains claim to facilitate donations for typhoon victims but are fraudulent, using urgent or emotional appeals to lure donations, which are then misappropriated.

2. Impersonation of Charities: Some domains impersonate well-known charities or relief organizations, attempting to collect funds under false pretenses.

3. Verify Official Channels: Always use the official GCash app or website for transactions and donations. Verify the legitimacy of donation drives by checking with reputable organizations directly.

4. Report Suspicious Activity: Report any suspicious domains or fraudulent donation requests to GCash and relevant authorities immediately.

For a comprehensive list and detailed analysis, visit the Official Philippine Cyber Threat Pulse on OTX.

Full List:

https://t.me/threatpulsephilippines/24

Stay vigilant and enhance your security measures.

: The KONEK Method for Personal Cybersecurity Hygiene

In today's digital age, maintaining strong personal cybersecurity hygiene is essential. The KONEK Method provides a comprehensive approach to safeguarding your online presence. This method focuses on five key areas: Knowledge, Observation, Navigation, Essentials, and Keeping Updated.

1. Knowledge

Understanding the landscape of cyber threats is the first step in protecting yourself. Learn about common threats such as phishing, malware, ransomware, and social engineering. Stay informed by following reliable sources for the latest cybersecurity news and trends. It's crucial to grasp the basics of cybersecurity, including the importance of strong passwords and secure browsing habits. Additionally, being able to recognize and avoid phishing attempts and other scams can save you from potential harm.

2. Observation

Regular vigilance is key to detecting and preventing cyber threats. Monitor your accounts and devices for unusual activity. Be cautious with emails and text messages from unknown senders—avoid clicking on links or downloading attachments. Regularly check your bank and credit card statements for unauthorized transactions. Review app permissions to ensure they only access necessary data, and avoid using public Wi-Fi for sensitive transactions without additional protection.

3. Navigation

Safe browsing habits are essential. Use secure web browsers and ensure the websites you visit are trustworthy and legitimate. Blocking ads can reduce the risk of encountering malicious content. For activities requiring higher privacy, use private or incognito mode to prevent storing cookies and browsing history.

4. Essentials

Strong, unique passwords for each of your online accounts are a must. Consider using a password manager to keep track of them. Enable two-factor authentication (2FA) wherever possible for an additional layer of security. Protect your devices with strong passwords and biometric authentication methods, such as fingerprint or facial recognition. Regularly back up important data to an external drive or cloud storage to prevent data loss.

5. Keep Updated

Regular updates are crucial for security. Keep your operating system, software, and applications up-to-date to fix security vulnerabilities. Ensure your antivirus and antimalware software is running and updated. Don't forget to update the firmware of your router and other smart devices to prevent unauthorized access. Apply security patches as soon as they become available.

The KONEK Method is KONEK METHOD; with or without extensive research to validate it, the anecdotal evidence from those who have effectively implemented it is sufficient to demonstrate its value and importance. 😁🫡

🚨 Massive Data Breach at La Salle University, Ozamiz

Date Published: July 24, 2024

On July 18, 2024, La Salle University in Ozamiz, Philippines, was hit by a significant data breach. Over 92,000 rows of student and staff information were leaked by the cybercriminal group BitBanish. The compromised data includes personal details like student IDs, pictures, names, courses, contact numbers, and email addresses. Other affected databases include those for contact tracing, appointments, and learning modes.

Those impacted are advised to monitor their accounts, change passwords, and be cautious of suspicious messages.

The university has not yet released an official statement.

Stay vigilant and protect your personal information!

Read more: https://kukublanph.data.blog/2024/07/24/massive-data-breach-hits-la-salle-university-in-ozamiz-philippines/

: A 16-Year-Old Taken into Custody for Hacking Government and School Websites

Date Published: July 23, 2024

The Philippine National Police's Anti-Cybercrime Group (PNP-ACG) has taken a 16-year-old boy from General Santos City into custody, allegedly for hacking several government and educational websites.

In an article published by Manila Bulletin, it was reported that this action followed a search warrant executed on July 18, which revealed the teenager’s involvement in compromising sensitive data.

Brig. Gen. Ronnie Cariaga, head of PNP-ACG, explained that the search was prompted by a report from April 18, 2024. This report indicated that the teen had posted the login credentials of two police officers on his page, endangering their personal and professional information.

Read more:
https://kukublanph.data.blog/2024/07/23/a-16-year-old-taken-into-custody-for-hacking-government-and-school-websites/

🚨 UPDATE: DOMAINS RELATED TO ONLINE CASINOS

Date Published: July 22, 2024

From January to June 2024, Deep Web Konek has identified over 1200 suspicious domains related to online casinos. Here’s a summary of the findings:

🔍 Total Suspicious Domains: 1257

Notable Patterns:

– Keywords: Many of the identified domains include terms such as “lucky,” “play,” “casino,” and “slot.” These words are commonly used to attract unsuspecting users and give a false sense of legitimacy.

– Phishing Sites: Numerous domains are designed to mimic popular casino platforms, aiming to harvest personal and financial information.

– Fraudulent Platforms: Some domains promote fake gambling opportunities with promises of unrealistic winnings, often leading to financial losses for users.

– Unregulated Gambling Operations: Several domains offer online casino services without proper licensing or regulation, posing legal and financial risks.

– Registration: These domains are registered in the Philippines, as verified through WHOIS checks, indicating potential local operations or targets.

For a comprehensive list and detailed analysis, visit the Official Philippine Cyber Threat Pulse on OTX.

Full List:

https://t.me/threatpulsephilippines/16

Stay vigilant and enhance your security measures.

: Alleged U.S. Armed Forces Personnel Info for Sale

Date Published: July 22, 2024

A threat actor claims to have obtained and is selling sensitive data of active-duty personnel from the Army, Navy, and Air Force. The alleged breach includes IDs, names, titles, emails, phone numbers, and unit details of nearly 24,000 service members.

If verified, this breach poses serious risks to national security and the safety of those involved.

Read more: https://kukublanph.data.blog/2024/07/22/alleged-sale-of-u-s-armed-forces-personnel-information/

LOOK: President Bongbong Marcos signs into law Republic Act 12009 or the "New Government Procurement Act," and Republic Act 12010 or the "Anti-Financial Account Scamming Act." Both are priority bills of his administration.

📸 RTVM

🚨 REPORT: LIST OF SUSPICIOUS DOMAINS TARGETING PHLPOST

From January to June 2024, Deep Web Konek has identified over 300 suspicious domains targeting PHILPOST. Here’s a summary of the findings:

🔍 Total Suspicious Domains: 300+

- Sample Domains:

1. phlpostm[.]top
2. phlpostk[.]online
3. phlpostgovment[.]top
4. phlpostshop[.]top

For a comprehensive list and detailed analysis, visit the Official Philippine Cyber Threat Pulse on OTX.

Full List: https://t.me/threatpulsephilippines/8
(Join the Official Telegram Channel for all updates like this.)

Stay vigilant and enhance your security measures.

🚨 Potential Malicious Domains

Be cautious of domains that might exploit the recent CrowdStrike outage.

Stay vigilant and avoid clicking on suspicious links!

(We will update the list if there's more to add.)

: ALLEGED DATA BREACH ON CRUNCHYROLL DATABASE LEAKED

Date Published: July 19, 2024

A post on a forum claims that the Crunchyroll user database has been leaked. According to the post by user "wyrara2131321", the breach occurred on May 5, 2024, compromising over 4.1 million users. The data reportedly includes emails, IP addresses, payment methods, and other personal details.

Note: This breach is currently unverified. Users are advised to remain cautious and monitor their accounts for any suspicious activity.

UPDATE: Following the global IT outage, several companies including at least 2 Philippine banks have announced issues with their online banking systems: namely Metrobank and RCBC.

Earlier, Cebu Pacific and AirAsia have advised also its customers that their systems have also been affected by the Microsoft outage. Delays are expected as digital services are down and some processes need to be done manually.

via Philstar.com

Update: Three more banks issued earlier an advisory as well: UnionBank, PNB and BPI.

JUST IN: A widespread issue is reportedly causing computers running various CrowdStrike sensor versions to experience a "blue screen of death" error.

CrowdStrike has acknowledged the problem and investigating the cause of the issue. As per the reports and a pinned message on the CrowdStrike's forum, Window users are experiencing the "Blue Screen of Death" (BSOD) errors following a recent update for CrowdStrike.

Microsoft Windows users took to microblogging platform X (formerly Twitter) to report about the issue.

JUST IN: On July 16, 2024, the National Bureau of Investigation (NBI) arrested multiple cyber hackers involved in breaching the Philippine Navy's database.

Following the arrest of "NEWBIEXHACKER" in Tagaytay City on July 8, 2024, who possessed sensitive, code-protected information, NBI operatives apprehended "HAXINJA" in Cagayan de Oro City. "HAXINJA" had agreed to meet a confidential informant to hand over the access code to the stolen data.

Additionally, another hacker, "D4rkJ1n", was arrested in Cubao, Quezon City, after attempting to flee. Both hackers face charges under the Cybercrime Prevention Act and other related laws.

NBI Director Jaime B. Santiago praised the operatives' efforts and reaffirmed the bureau's commitment to combating cybercrime.

JUST IN: The Regional Anti-Cybercrime Unit BAR (RACU BAR) arrested alias “King”, Top 7 Most Wanted Person (Regional Level), on July 3, 2024, at 5:00 PM in Parang, Maguindanao del Norte pursuant to a warrant of arrest issued by the Presiding Judge of the Regional Trial Court, Davao City, for violation of 28 counts of Section 4(b) (2) (Computer-related Fraud) of RA 10175 (Cybercrime Prevention Act of 2012) with recommended bail of Php120,000.00 each.

https://www.facebook.com/100064661650931/posts/902439521921428/?app=fbl

: AT&T Pays $370,000 Ransom to Delete Stolen Customer Data

Date Published: July 17, 2024

AT&T recently revealed that it paid a threat actor $370,000 to delete stolen call records of millions of its customers. This attacker was part of the infamous ShinyHunters group, which targets previously also Snowflake.

The payment, made in May, was confirmed by blockchain records showing a transfer of 5.7 bitcoin, worth $373,646 at the time. After receiving the payment, the threat actor provided proof of data deletion, and the funds were laundered through various cryptocurrency exchanges.

AT&T's filing with the SEC stated that the stolen data included call and text metadata but did not contain the content of the messages or customer names. However, the threat actors claimed they could still identify phone owners using reverse-lookup tools.

The breach impacted almost all AT&T mobile customers, as well as customers from other carriers who communicated with them between May and October 2022, and on January 2, 2023. Landline numbers were also affected.

The stolen data included dates and durations of communications and some cell site IDs, which could reveal the general location of a phone.

JUST IN: The Department of Migrant Workers (DMW) announced on Tuesday, July 16, that its online systems have been targeted by a ransomware attack.

To protect the data and information of Overseas Filipino Workers (OFWs), the DMW has temporarily taken its online system offline as a precautionary measure. The agency assured the public that the databases containing OFW information remain secure and unaffected by the attack.

There's no ransomware group yet claimed to the said attack. In response to this incident, Deep Web Konek is closely monitoring for any activity from various cybecrime or ransomware groups.

via GMA News | https://www.gmanetwork.com/news/topstories/nation/913477/ransomware-dmw/story/

[NON-CYBERSEC]: Read that headline multiple times before you comment on anything.

That headline caught me offguard but one apostrophe from the Civil War.

: Disney Hit by Major Data Breach with 1.1TB of Data Stolen by Nullbulge

Date Published: July 15, 2024

Disney has allegedly suffered a massive 1.1TB data breach, led by a group named Nullbulge. The group claims to have stolen content from Disney’s internal Slack platform, including login credentials, personal information, concept art and various unreleased projects. The hacking group then puts this data up on its website for anyone to download, only for the website to quickly go offline.

Disney has not issued an official response to the alleged hack, but we’re already starting to see a few unannounced projects leak online because of it.

For example, a sequel to 2021’s multiplayer shooter Aliens: Fireteam Elite surfaced online in the form of what appears to be an internal presentation. The sequel is codenamed ‘Project Macondo’, with a targeted release window of Q3 2025.

Another leak involves a crossover between Dead by Daylight and Alien, bringing skins for Ellen Ripley and Rain Carradine to the game. Rain is the protagonist of the next instalment in the Alien franchise: Alien Romulus, which hits theaters in August.

: Beware of Impostors Exploiting the Name of Deep Web Konek

It has come to our attention that malicious impostors are exploiting the name of Deep Web Konek to spread misinformation and potentially engage in harmful activities.

These impostors have created fake pages and profiles claiming affiliation with Deep Web Konek. We urge everyone to exercise caution and only trust information from our official channels:

- page: .0
- X/Twitter:
- Telegram:
- Reddit: r/deepwebkonek
- Email: [email protected]
- Website: https://kukublanph.data.blog

We emphasize the importance of verifying any communication claiming to be from Deep Web Konek before taking action or sharing information. Impostors may attempt to engage in malicious activities under our name, and we ask for your vigilance in identifying and reporting such behavior.

Deep Web Konek does not promote or encourage any malicious activities. Our mission is to provide a safe and informative environment for our community.

Your cooperation in safeguarding our community from these fraudulent attempts is invaluable. Together, we can ensure the integrity and trustworthiness of information associated with Deep Web Konek.

Thank you for your attention and continued support.

Sincerely,
The Deep Web Konek Team

: Massive Data Breach at Chinese Academy of Science

Published Date: July 13, 2024

The Chinese Academy of Science (CAS) Georesearch experienced a massive data breach on July 12, 2024. Over 5 gigabytes of sensitive data were leaked by a threat actor identified as "L1NX."

The timing of the breach coincides with the eighth anniversary of the 2016 arbitral ruling favoring the Philippines in the West Philippine Sea dispute. The threat actor claims the breach is a protest against China's actions in the region.

JUST IN: A recent Facebook Post by Klammer of the DeathNote Hackers page has revealed a message purportedly from a potential Chinese cyber-espionage group, Red Delta or Mustang Panda.

The message solicits the services of the "Death Note Hackers" and details an offer of 62,263 RMB per successful intrusion into the systems of Philippine government agencies. The solicitation emphasizes the need for caution and efficiency and highlights the highly sensitive and confidential nature of the task.

In response, the alleged target, Death Note Hackers, rejected the offer, affirming their stance against cyber-attacks and highlighting the geopolitical tensions underlying the request. They explicitly denounced the attempt and underscored their unwillingness to compromise their principles for financial gain.

This incident revealed the ongoing nature of cyber-espionage activities, as well as the considerations faced when approached for illicit activities.