14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Full article and source: https://www.forbes.com/sites/emilybaker-white/2024/06/04/a-zero-day-tiktok-hack-is-taking-over-celebrity-and-brand-accounts/?sh=621c6d4c6060
Читать полностью…
Possible reasons:
- DNS
- Ransomware
- Someone stepped on a banana, slid, fell onto important thing
- Bad code pushed to prod
- Unplugged massive FCC router, didn't wait long enough before plugging back in
Today on 4chan someone leaked internal documents from Club Penguin.
It is 137 documents which include product planning, proof-of-concepts, internal e-mails, and some documents on other projects such as Tron.
All of the material appears dated, it is probably valuable to lost media nerds.
Administrative announcement:
vx-underground telegram chatroom now has 'vx-underground kitty cat' sticker pack to ensure cat image spamming.
Thanks,
We do vx-uwu every so often because a few years ago a joke surfaced of a vx-underground member saying "I'm gay". It bothered some people, for whatever reason, so we decided it would be funny to roll with it – be extra gay, cute, anime-uwu, etc, to antagonize them.
tl;dr uwu
Today was not a good day for the day of the rest.
tl;dr
> wake up
> over 9,000 notifications
> wtf.exe
> vx-underground flagged by cloudflare
> wtf we use cloudflare
> cry on xitter
> cloudflare fixes and says sorry
> open the door
> get on the floor
> walk the dinosaur
> Use CloudFlare product
> Domain is at CloudFlare
> Cloudflare Trust & Safety flags us
Will this be the end of vx-underground?
Find out on the next episode of Dragon Ball Z
Dear Cloudflare,
You're currently flagging us as a phishing domain. We aren't a phishing domain. Also, we use your product for our website. Please help.
Thanks,
You degenerates need to stop goofin' on the FBI 😭
Читать полностью…
Correction: USDoD was a broker and/or middleman for the initial posting. We were instructed to explicitly state that credit for the compromise is to be given to an individual operating under the moniker "SXUL".
Читать полностью…
Today RansomHub ransomware group claimed to ransom Frontier Communications. Frontier Communications is a large Internet Service Provider based out of Dallas, Texas.
Frontier Communications confirmed this by submitting a form 8-K to the SEC.
Information via Dominic Alvieri
Comments are disabled again. Channel removed. We underestimated the degeneracy. Nerds flooded the channel faster than we anticipated. It was the great vx-underground temp chat civil war of 2024.
Читать полностью…
Good morning,
Several people have asked about an account named 'vxugsupp'. We are not vxugsupp. We do not know who that is. The only staff members from vx-underground on Telegram are @smellyvx (hi, it's me, smelly) and @BradleyVX
Have a nice day. Enjoy the rest of your weekend.
We've broken 300,000 followers on Xitter
Thank you for the love and support.
Cheers to 400,000
Love you♥️
Previously on Dragon Ball Z, the individuals who claim responsibility for the TicketMaster breach stated they got access via a Managed Service Provider – which was later determined to be Snowflake. They claimed access was gotten via an infostealer.
Today Live Nation Entertainment a/k/a TicketMaster reported to the SEC that they had indeed been compromised (SEC link attached at the bottom of post)
Hudson Rock confirmed that employee credentials from Snowflake were stolen via a Lumma Stealer campaign. However, Snowflake put out a statement today stating they have not been compromised and that they believe the individual companies were compromised as a result of poor security practices. White Intel corroborated the findings from Hudson Rock by disclosing more information on the Lumma Stealer campaign.
Will Snowflake reverse their statement and say they're compromised? Will TicketMaster data be leaked online? Will Lumma Stealer keep hitting large companies? Will more data from Snowflake be leaked online? Find out on the next episode of Dragon Ball Z
Official SEC report: https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
tl;dr don't read TikTok dms ¯\_(ツ)_/¯
Today is was announced an unknown Threat Actor(s) had discovered an exploit in TikTok which allows users to hijack accounts.
Details are scarce – however it has been noted that the payload (as it is being described) is delivered through TikTok direct messages. The payload is executed when the direct message is read. However, it does not require any external files be executed, the user does not need to respond to the message, etc.
No details have been unveiled on whether or not this is platform specific (i.e. Android or iOS).
The unknown Threat Actor(s) have compromised Paris Hilton, CNN, and Sony. It is claimed other high-profile and/or celebrity accounts have been compromised, but no other 'high-profile' accounts have been disclosed other than the ones previously noted. The TikTok security team is aware of the issue and has confirmed the legitimacy of the exploit with Forbes.
TikTok representatives stated to Forbes that a small number of users were compromised. No exact numbers were given. TikTok representatives have not stated if the exploit is still valid, how users can protect themselves, or what the attackers have done with the compromised accounts.
Yesterday it was announced that IKEA is launching a virtual Roblox store. They're seeking Roblox players to work in the Roblox IKEA store. Must be 18+
Location: Fully remote
Schedule: Flexible
Pay: £13.15 / €14.80
Employment type: Contract
Details: https://thecoworker.co.uk/
Game reverse engineers and cheaters hate this 1 simple trick (impossible to bypass)
Читать полностью…
Updates to vx-underground
Archives:
- The One New Thing, May 2024
- Builder.Win32.DarkGateLoader.a (unknown variant)
Malware collections:
- Bazaar.2024.05
- InTheWild.0125
- Virussign.2024.06.01
- Virussign.2024.05.31
- Virussign.2024.05.30
- Virussign.2024.05.29
- Virussign.2024.05.28
Papers:
- 2023-02-03 - Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware
- 2023-05-13 - Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns
- 2023-04-26 - Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware
- 2024-01-05 - Tomb Crypter and ChrGetPdsi Stealer Analysis Report (INT00011701)
- 2024-05-13 - Exploring the Depths of SolarMarker's Multi-tiered Infrastructure
- 2024-05-14 - Breaking new ground: Uncovering Akira's privilege escalation techniques
The SVP of Cloudflare replied to us and said they'd fix the issue.
Thank you to everyone who was ride-or-die with us.
According to this report that Cloudflare received, we are a hacking collective that infiltrates devices and disseminates illicit content:(
This is terrible:(
We're just a library:(
Hello, how are you?
Today is the day of rest. We hope all of you have had a good week and a good weekend thus far.
Next week we will be updating the archives, adding more papers, and adding more samples.
We'll see you Monday.
Love you ♥️
Today Snowflake, a digital storage provider who was recently surrounded in controversy from the TicketMaster breach, put out a joint statement with both Mandiant and Crowdstrike.
tl;dr Snowflake was not breached
Mandiant and Crowdstrike are both heavy-hitters in the DFIR industry and have worked the largest network compromises on the planet – from ransomware incidents to state sponsored threat actors. So, we applaud Snowflake for hiring not one but two DFIR consulting firms. That is a pretty penny spent and it appears Snowflake took the rumors and speculation very serious. That is cool and badass.
Per the report – although Snowflake was not breached, customers of Snowflake have been a 'trending' target, and some customers failed to follow the recommended best security practices written by Snowflake.
Snowflake, in conjunction with Mandiant and Crowdstrike, identified various customers who may have also been targeted and have notified the customers.
Official statement and more information: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
April 8th, 2024, a Threat Actor operating under the moniker "USDoD" placed a large database up for sale on Breached titled: "National Public Data". They claimed it contained 2,900,000,000 records on United States citizens. They put the data up for sale for $3,500,000.
National Public Data is a background check and person lookup and verification company located in Coral Springs, Florida. The company offers API data lookups to other companies. In summary – they're a lowkey databroker.
Last week we were informed USDoD intends on leaking the database. We requested a copy in advance to confirm the validity of the data.
We reviewed the massive file – 277.1GB uncompressed, and can confirm the data present in it is real and accurate. We searched up several individuals who consented to having their information looked up.
1. The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.
2. People who did not use data opt-out services and resided in the United States were immediately found. It showed their:
- First name
- Last name
- Address
- Address history (3 decades+)
- Social security number
It also allowed us to find their parents, and nearest siblings. We were able to identify someones parents, deceased relatives, Uncles, Aunts, and Cousins. Additionally, we can confirm this database also contains information on individuals who are deceased. Some individuals located had been deceased for nearly 2 decades.
Chat has returned with rules in place. Hopefully it works. Comments are also enabled.
Have a nice day.
We believe in security through obscurity.
That's why we use a custom built OS that relies on CLGUI (Command Line Graphical User Interface, pronounced KLA GOO EE). It uses images instead of text for the CLI.
Instead of DIR or LS we use a picture of Chicken. GREP is a Kitty
Law enforcement has released a new 'episode' of Operation Endgame. The video is odd.
Читать полностью…