Recherche : [decrypt]

Exclusive: Brosix and Chatox promised to keep your chats secured. They didn’t. https://databreaches.net/2025/08/05/exclusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/

06/08/2025 12:25:43

databreaches.net - Chatox and Brosix are communications platforms that advertise for personal use and team use. They are owned by Stefan Chekanov.

The only statement Chatox makes about its data security is “Chatox employs encryption across all communications, making it an extremely secure communication and collaboration platform.”

Brosix Enterprise advertises its security:

Brosix provides you with an efficient and secure communication environment, and Text Chat is a central element of this. With this feature you can instantly send, and receive, text messages to your network contacts. Better yet, all messages sent with Brosix are fully encrypted using end-to-end encryption technology, guaranteeing that your communication remains secure.

Brosix uses AES (Advanced Encryption Standard, used by US government) with 256 bit keys. Which means the encryption can’t be broken in a reasonable time.

All communication channels are direct, peer-to-peer, between the users and are not routed through Brosix servers. In some cases, if user firewalls do not allow direct connection, data is routed through Brosix servers. In these rare cases, the channels through the servers are built in a way that Brosix cannot decrypt and see the user data that flows.

So why did a researcher find a lot sensitive chats in plain text with individuals’ first and last names, username, password, IP address, chat message, and attached files — all unencrypted?

What to Know
A researcher contacted DataBreaches after finding an unsecured backup with 155.3 GB of unique compressed files.
There was a total of 980,972 entries in the users’ tables, with entries going back to 2006.
The researcher first logged the backup as exposed in late April. From the logs, the researcher stated that the files in question were exposed from at least May 11th 2024 – July 4th 2025 . Because logging only began in late April, the server could have been exposed before then.
The top email domains for each of the two platforms are listed below:
Brosix Enterprise Database Chatox Database
14826 gmail.com
5472 yahoo.com
2086 hotmail.com
1805 mail.ru
1111 allstate.com
679 rankinteractive.com
633 yandex.ru
582 issta.co.il
376 outlook.com
353 gp-servicedirect.com 63291 mail.ru
48075 gmail.com
20099 yandex.ru
13789 yahoo.com
7868 hotmail.com
6734 bk.ru
4541 allstate.com
3316 rambler.ru
3297 inbox.ru
3204 list.ru

Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/

17/03/2025 21:21:35

I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code.

The code is here: https://github.com/yohanes/akira-bruteforce

To clarify, multiple ransomware variants have been named Akira over the years, and several versions are currently circulating. The variant I encountered has been active from late 2023 to the present (the company was breached this year).

Hacker Returns $19.3 Million to Drained US Government Crypto Wallet https://decrypt.co/288296/hacker-returns-millions-drained-us-government-crypto-wallet

28/10/2024 11:32:53

Most of the funds drained from a U.S. government crypto wallet in an apparent attack Thursday were sent back early Friday.

White Phoenix: Beating Intermittent Encryption https://www.cyberark.com/resources/threat-research-blog/white-phoenix-beating-intermittent-encryption

12/05/2023 14:21:16

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted...

Liens par page

Filtres