14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Snowflake has put out a statement denying being compromised
Full statement: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
The good news: prompted UAC, administrative privileges required to access this folder
The bad news: still easily accessible
We are aware that one of the images released by the National Police of Ukraine, during a raid from Operation Endgame, shows an arrest of a naked person.
No information is given on who this person is or why they're naked.
tl;dr prolly raided while showering or going potty
"successfully executive"
Imagine if we could make a single post without sounding like a bunch of idiots
Crazy to think we've got Fed anime and Fed dubstep before we got Elder Scrolls VI or Grand Theft Auto VI
Читать полностью…
Law enforcement agencies across the globe have come together, similar to Goku and Vegeta doing the Gogeta fusion dance, to form "Operation Endgame".
Agencies from The Netherlands, Denmark, United Kingdom, France, Germany, and the United States have created a website and disclose episodes (and seasons?) and have countdowns to ... potential indictments or arrests? Operation Endgame has a timer, similar to ransomware groups, and is scheduled to release something in roughly 7 hours.
Each episode (a/k/a arrest or indictment?) comes with an actual anime short. Law enforcement going crazy 😂
Url: https://operation-endgame.com/
Over the past couple of weeks several high-profile Threat Actors, believed to be operating out of the United States or United Kingdom, suddenly disappeared
There is no evidence of rebrand or exit. All contact addresses are active, logs still present. They just vanished 🤔
Write your local government representatives and demand any company introducing AI into their products be jailed for 15,000 years.
Читать полностью…
Updates to vx-underground:
- 2024-03-13 - RisePro stealer targets Github users in “gitgub” campaign
- 2024-04-09 - Havoc C2 Framework – A Defensive Operator’s Guide
- 2024-04-24 - Pakistani APTs Escalate Attacks on Indian Gov. Seqrite Labs Unveils Threats and Connections
- 2024-05-01 - Ransom-War: Russian Extortion Operations as Hybrid Warfare, Part One
- 2024-05-02 - Dissecting LOCKBIT v3 ransomware
- 2024-05-04 - 191 Australian Organizations affected by ZircoDATA Breach Linked to Russian Ransomware Gang
- 2024-05-06 - Agent Tesla Malware Analysis
- 2024-05-09 - Case Study: Latrodectus - Analyzing and Implementing String Decryption Algorithms
- 2024-05-10 - AA24-131A: Stop Ransomware: Black Basta
- 2024-05-10 - Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware Part IV
Strap yourself in because it's time for this weeks episode of "Microsoft being dedicated to security".
tl;dr wtf bro lol
Previously Microsoft unveiled 'Recall' – which will be deployed on Windows 11. Recall will take screenshots of your computer desktop, in unspecified intervals, and allow users to search through Recall data (aka your Desktop screenshots) using AI to allow users to ... find things they may have forgotten (???).
When Recall was announced numerous security researchers, cybersecurity firms, and privacy advocates called it a nightmare because Microsoft explicitly stated that Recall will make no attempt to perform content moderation. It will take screenshots of plain text passwords, financial data, etc. Users also expressed concerns over Recall recording sexual fetishes (i.e. them watching pornography) and called it a gross invasion of privacy.
Microsoft's retort was that Recall can be disabled in settings and Microsoft does not have access to any of the data. It is all stored locally. Researchers then questioned whether or not end users, who may not be as tech savvy, would even understand or know Recall is present and may not be able to disable it.
Microsoft also stated today to the BBC that because Recall is stored locally, the only way a Threat Actor would be able to access Recall data is if they have physical access to the machine, unlocked it, and then signed in.
This did little to persuade security researchers because, if the data is stored locally, they expressed concern of the possibility of Recall data being harvested by infostealer malware (e.g. Redline, FormBook, Rhad, etc.) or the data being exfiltrated in the event of a ransomware attack. Furthermore, if Recall is deployed on Enterprise environments, this may make Recall an even larger security risk due to the lack of content moderation (i.e. exposing crown jewels).
With Recall present, and if data can be imported or exported, it could essentially allow Threat Groups the ability to visually inspect and review victims machines using AI search.
Will researchers find a way to abuse Recall? Will Threat Actors find a way to abuse Recall? Will there be 'for educational uses only' proof-of-concepts on GitHub? Find out on the next episode of Dragon Ball Z
Torrents:
- vxunderground.HD.Samples.VirusSign.Collection
- vxunderground.HD.Samples.Twitter.IOC.Collection
- vxunderground.HD.Samples.Families
- vxunderground.HD.Samples.Bazaar.Collection
- vxunderground.HD.Samples.ATM.Malware
- vxunderground.HD.Samples.Argus.Collection
- vxunderground.HD.Papers
Samples:
- VirusSign.2024.05.23
- VirusSign.2024.05.24
- VirusSign.2024.05.25
- VirusSign.2024.05.26
- VirusSign.2024.05.27
- InTheWild.0124
Papers:
- 2023-09-21 - Secrets of commercial RATs! NanoCore dissected
- 2023-11-13 - Decrypting the Mystery of MedusaLocker
- 2023-11-26 - From Infection to Encryption- Tracing the Impact of RYUK Ransomware
- 2024-05-07 - Cybercrime's Anatomy Threats to the Healthcare World
- 2024-04-24 - Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware
Someone found a Facebook post from 2006.
In 2006 this setup was insane.
Anyone who is capable of exercising any sort of critical thinking skills is capable of understanding the information displayed from the Google AI is innately false. It does not reflect an intelligent, informed, or well-minded advice to any individual having thoughts of self-harm or thoughts of harm toward others.
If you do not find humor in the absurdity of botched AI learning, while AI continues to be hailed as an omnipotent technology which will solve all problems, displaying wildly inappropriate and inaccurate information funny then ... ¯\_(ツ)_/¯
Not that big of a deal, dawg. If you're genuinely unhappy with it, unfollow us or something, we're just vibin' out trying to find humor in the everyday technological chaos.
It's time for your quarterly, and mandatory, continual education video from your HR department.
You sit down, play the video, and this what you learn about data backups:
May 26th Hudson Rock began investigating the alleged TicketMaster breach and the subseuent Santander Bank breach. They spoke with an unidentified Threat Actor(s) claiming responsibility for the breach. Hudson Rock was able to confirm some of their statements.
They discovered Snowflake, a large cloud storage provider, was impacted by Lumma Stealer.
The unidentified Threat Actor states they were able to get access to those companies by Infostealer malware, which allowed them to log into ServiceNow and bypass OKTA.
The unidentified Threat Actor(s) stated they're trying to extort Snowflake for $20,000,000 but Snowflake has ignored them. The Threat Actor(s) also claim to have exfiltrated sensitive data from over 400 companies which use Snowflake.
More information: https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection
Security researcher GossiTheDog shared a TikTok video from Microsoft employees showing Microsoft Recall.
Rest assured that malware will not be able to access it and your privacy is safe (joking, it's super unsafe)
Today the National Police of Ukraine, in conjunction with the Cyber Department of the Security Service of Ukraine, announced a takedown of multiple 'hacker services'.
The takedown is in partnership with the United States, France, the Netherlands, the United Kingdom, Northern Ireland, Denmark, and Germany in what is now being labeled as "Operation Endgame".
The raids disclosed today are related to 'Pikabot', 'IcedId', and 'AlexCrypt'. These malicious tools and malware campaigns are explicitly noted by the National Police of Ukraine as being in the arsenal of Russian-based Threat Groups 'BlackBasta', 'REvil', and 'Conti'.
Raids were conducted in unspecified regions of Ukraine. However, it is noted suspected developers, suspected administrators, and suspected operation organizers were raided. Furthermore, servers were 'blocked' (?), mobile devices were seized, and computer equipment was seized.
More information: https://cyberpolice.gov.ua/news/zablokovano-xakerski-servisy-svitovyx-kiberzlochynnyx-organizaczij-slidchi-naczpolicziyi-ukrayiny-doluchylysya-do-mizhnarodnoyi-speczoperacziyi-endgame-2143/
Previously on Dragon Ball Z: Law enforcement agents seized the BreachForum backend and placed a 'this site has been seized' sticker on the BreachForum landing page. However, shortly after the takedown, BreachForum quickly returned online.
Fast forward to today: BreachForum administrative staff issued a statement on their forum to Breach members and law enforcement agencies. The messages are attached to this post.
Breach administrative staff also shared e-mail's between them and their host provider
In summary Breach administrative staff assert law enforcement failed to successfully executive a seizure and inadvertently caused damage to a business who is not affiliated with them. Breach administrators also some how acquired the e-mail correspondence between law enforcement agencies and their host provider.
The latest release from Operation Endgame has been released.
In this video it is evident that Law enforcement agencies across the globe banded together to pay for roughly 30 seconds of Skrillex sound bites
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise.
Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000's. Data shared with us includes:
- Full name
- Email address
- Address
- Telephone number
- Credit card number (hashed)
- Credit card type, authentication type, etc
- All user financial transactions
NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.
We've updated the vx-underground papers collection. You won't believe what we've added. The 3rd paper will blow your mind!
^ That's how some media outlets write and no one likes it, not even the writers
From the United States Department of Justice:
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
May 22nd security research GossiTheDog was able to get Microsoft Recall. His wrote a long thread on Mastodon regarding it. The full thread is linked at the bottom of this if you're interested in the photos he shared.
tl;dr highlights:
- Enabled by default and globally in Microsoft Intune managed users for businesses
- Disabling recording of websites in Control Panel or GPO is still ... enabled (???), disabling recording of websites only stops recording in Microsoft Edge (???)
- Recall uses Core AI Platform service
- Screenshots are titled "Snapshots"
- Images are stored in APPDATA directory, administrative privileges not required to access storage
- Processed data stored in SQLite database, can be viewed programmatically
More information: GossiTheDog/112479974357074203" rel="nofollow">https://cyberplace.social/@GossiTheDog/112479974357074203
In the past couple of days we have received nearly 100 of these types of messages.
When we click the link is just directs us to YouTube. What the hell kind of spam campaign doesn't even deliver malware 😭
They've also got an N64, the CRT monitor on the floor, and the CD collection rack. This guy was ballin' out
Читать полностью…
This took like 10 minutes is ms-paint. This better get 18,446,744,073,709,551,615 likes (2^64 - 1)
Читать полностью…
Someone reported one of our posts as ??? to Xitter which resulted in us receiving this e-mail this morning.
Presumably, our Google AI meme/mock post was reported as imagery which promotes self-harm.
Good morning.
Today is the day of rest. We hope all of you have enjoyed your weekend thus far. We will see you all on Monday.
Love you
Today Donald Trump, former United States President who is seeking re-election, stated he vows to commute the sentence of former SilkRoad founder Ross Ulbricht
More information: https://www.coindesk.com/policy/2024/05/26/trump-pledges-to-free-silk-road-creator-ross-ulbricht-if-re-elected/