0-Day Exploits for Outlook and Windows, AnyDesk Access Sale, LeadSquared and WeRize Database Leaks

Explore the latest cyber threats with SOCRadar Dark Web Team’s findings. Concerning posts on hacker forums reveal the sale of two new alleged 0-day exploits, targeting Microsoft Outlook and Windows. Furthermore, our team identified major leaks of customer databases, comprising 1.3 terabytes of highly sensitive data.

In addition, we detected unauthorized network access for a prominent Argentinian telecom giant and unauthorized AnyDesk access for a Dutch energy company.

Receive a Free Dark Web Report for Your Organization:

0-day Exploit of Microsoft Outlook is on Sale

The SOCRadar Dark Web Team has uncovered a concerning post on a hacker forum where a threat actor is advertising a new alleged 0-day exploit for Microsoft Outlook. The post claims that this Remote Code Execution (RCE) exploit is effective against all versions of Outlook and has been validated to work. The price for this exploit is $300,000.

Threat Actors Claim Alleged Access to LeadSquared and WeRize Customer Data; LeadSquared Denied the Breach

The SOCRadar Dark Web Team has detected a message on a hacker forum where a threat actor claims to have leaked significant customer databases from LeadSquared and WeRize. LeadSquared is a provider of CRM and marketing automation software, while WeRize is a fintech company. The leaked data allegedly includes 1.3 terabytes of sensitive information such as names, contact details, addresses, KYC details, and loan information including guarantor and payment details.

The allegation is not new; the threat actor has published it on different dates. On March 15 and 24, the threat actor republished the post, presumably to enhance the visibility of the alleged leak.

Updated Information from LeadSquared

Following the publication of this intelligence report and the dark web claims circulating about the alleged leak, LeadSquared contacted SOCRadar to provide further clarification. According to LeadSquared, their internal investigation – conducted together with their customer WeRize – found no compromise in LeadSquared’s own infrastructure. Instead, they stated that the data exposure originated on the client side (WeRize), potentially due to internal personnel misconduct rather than any vulnerability in the LeadSquared platform.

In the interest of accuracy and fairness, we are including the relevant portion of LeadSquared’s official statement below:

“We had verified this incident with WeRize and they have confirmed that this incident bears no relation to LeadSquared. As per a formal note sent by the customer to publications… Preliminary investigations point to potential collusion by certain ‘company personnel’ who may have shared data in gross violation of policies, training, and practices.”

SOCRadar monitors dark web activities to alert organizations about potential threats and reports on claims made by threat actors as they appear.

0-day Exploit of Microsoft Windows is on Sale

The SOCRadar Dark Web Team has detected a post on a hacker forum where a threat actor is advertising the sale of a new alleged 0-day exploit that targets Microsoft Windows operating systems, including Windows 10, Windows 11, and all versions of Windows Server. According to the threat actor, the exploit for sale is a Local Privilege Escalation (LPE) vulnerability, which purportedly comes with the full source code and is currently operational. The threat actor has set the price for this exploit at $5,000.

Unauthorized Network Access Sale is Detected for an Argentinian Telecommunication Company

The SOCRadar Dark Web Team has detected a post on a hacker forum indicating the sale of unauthorized network access that allegedly belongs to a telecommunications company operating in Argentina. According to this post, unauthorized network access to the systems of “Telecom Argentina” is being offered for sale. The threat actor highlights the extensive capabilities provided by this access, emphasizing the potential for making queries using an individual’s ID to view their subscribed services.

This access apparently allows unauthorized users to see detailed information about a customer’s connections, including both public and private IP addresses of routers, and similar data for other devices such as TVs.

Unauthorized Anydesk Access Sale is Detected for a Netherlands Energy Company

The SOCRadar Dark Web Team has detected a post on a hacker forum advertising unauthorized AnyDesk access, allegedly belonging to an energy company based in the Netherlands. AnyDesk is a remote desktop software that allows users to access and control computers remotely over the internet. It is known for its fast performance and supports various platforms including Windows, macOS, Linux, Android, and iOS. The sale includes access to six domain controllers, with prices starting at $1,500 and increasing by $500 per bid. The access breach, allegedly shielded by Webroot security measures, represents a severe risk to critical infrastructure management within the energy sector.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.