Hack-Security S.A @Hack_SecurityEc

🚨Se detecta pagina de la PRESIDENCIA de #Ecuador infectada con SEO Black Hat. @Arcotel_ec @DanielNoboaOk #Quito #Cloaking #AlertaDigitalEC @Presidencia_Ec @AsambleaEcuador @EcuavisaInforma @EcuCERT_EC

🚨 CYBER INTELLIGENCE ALERT: 🌐 [UNCONFIRMED] INFRASTRUCTURE COMPROMISE — CNE ECUADOR 🇪🇨 [STATUS: UNCONFIRMED / THREAT ACTIVITY / POSSIBLE EXFILTRATION] A post attributed to the threat actor "L4TAMFUCK3R$" has been identified claiming a complete compromise of the cloud infrastructure of the National Electoral Council (CNE) of Ecuador (cloud.cne(.)gob.ec). The attacker claims to have access to confidential files, credentials, and strategic electoral documents. Threat Actor: L4TAMFUCK3R$ Declared Scope: Full access to the file structure, system persistence, lateral movement capability (Cloud-to-On-Premise), and privilege escalation via IAM (Identity and Access Management). Reported Access Vector: Use of WebDAV for remote access and code execution. 📂 Analysis of Evidence The attacker has published a PHP code snippet that appears to be a configuration or redirect file for a Nextcloud environment (or a platform based on the same technical documentation scheme). The code exposes the platform's internal directory structure and mount points. Technical Findings: The exposure of admin-ldap and admin-config paths suggests a critical risk of compromise of the centralized authentication infrastructure. The presence of a Session ID (indicated as "Session: ...") suggests a possible active or captured session from the environment. ⚠️ Security and Risk Considerations Attack Vector: The ability to exploit WebDAV for remote file uploads is a common way to establish persistence and execute web shells. Lateral Movement: The claim of using Cloud-to-On-Premise methods implies a critical risk to the CNE's internal network, allowing data to jump from the public cloud to critical local databases. Electoral Impact: The potential manipulation or exfiltration of "important electoral documents" represents a critical risk to the integrity of the democratic process and public trust. 🛡️ Recommended Actions (Urgent) Immediate Audit: Verify the integrity of the files at cloud.cne.gob .ec and check for the presence of unauthorized or injected PHP files. Credential Reset: Initiate a complete credential rotation process for IAM, administrator accounts, and integrated services via LDAP/SSO. VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 analyzer.vecert.io Security Verification & Monitoring: 🛡️ monitor.vecert.io #CyberSecurity 🔐 #CNE #Ecuador 🇪🇨 #DataBreach 📁 #ThreatIntelligence #UnderInvestigation ⚠️

‼️🚨 BREAKING: ServiceNow has been breached. Customers are reporting unauthorised access to their instances. One customer states their security team reported this vulnerability to them, and they closed the case twice, saying they had already known since the 7th of April.

keyboard_arrow_left Previous keyboard_arrow_right Next

CYBER INTELLIGENCE ALERT: POSSIBLE MEDICAL DATA BREAK — ECUADOR 🇪🇨 🏥 [STATUS: UNCONFIRMED / THREAT ACTIVITY / DATA EXFILTRATION] A post has been identified by a threat actor known as "AlamedaSlim," who claims to have breached the security of the Ecuadorian laboratory Laboratorio Medicos (laboratoriomedicos.com). Threat Actor: AlamedaSlim Scope: The actor claims to have obtained approximately 120,000 patient records, stating that the original database contained up to half a million records, but that there were technical difficulties in the recovery process. Data Exposed: The provided sample includes highly sensitive information: full names, dates of birth, identification numbers (national ID cards), physical addresses, telephone/cell phone numbers, and email addresses. Structure of the Compromised Information 📂 According to the attacker, the JSON file is divided into three critical sections: Patient identification process. List of laboratory tests performed. Results of those tests. Security Considerations ⚠️ Motivation: The attacker indicates that this attack is retaliation for the entity's refusal to pay extortion money. VECERT OPERATIONS Strategic Monitoring Tools & Intelligence Platform: analyzer.vecert.io Security Verification & Monitoring: monitor.vecert.io #CyberSecurity #Ecuador #DataBreach #HealthData #MedicalLaboratories #ThreatIntelligence #VECERT #UnderInvestigation

@rocurun ?????

🚨🇪🇨 A threat actor known as V0lt4r0x is distributing what they claim are login credentials for web applications belonging to multiple Ecuadorian organizations, spanning government institutions, telecommunications, the national police, the Red Cross, and several private entities including Aneta, CediaMDI, Fundacion Vida Nuevo, PuntoNet, and EEQ. The actor describes the data as usernames and passwords providing access to these platforms, has attached screenshots, and posted a download link. Claim is unverified. 💥 Stop guessing what's redacted. Paid subscribers see everything: darkwebinformer.com/pricing

🚨DDoS Alert 🇪🇨 Hider_Nex claims to have targeted multiple websites in Ecuador. * Presidencia de la República del Ecuador * Vicepresidencia de la República del Ecuador * Registro Civil Ecuador * Instituto Ecuatoriano de Seguridad Social * Corporación Nacional de Telecomunicaciones * Corporación Quiport S.A. * Produbanco

keyboard_arrow_left Previous keyboard_arrow_right Next

Unos meses atras reporte a las autoridades correspondientes de #Ecuador sitios infectados SEO Injection, Casino/Gambling Spam Hack. Lo solucionaron. Pero les falta notificar o gestionar a Google para el borrado del índice de búsqueda. @EcuCERT_EC @Arcotel_ec ✌️

CYBER INTELLIGENCE ALERT: DENIAL-OF-SERVICE (DDoS) ATTACK — ECUADORIAN PRESIDENCY 🇪🇨 [STATUS: ATTACK CLAIMED / DDoS] A distributed denial-of-service (DDoS) attack targeting the digital infrastructure of the Ecuadorian Presidency has been detected, claimed by the group known as Dark Storm Team. 👤 Threat Actor: Dark Storm Team 🔗 Evidence of Impact: The actor has provided a link to an external verification report (check-host.net) to document the service disruption. Incident Details 🔍 The group has indicated this attack as a repeated action against the same target, using Telegram channels to disseminate the claim and the results of their availability monitoring tools. Security Considerations ⚠️ Nature of the Attack: DDoS attacks aim to overwhelm a server's resources with malicious traffic, rendering web services inaccessible to legitimate users. Infrastructure Management: This type of incident underscores the need to implement robust DDoS mitigation solutions and traffic filtering services on government websites. Recommendations 🛡️ Constant Monitoring: It is essential to maintain active surveillance of network perimeters to detect traffic anomalies early. #CyberSecurity #Ecuador #DDoS #Presidency #CyberAttack #ThreatIntelligence #CyberAlert #VECERT #UnderInvestigation

🚨 CYBER INTELLIGENCE ALERT: POSSIBLE COMPROMISE OF CORPORATE EMAIL SERVER — SEGUROS LA UNIÓN 🇪🇨 ⚠️ ACTOR "V0lt4r0x" SELLING ACCESS AND EMAIL DUMPING INCLUDING MILITARY AND STATE POLICIES [STATUS: SAMPLES VIEWED, UNCONFIRMED, UNDER ANALYSIS] Through monitoring of underground forums, a post classified under the "DOCUMENTS" tag has been detected, made by the threat actor identified as V0lt4r0x. The attacker is advertising the sale of a compromised email server belonging to the insurance company Seguros La Unión. 🎯 Affected Entity: Seguros La Unión (Insurance and Finance Sector - Ecuador). 👤 Threat Actor: V0lt4r0x 📂 Incident Type: Email Server Exfiltration (Mailbox Dump) and Sale of Confidential Information 📊 TECHNICAL BREAKDOWN AND IMPACT VECTORS The forensic analysis of the proof-of-concept (PoC) reveals that the attacker exfiltrated the entire mailbox of a high-ranking executive at the insurance company (identified by the file path and emails). The impact is massive due to the nature of the accounts managed by this company: 🗄️ Exposure of Government and Military Contracts (National Risk): The attacker's file explorer shows internal email folders that expose policies and communications with the most critical institutions of the Ecuadorian State. Among the exfiltrated mailboxes—some weighing hundreds of megabytes or even gigabytes (such as a 1.6 GiB "Archive" file)—are folders labeled: FAE Diaf, FAE TRI, FAE Vehículos (Ecuadorian Air Force), Midena Aviación (Ministry of Defense), CELEC (Electric Corporation of Ecuador), Consejo de la Judicatura (Judicial Council), and IESS TRI (Ecuadorian Social Security Institute). 💸 Exposure of Financial Secrets and Reinsurance Data (Corporate Espionage): The attacker displays the contents of an email dated March 6, 2023, in which "Draft Reinsurance Contracts 2023/24" are discussed. The plaintext message reveals exact and confidential financial limits for Zone 1 (Guayas), exposing a cession limit of 900 million dollars, broken down into technical risk and fire coverage quotas. 🛡️ MITIGATION MEASURES AND EMERGENCY TECHNICAL RECOMMENDATIONS 🛑 Immediate Lockdown (Kill-Switch): Seguros La Unión’s security team (SOC) must immediately identify the compromise vector affecting the mail server (possibly vulnerabilities in Microsoft Exchange or Zimbra, or the theft of session tokens) and invalidate all active IMAP/SMTP credentials and sessions belonging to its executives. 🔒 Mandatory Notification to State Institutions: Due to national security requirements, the insurance company must urgently notify the Joint Command of the Armed Forces (Ministry of Defense), CELEC, and the Judicial Council that communications, policies, and details regarding their insured assets have been exfiltrated. ⚡ MONITORING AND ASSESSMENT 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io #CyberSecurity #DataBreach #Ecuador #SegurosLaUnion #V0lt4r0x #MailboxDump #SupplyChainAttack #CorporateEspionage #NationalSecurity #ThreatIntelligence #CiberAlerta #VECERT #Infosec #BEC

🇪🇨 NEW RESEARCH PUBLISHED "Anatomy of a Clandestine Ecosystem of Carding, Doxxing, and Digital Surveillance in Ecuador" is now available. We detail how this alleged Cybercrime-as-a-Service network operates in Latin America, using protected infrastructure and Telegram bots to orchestrate fraud and sell sensitive data. In the article, we break down: 💰 Fraud and Monetization: Credit systems and illicit financial schemes. 🕵️ Data Breach: Mass queries (ID numbers, tax IDs), scraping, and evidence of doxxing. ⚙️ Operation and Actors: Seller structure, clandestine channels, and timeline (2023-2026). 🔍 Technical Analysis: DFIR, infrastructure mapping, and Domains. An essential overview to understand the evolution and monetization of cybercrime in our region. 🔗 Read the full investigation here: x.com/VECERTRadar/st… #OSINT #CyberCrime #FinancialFraud #DFIR #ThreatIntel #Cybersecurity #Ecuador #Telegram #Carding #Doxxing

keyboard_arrow_left Previous keyboard_arrow_right Next

La filtración de Registro Civil contiene datos biométricas. Lo que es muy grave porque no podemos cambiar esos datos.

In 2020, an Israeli digital intelligence company named Cellebrite told the world they could crack Signal. Signal is the world's most secure messaging app. Cellebrite sells phone-cracking tools to the FBI, ICE, Saudi Arabia, Russia, and over 60 governments. They charge millions per contract. Police use their devices on protestors, journalists, and dissidents. So when they bragged on their blog about breaking Signal, the man who built Signal got curious. His name is Moxie Marlinspike. A few months later, Moxie wrote a now-legendary blog post. It started with a sentence no one expected. "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me." Inside the package was a complete Cellebrite forensic device. He took it home. He opened it. He reverse-engineered the software the FBI uses to break into your phone. What he found was embarrassing. The software had massive security holes. Old code from 2012. No protection against malicious files. In simple terms, any app on a phone could plant a hidden file that would take over the Cellebrite machine the moment it scanned that phone. Once the machine was hijacked, Moxie could rewrite every report Cellebrite had ever generated. Every police case. Every court submission. Every piece of digital evidence. Then he published the exploits on the internet for free. Cellebrite's stock dropped. They quietly removed Signal from their list of supported apps a week later. Here's the wildest part: The same man who hacked the FBI's favorite phone-cracking company also built the encryption that protects three billion people every day. WhatsApp uses Moxie's encryption. Google Messages uses Moxie's encryption. Facebook Messenger uses Moxie's encryption. Three billion people. One man's code. Given away for free under the AGPL-3.0 license. The FBI publicly admitted in court they cannot break Signal. Bill Barr personally complained about it. The DOJ tried to legally force Signal to add a backdoor. Signal said no. Mark Zuckerberg uses Signal personally. Edward Snowden uses Signal. Every privacy researcher on Earth uses Signal. The repo is signalapp/Signal-Android. 28,000 stars. No ads. No tracking. No phone number leaks. No backups stored on any company's server. Just messages between two phones, that no government on Earth has ever been able to read. 100% Open Source. (Link in the comments)

En #Ecuador diseñamos tarjetas electrónicas para ensamblar luego nuestros productos. El gobierno ha hecho bien en exonerar de impuestos estos insumos, pero en la práctica la aduana está plagada de corrupción y hace que esto no funcione. No es la primera vez que nos quieren cambiar de partida arancelaria. Ahora, dentro de una subpartida que menciona a teléfono celulares. Es inaudito! Cómo se denuncia esto? @SENAE_Aduana

A response to recent reporting in Germany, in service of clarity and accountability: First, it’s important to be precise when it comes to critical infrastructure like Signal. Signal was not “hacked” — in that our encryption, infrastructure, and the integrity of the app’s code was not compromised. However, sophisticated attackers have engaged in a harmful phishing campaign, posing as “Signal Support” by changing their profile display name and using social engineering to trick people into handing over their credentials — information that allowed these attackers to take over some targeted Signal accounts. This is something that plagues any mainstream messaging app once it reaches the scale of Signal, but we know how high the stakes are given the trust people place in us. In the coming weeks, you’ll see us rolling out a number of changes to help hinder these kinds of attacks. Because we don’t collect user data, what we know about these attacks comes from the victims of phishing. And from what victims have told us, the attacks followed a broad pattern: after tricking people into revealing their Signal credentials, attackers then used those credentials to take over their account and also frequently changed the associated phone number. Because such a change results in de-registering your Signal accounts, attackers prepared people for this by telling them that being de-registered was intended behavior, and that all they would need to do is “re-register,” or, create a new account. When they moved to create a new Signal account — one that was now decoupled from their hijacked account — the victims thought they were logging back in to their primary account. As a result, many didn't notice the takeover. The compromised accounts were then weaponized to target the victims' contact lists by posing as the owners of the account. We understand the trust that people put in Signal, and how devastating this kind of social engineering can be. While it’s true that all messaging platforms are susceptible to scammers and phishing that betrays people’s trust and convinces them to “unlock the front door” where no backdoor exists, we are looking to do everything we can to help people avoid and detect such scams. For the time being, please stay vigilant against phishing and account takeover attempts. Remember that no one from Signal Support will ever send you a message request or ask for your registration verification code or Signal PIN. For an added layer of protection, you can enable Registration Lock in your Signal Settings (Account -> Registration Lock).

😎😎

Signal @signalapp

2 months ago

We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted. Apple’s advisory confirmed that the bugs that allowed this to

104 1K 6K 828K 915

We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted. Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release. You can read more here: support.apple.com/en-us/127002 Note that no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications. We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.

Hoy, aquí en Guayaquil, la tormenta es real y estremecedora. Pero lo que más hace temblar y da miedo no es el ruido del cielo, sino la falta de claridad aquí abajo.

[Blog] El FBI y la CISA advierten que rusos atacan a personas de alto valor mediante Signal blog.elhacker.net/2026/03/el-fbi…

[Blog] iPhones pueden ser hackeados con solo visitar una web blog.elhacker.net/2026/03/iphone…