14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Trying to use a different tool**.
Apologies — currently posting from Walgreens restroom.
Edit: we're being told EvilSocket didn't define the vulnerability as a 9.9, someone else did (RedHat) and they went with it. No idea if that's true, we don't know whats real anymore because everyone is yappin.
We're going back to bed
Today in internet stuff
- Sanctions against more TAs
- KIAs can get hacked somehow
- Linux RCE discussions everywhere
- More botnet tracking from people
We didn't read any of it
There's some noise in the infosec vulnerability and blue team space about an alleged 9.9 CVE score impacting all GNU/Linux systems.
Due to lack of details, some users have expressed criticism on the severity of the exploit — with the infamous Heartbleed being a 7.5 CVE. Some expressed concern that the exploit is overhyped, or acting as marketing material for the researcher.
Others have noted that they believe the exploit is real and possess a genuine score of 9.9 but question the impact of effecting all GNU/Linux systems.
From what we've seen, nobody knows anything and everyone is just yappin. We'll see what happens when the details are released.
We have a large quantity of malware samples and papers to add. These will all be pushed in bulk in a very large update coming soon-ish.
Until that times comes (finishing collecting the stuff) we're just gonna play Crab Champions
Have a nice day
The source code to Winamp was not leaked online. It was a scheduled release in hopes of furthering collaboration with others.
May 16th, 2024 they announced it would go open source on September 24th, 2024.
https://about.winamp.com/press/article/winamp-open-source-code
Ultra AV, the product Kaspersky installed on end-users machines, domain was created July 16th, 2024. It is 70 days old.
https://ultrasecureav.com/
Kaspersky antivirus has reportedly begun silently installing a new antivirus product called "Ultra AV" on United States-based users machines.
tl;dr
We aren't surprised, we're surprised it took this long. Pavel Durov is a citizen of France, a NATO country.
Читать полностью…
Today X shared they will be changing the way blocking accounts works. If you're blocked, you can still see the block person and/or companies public posts. However, you can't engage with them and they can't engage with you.
We don't understand it, but whatever, what do we know?
They have a dedicated team of over 100 professionals with over 12 years of experience.
In other words, they have 100 programmers each with roughly 44 days of PHP programming experience.
"Why doesn't this work?"
A better question sometimes asked is, "How does this even work?"
Also, shoutout to this girl for being fiercely loyal to her boyfriend (or girlfriend). There are a lot of people who would sell their soul for these expensive gifts.
Читать полностью…
Unrelated to malware of course, but this is relevant due to Twitter being our primary method of communicating updates and shitposts.
Читать полностью…
Hello,
We're aware of a long standing issue where trying to extract vx-underground files with the default MacOS tooling fails.
We don't remember why, but it does.
Our proposed solution is introducing your device to thermite, or trying to a different tool.
Thanks,
Summary of the Linux RCE 9.9 CVE
The vulnerability write up and disclosure is confusing. Initially the write up was scheduled for release in October. However, the write up and proof-of-concept was leaked onto Breached (???) which then resulted in the researcher / author to do an official write up (maybe?).
- Self described as 9.9, not officially declared 9.9
- Attacks CUPS
We haven't looked at it because we don't do exploit stuff and also Linux is for nerds
When we said users, we meant nerds on social media. Currently posting from the restroom at Apple Bees.
Читать полностью…
Some controversy today as YouTube tech reviewer Marques Brownlee 'Panels' app is getting pretty substantial backlash.
tl;dr Marques Brownlee app, 'Panels', offers high-definition wallpapers from Digital Artists for $49.99/year. People criticized the app for an array of reasons, beside the idea of paying $49.99/year for wallpapers on your cell phone, the app requests tracking information, and contains ads.
Unsurprisingly, and as is tradition, internet nerds quickly began inspecting the app under the metaphorical microscope. Security researcher @I_Am_Jakoby discovered the apps API is wildly insecure. He wrote a simple script which programmatically scrapes every high-definition wallpaper.
Attached image is the script he shared. If you want to experiment with it, just OCR it or something.
After what feels like an eternity, we have finally identified, repaired, and re-deployed our corrupted batch of malware samples from the MalwareIngestion feed for June, 2024.
It's over 600,000 malware samples. Download them.
https://vx-underground.org/Samples/MalwareIngestion
We used to receive emails and DMs asking for the password.
It has evolved. We now receive emails and DMs on how to become a hacker.
We're a library. Do you go to your local library and ask the librarian how to read?
Also, we almost exclusively cover malware. Wrong library pal
we're not The New York Times or The AP.
we're just a bunch of internet degenerates trying to make it ok sorry
In light of the recent arrest of Pavel Durov, CEO of Telegram, Telegram has made it crystal clear they will now fully cooperate with law enforcement agencies in seemingly any capacity.
Читать полностью…
Polish nerds seeing this right before their Monday starts: "Nasz rząd nadal ich używa"
Читать полностью…
We're taking the day off.
Some updates on what's cookin':
- Improvements to VXDB
- MalwareIngestion daily dumps are coming back
- More malware families
- More malware papers
- New stuff for Black Mass Volume III.
- Probably more memes, depends on mood
See ya Monday ♥️
Note: we've learned that the woman he had a crush on is a model and comes from an affluent background. She has a strong and lengthy portfolio doing professional modeling with large and well known brands.
She owns her own Lamborghini.
Sometimes you have to stare at your code, scrolling up and down, top to bottom, and take time to admire your own work and be proud.
and sometimes you just stare at your code and say, "what the fuck is this piece of shit".
Following the recent arrests as a result of the research conducted by ZachXBT, some photos have been circulating of one of the alleged thieves responsible for the theft of $243,000,000.
In one of the photos Greavys a/k/a Malone Iam purchased a pink Lamborghini Urus, valued at roughly $241,843, and 3 Birkin Bags, valued at an estimated $63,000, for a girl he seemed to have a crush on.
She replied, "I am taken once again". She didn't even say "Thank you". 😭😭😭😭
Today the United States Securities and Exchange Commission announced they're seeking to sanction Elon Musk for failing to appear to court for a probe into his acquisition of Twitter.
Previously, Musk was scheduled for May 31st, 2024 in which he failed to appear in court. The SEC then rescheduled the hearing to September 20th, 2024 — he failed to appear in court again, instead he was in Florida attending the SpaceX launch of Polaris Dawn.
SEC lawyer's accused Musk of 'gamemanship', stating it was not be tolerated. Musk's lawyers said sanctions are excessive and instead request his court appearance be rescheduled to October 3rd.
More information: https://www.reuters.com/technology/us-sec-intends-seek-sanctions-against-elon-musk-twitter-probe-2024-09-20/