14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Today Julius Kivimäki a/k/a Zeekill, a former member of Lizard Squad, was sentenced to 6 years and 3 months in prison for the extortion of a psychiatric healthcare facility – threatening to disclose notes on 30,000 patients
Information and footage via Joe Tidy / BBC News
Bad passwords are illegal and for nerds
Literally, the United Kingdom has made bad passwords illegal
(this applies strictly to manufacturers who provide poor default passwords to consumers, among other issues)
More information: https://news.sky.com/story/admin-and-12345-banned-from-being-used-as-passwords-in-uk-crackdown-on-cyber-attacks-13125565
Hot take: we don't want ChatGPT in our mouse. We just want a mouse – that's all.
Читать полностью…
Today is the day of the rest. Enjoy your Sunday. Please ignore the crazy hallucinating artificial intelligence-thing.
Have a nice day.
Kim Zetter, a journalist who has been discussing national security since the late 90's, and was one of the few people to discuss the United States 'Stuxnet' worm with her book 'Countdown to 0day', was baited by the Twitter AI
Kim, we love you, we're so sorry 😭😭
> friend calls
> invites over
> ok_cool.jpeg
> ask for apartment address
> says "apt 29"
> mfw apt29
We will be mostly AFK for the remainder of the weekend. It is the weekend of rest – not just Sunday:)
Next week we will be adding new malware builders: Amadey (Panel), MetaStealer, and "Сборка 2.0". We don't know what Сборка 2.0 (Russian for 'Build 2.0') is.
Have a cat.
Russian speakers using smiley face "))" instead of ":))"
What Russian speakers see
vs.
What English speakers see
Hello,
We are looking for someone who is capable of transforming paper into an mp3 digital format.
If you or someone you know is a wizard please contact us.
Thanks,
Today Microsoft open-sourced MS-DOS 4.0.
You can check it out here: https://github.com/microsoft/MS-DOS
Hello,
We have 3 harddrives left in stock. Once the last 3 are purchased the cloning stage will begin.
- Each buyer gets a free duck (not a joke)
- My home is full of packing material (also not a joke)
- Buy them!!!!!11
https://www.vx-underwear.org/collections/vxug-collection
It appears we have deeply angered nerds who like unique usernames. We apologize for not being privy to username buying and selling. We will repent for our mistake by offering one (1) cat picture.
Читать полностью…
Our advice to anyone who wants to get a job in cyber security is to intentionally poop your pants in public.
You need to put yourself in difficult situations to understand how to overcome adversity in the every expanding threat landscape.
Yesterday The New York Times unveiled that General Motor's had accidentally enrolled millions of people into its "OnStar Smart Driver+" program. If consumers chose to not enroll through the phone app – it would do it anyways.
Unenrolling requires consumers to contact OnStar customer support line. However, some people do not trust them and have turned to stripping the electronic devices from their car.
The OnStar Smart Driver+ data was being sold to LexisNexis, and insurance companies, to modify insurance rates. The data sold was invasive and logged:
- Number of trips
- Miles driven
- Minutes driven
- Hard-brake vents
- Rapid accelerates
- Speeding events
The reporter from the New York Times requested a copy of their data and received it. See attached image.
Often time peoples forget how goofy antivirus companies used to be.
For example: in the mid 2000's when the Kaspersky AV detected malware on your computer it would trigger "Kaspersky Alert Sound 2". It grabbed users attention immediately.
See attached video for soundbites.
1. It's too early in the week to start sending us e-mails from compromised government e-mails. Stop it.
2. Rude >:(
Angel Drainer shared a rap song and music video today.
We give this song and music video a B+
Logitech has announced their new "Logi AI Prompt Builder" software. This software ships with Logi Options+ 1.7 which was deployed earlier this month.
With Logitech's AI software users can click a button on their mouse and automatically bring up a ChatGPT prompt.
We hate it
12 hours+ of Twitter AI not understanding satire and hallucinating
Читать полностью…
Twitter AI is amazing. It took our satirical post about 'Stuxnet 2.0' and some mention of 'templates' into a serious trending post about cyberwarfare.
Читать полностью…
The most sophisticated exploit we've ever seen.
Thank you to wdormann for bringing this to our attention. This is basically Stuxnet. 2.0
Hello, we hope everyone is enjoying their weekend so far. We've made some updates to the vx-underground malware sample collection. Additionally, we have papers in queue but they have not been addressed yet.
Samples and families added:
- Virussign.2024.04.19
- Virussign.2024.04.20
- Virussign.2024.04.21
- Virussign.2024.04.22
- Virussign.2024.04.23
- Virussign.2024.04.24
- Virussign.2024.04.26
- InTheWild.0121
- InTheWild.0120
- SmokeLoader
- STRRAT
- TriangleDB
- QuasarRAT
- SnakeKeylogger
- NewBotLoader
- PikaBot
- PlanetStealer
- NetSupportRAT
- NjRAT
- LummaStealer
- EvilAntRansomware
- DarkGateLoader
- BunnyLoader
- DoNexRansomware
POV: You get into an argument with someone with an anime profile picture (you're going to lose)
Читать полностью…
Hello,
We have a lot of super cool stuff happening behind the scenes. We think all of you will enjoy it.
In the meantime, please look at this random proof-of-concept images which totally aren't related to the vx-underground 5 year anniversary
In Japan – the Fukui Prefectural Police Echizen Police Station have created the "Virus/Trojan horse removal fee payment card" and the "Unpaid charges/delinquent charges payment card".
The fake cards, designed to combat telephone scammers, are positioned intentionally at convenience stores to assist police at identifying victims and safeguarding them from financial harm. When someone tries to purchase the card the police are immediately notified.
Upon placement in stores in November 2023, it immediately stopped 3 elderly people from being scammed in November and December.
No additional information has been released regarding the success rate. However, the police officers who came up with the idea were given a promotion in February, 2024.
Information via TopiLaron, ten_forward, and fukuinpmedia
A user has appeared on Twitter with the profile creation date of the Unix Epoch 😭
Читать полностью…
This morning our Intrusion Detection System (meemaw) identified two (2) highly sophisticated Threat Actors trying to brute force our access portal.
Viewer discretion advised
Today Avast unveiled 'GuptiMiner'.
tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware
We give this APT campaign an A+ because it's absurdly well executed
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
The United States FTC has banned non-compete agreements. We look forward to all of you creating a cyber security startup
https://www.ftc.gov/news-events/news/press-releases/2024/04/ftc-announces-rule-banning-noncompetes