くろの

🇯🇵 A threat actor is advertising an alleged dataset linked to Japan’s National Personnel Authority (jinji.go.jp), claiming exposure of approximately 742,000 records involving government employee and payroll-related data. According to the listing, the alleged dataset includes: • full names and demographic information • dates of birth and personal contact details • home addresses and postal information • payroll and salary records • pension and health insurance identifiers • bank account and payroll administration data • ministry and departmental assignment details • employment status and organizational role information Government personnel datasets are considered highly sensitive due to their potential value for espionage, social engineering, and financial fraud operations. The alleged inclusion of payroll and departmental assignment records could potentially enable: • targeted phishing against government employees • impersonation and identity theft • financial fraud using payroll metadata • mapping of government organizational structures • intelligence gathering against public-sector personnel The exposure of employee allocation, ministry affiliations, and payroll-related information may also present national security and insider-risk concerns depending on the authenticity and scope of the alleged data. At this stage, the authenticity and scope of the alleged dataset remain unverified. #DDW #Intelligence #Jinji 🇯🇵 A threat actor is advertising an alleged dataset linked to my.au.com, claiming exposure of approximately 243,000 customer and service-management records. According to the listing, the alleged dataset includes: • customer names and phone numbers • email addresses and mailing information • encrypted passwords • service order and subscription records • billing and payment-related metadata • device and equipment serial references • customer support ticket information • account status and login activity details Telecommunications and customer account datasets are frequently targeted because they can be leveraged for: • credential stuffing and account takeover attacks • SIM swap and mobile fraud operations • phishing and impersonation campaigns • social engineering using customer service history • identity theft and subscription fraud The alleged inclusion of encrypted passwords, billing cycles, subscription data, and service-order history may significantly increase the operational value of the dataset for cybercriminal actors. At this stage, the authenticity and scope of the alleged dataset remain unverified. #DDW #Intelligence #MyAU #DarkWeb

Microsoft Defender can now automatically isolate hacked endpoints bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…