14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
David Fincher's 1999 cult-classic 'Fight Club', based on the novel written by Charles Palahniuk, has a scene which philosophically reminds us of what we witness every single day in the cyber-ecosystem
Читать полностью…
The only thing we know for sure is that it's Sunday. We dislike when things happen on Sunday
>:(
We've received a lot of messages today regarding Lockbit ransomware groups Telegram.
We've been in contact with Lockbit ransomware group and several of their affiliates and subgroups since 2019. Lockbit ransomware group does not have a Telegram.
Lockbit is so paranoid he uses his own onion-based file sharing service. He thinks Telegram, Twitter, virtually all social media, is controlled by governments and refuses to use them.
Also, the account some of you send us named FbiSupp is not the real FBI. We have no idea what or who this account is — but the real FBI Telegram accounts are listed on the United States Department of Justice and Justice for Rewards (operated by the United States Department of State) website. These are imposters.
tl;dr being scammed by fake FBI because ??? and scammed by fake Lockbit because ???
After over 5 years of work, we believe vx-underground is now approaching "maintenance mode" — our work will primarily be keeping content up to date.
tl;dr 1,825 days of work
Leaked footage of Internet Degenerates and GitHub employees at the Battle of Anime Backgrounds (2024, colorized)
Читать полностью…
GitHub CEO Thomas Dohmke realizing if they charged $9.99/month for customizable CSS on GitHub profiles their profit margins would go up %2000
Читать полностью…
GitHub employees chasing down the nerds who turned their website into nothing but anime, IP grabbers, thread hijacks, and goatse spam... on a Friday night 😂😂😂
Читать полностью…
Today following the CSS injection discovered by cloud11665, internet nerds also discovered you can do CSS injection on the issues tab.
The attached link is defanged. Someone did a CSS injection on a raised issue, which resulted in the issue being essentially hijacked. When the link is clicked it quickly flashes in black & white a Discord invitation link.
This could potentially pose an issue to individuals who suffer from epilepsy.
Link if you're curious what it looks like:
hxxps://github.com/tukaani-project/xz/issues/92
Today on the Microsoft blog the Vice President of Windows and Devices, Pavan Davuluri, released new information & updates on Microsoft Recall citing that they 'have heard feedback' on Microsoft Recall and have decided to make some changes to how it operates.
- You can now choose whether or not you want Recall active during installation. It is no longer active by default
- "Windows Hello" enrollment is now required to enable Recall. A "proof-of-presence" is required to view and search Recall
- Recall is now implementing additional layers of protection – it is decrypted in-real-time with Windows Hello Enhanced Sign-in Security (ESS). Data is only decrypted when a user authenticates it. Search index is all encrypted.
They've also introduced more management features of administrators of corporate or enterprise environments.
Thanks to CyberCakeX for sharing this with us.
More information: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
We've updated the vx-underground Malware Analysis paper collection
- 2024-01-24 - Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
- 2024-02-19 - Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
- 2024-03-26 - Comprehensive Analysis of EMOTET Malware: Part 1
- 2024-04-13 - Analysis of malicious Microsoft office macros
- 2024-04-22 - Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
- 2024-04-29 - How to unpack Death Ransomware
- 2024-05-01 - “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
- 2024-05-08 - APT28 campaign targeting Polish government institutions
This is the 2nd time this week proprietary information has been leaked onto 4chan. A few days Club Penguin files were stolen from Disney's internal network and leaked onto 4chan.
Читать полностью…
vx-underground harddrive purchasers: we have received 10 harddrives for cloning. However, Western Digital has some how lost the other 10 (???)
Читать полностью…
Security Researcher Alexander Hagenah has developed a proof-of-concept which programmatically extracts data out of Microsoft Recall
Microsoft said it would be safe, but as is tradition, it was beaten with a stick before it was even fully deployed
https://github.com/xaitax/TotalRecall
no such thing as a bad program, just a bad author
Читать полностью…
Who the hell do you think we are, Telegram? Now people are seeing an 'OG' username advertisement 😭
Читать полностью…
Meanwhile in the non-cyber security world: graphic design nerds are foaming out the mouth as Adobe slip steams 'your work is now ours' into their agreement checkbox (that you probably don't read)
tl;dr they own whatever you make in their software
ShinyHunters, the group (person?) responsible for administrating Breached has disappeared. Breached is offline on both clearnet and Tor
Additionally, Shiny's Telegram and Telegram Channel have been deleted
People are speculating they've been arrested
¯\_(ツ)_/¯
Hello, we hope all of you had a good week and weekend
Today is the day of rest. We'll see you Monday
Also, to clear up some confusion, we are still going to work on vx-underground, the post about 5 years of work was regarding older material
tl;dr got lots of stuff, feels good
The aftermath of Internet Degenerates vs. GitHub employees at the Battle of Anime Backgrounds.
Photo taken the 8th of June, 2024. Respect to all the anime photos lost in the battle 🙏
The GitHub CSS Injection which was patched a few hours ago has already been bypassed.
Internet nerds are returning with wrath as they resume anime backgrounds and anime banners
We were asked not to show the bypass code to 340,000 people so it's not patched instantly ¯\_(ツ)_/¯
GitHub has ruined Christmas. The CSS injection has been patched.
Читать полностью…
Today following the CSS injection discovered by cloud11665, security researcher vmfunc discovered you can also create ReadMe files which force log people out of their GitHub profiles. Oh, and you can make IP grabbers!
GitHub has now become the wild west
Today cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub.
* Reposted for issue correction
* Initially attributed discovery to wrong person
Video shared from yacineMTB
Wow! Microsoft Recall reviews!
"⭐️⭐️⭐️⭐️⭐️, it helped our customers get more and faster" - Redline stealer
"⭐️⭐️⭐️⭐️⭐️, helped us optimize our code base. Love it!" - Formbook stealer
"⭐️⭐️⭐️⭐️⭐️, so easy to use! Required no work to get information" - Rhadamanthys stealer
Hello, and good morning, evening, or night.
We've updated the vx-underground APT archive for the month of May, 2024. We've also updated some previous months in 2023 and 2022.
We hope all of you have had a good week.
https://vx-underground.org/APTs
Today on 4chan someone leaked the source code (?) to the New York Times. They leaked 270GB of data
They wrote that the New York Times has 5,000+ source code repositories, with less than 30 being encrypted (?). It is 3,600,000 files in total
Note: We haven't reviewed the data
Security Researcher James Forshaw discovered Microsoft Recall uses a 'conditional access trick' he himself noted recently.
You can bypass Recall access restrictions by getting a token on AIXHost.exe and then impersonating it.
More information: https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html
> wake up
> check news
> more ransomware attacks against critical infra
> more problems found in microsoft recall
> more malware campaign findings shared
> more company databases leak
> more twitter dm spam
May 31st the United States Marine corp released information on a new program to improve Cyber Security Specialist and Signals Intelligence enlistments.
The Marine corp can now enroll someone up to an E-7 rank, with the highest being E-9, based on education and experience.
Interested participants must still pass basic training and meet standard fitness requirements.
The pay for an E-7 rank is $43,500 annually.
Alternatively, individuals with backgrounds in cyber security can apply for jobs in the private sector and make $150,000 - $750,000 based on education and experience, while also being able to work remotely, not wear a uniform, not have to do basic training, and not be stationed on a base.
Shout out to Telegram for advertising an infostealer on our Telegram channel. That is cool and badass
(we don't make any money from the advertisements placed on our Telegram page)