14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Note:
Other members of vx-underground listen to weird techno music that sounds like it belongs in an anime. Other members, such as Bradley, don't listen to anything so they can focus (he is probably a serial killer)
Note:
* No Threat Actor(s) have taken credit for the compromise
* Individuals reviewing the data suspect the parent company, Psyclone Inc, may have been the initial access point. Evidence supporting this is debug data present in The Post Millennial database dump as well as adjacent website HumanEvents going offline – however this still remains speculation.
17 days away from 5 year vx-underground anniversary
Читать полностью…
Today DropBox reported to the SEC that on April 24th, 2024, they detected unauthorized access to the DropBox Sign prod environment.
DropBox states an unknown Threat Actor(s) was able to access user e-mails, usernames, account settings, and in some scenarios hashed passwords, phone numbers, API keys, OAuth tokens, and MFA.
DropBox states there is no evidence the Threat Actor(s) accessed user contents or payment information. They state no other products owned by DropBox were compromised – only DropBox Sign was compromised.
They state an investigation is on-going and no specific Threat Actor(s) or group have been attributed to the attack.
More information: https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm
Today Yaroslav Vasinskyi, the REvil ransomware operator responsible for the infamous Kaseya supply chain attack, was sentenced to 13 years in prison.
https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
On Monday a former NSA employee was sentenced for attempting to sell Top Secret United States documents to the Russian Federation.
His plot was foiled when he tried to sell the documents to an undercover FBI Agent.
He was sentenced to 21 years in prison
https://www.justice.gov/opa/pr/former-nsa-employee-sentenced-over-21-years-prison-attempted-espionage
Today Julius Kivimäki a/k/a Zeekill, a former member of Lizard Squad, was sentenced to 6 years and 3 months in prison for the extortion of a psychiatric healthcare facility – threatening to disclose notes on 30,000 patients
Information and footage via Joe Tidy / BBC News
Bad passwords are illegal and for nerds
Literally, the United Kingdom has made bad passwords illegal
(this applies strictly to manufacturers who provide poor default passwords to consumers, among other issues)
More information: https://news.sky.com/story/admin-and-12345-banned-from-being-used-as-passwords-in-uk-crackdown-on-cyber-attacks-13125565
Hot take: we don't want ChatGPT in our mouse. We just want a mouse – that's all.
Читать полностью…
Today is the day of the rest. Enjoy your Sunday. Please ignore the crazy hallucinating artificial intelligence-thing.
Have a nice day.
Kim Zetter, a journalist who has been discussing national security since the late 90's, and was one of the few people to discuss the United States 'Stuxnet' worm with her book 'Countdown to 0day', was baited by the Twitter AI
Kim, we love you, we're so sorry 😭😭
> friend calls
> invites over
> ok_cool.jpeg
> ask for apartment address
> says "apt 29"
> mfw apt29
We will be mostly AFK for the remainder of the weekend. It is the weekend of rest – not just Sunday:)
Next week we will be adding new malware builders: Amadey (Panel), MetaStealer, and "Сборка 2.0". We don't know what Сборка 2.0 (Russian for 'Build 2.0') is.
Have a cat.
When we're coding we like to listen to gangster rap (it makes us feel cool and dangerous)
Читать полностью…
Yesterday evening The Post Millennial, a Canadian conservative news website, was compromised. The landing page was defaced, displaying the transgender flag, as well as making a satirical post mocking conservative author and social media commentator Andy Ngo.
The Threat Actor(s) responsible for the compromise leaked information on 39,850 subscribers to the website. The leaked information includes:
- Gender
- Name
- Display name
- Nick name
- E-mail address
- Phone number
- Address
- Password
- Subscriber details (payment information)
- 'Daleted' – a boolean field incorrectly spelled
and more...
Passwords are in plain text. Payment information does not display credit card information. Payment information displays preferred payment method (e.g. PayPal, Credit Card, Debit Card) and currency used (e.g. CAD, USD). Some fields are optional such as telephone number or address. Additionally, this leak unveils some information on government representatives across the globe – including United States government personnel. This displays their contact information in plain text.
Also, the Threat Actor(s) leaked information on authors for The Post Millennial editors. We are not sure on the validity of this data, unless this website has 761 editors. Editor information disclosure shows:
- Username
- IP Address
- Phone number
- Country
- Email address
- Name
Image 1. Snippet of leaked subscriber information
Image 2. Snippet of leaked editor information
Image 3. Defaced website and satirical post
In Honor of World Password Day we would like to inform all of you that the password is "infected"
Thanks
Recently we've had a few companies contact us about doing sponsored tweets.
They see our engagement rates and likes on posts.
They don't see that a majority of our follower base is criminals, weebs, degenerates, Linux users, and C programmers
These are the last publicly posted images of Yaroslav Vasinskyi.
He was approx. 19 years old in these pictures.
He was arrested at approx. 22 years old.
He was sentenced at approx. age 25 years old.
He will be released from prison when he is approx. 38 years old.
He made approx. $8,300,000. Don't throwaway your life for ransomware.
2 weeks ago McAfee reported a variant of Redline stealer using Lua.
This is 100% some nerd from Roblox who decided to go into the stealer game 😂😂😂
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
"Are your malware builders clean?"
Hell no they're not clean – don't trust those things, not memeing.
Them: "lmfap"
Me: *sees obvious typo* "laughing my fucking ass pants"
1. It's too early in the week to start sending us e-mails from compromised government e-mails. Stop it.
2. Rude >:(
Angel Drainer shared a rap song and music video today.
We give this song and music video a B+
Logitech has announced their new "Logi AI Prompt Builder" software. This software ships with Logi Options+ 1.7 which was deployed earlier this month.
With Logitech's AI software users can click a button on their mouse and automatically bring up a ChatGPT prompt.
We hate it
12 hours+ of Twitter AI not understanding satire and hallucinating
Читать полностью…
Twitter AI is amazing. It took our satirical post about 'Stuxnet 2.0' and some mention of 'templates' into a serious trending post about cyberwarfare.
Читать полностью…
The most sophisticated exploit we've ever seen.
Thank you to wdormann for bringing this to our attention. This is basically Stuxnet. 2.0
Hello, we hope everyone is enjoying their weekend so far. We've made some updates to the vx-underground malware sample collection. Additionally, we have papers in queue but they have not been addressed yet.
Samples and families added:
- Virussign.2024.04.19
- Virussign.2024.04.20
- Virussign.2024.04.21
- Virussign.2024.04.22
- Virussign.2024.04.23
- Virussign.2024.04.24
- Virussign.2024.04.26
- InTheWild.0121
- InTheWild.0120
- SmokeLoader
- STRRAT
- TriangleDB
- QuasarRAT
- SnakeKeylogger
- NewBotLoader
- PikaBot
- PlanetStealer
- NetSupportRAT
- NjRAT
- LummaStealer
- EvilAntRansomware
- DarkGateLoader
- BunnyLoader
- DoNexRansomware