14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Underground ransomware group, a relatively new group which first appeared roughly March 21, 2024, has claimed to have ransomed Synology.
Synology is a Taiwanese corporation that specializes in network-attached storage appliances. Many nerds are familiar with them.
Underground ransomware group claims to have exfiltrated 51GBs of data. Upon review of leaked data snippets it appears they've primarily exfiltrated data off of user workstations. It is also in German. We aren't going to translate German into English (it's Saturday) – so we can't weight in on the validity or the value of the data.
Interestingly, the date of the data shows 2023-07-18. We aren't sure if they've had access to Synology for several months, or they've simply grabbed older data.
Unlike most traditional ransomware groups they also have a Telegram channel.
These government e-mails, which can used for social engineering, can be sold for as low as $1 – in some cases they're free because of how many are available.
tl;dr their problem is your problem because they will use it against your company or end users
(we're not the fancy smart looking dude in the suit)
Читать полностью…
Note:
Other members of vx-underground listen to weird techno music that sounds like it belongs in an anime. Other members, such as Bradley, don't listen to anything so they can focus (he is probably a serial killer)
Note:
* No Threat Actor(s) have taken credit for the compromise
* Individuals reviewing the data suspect the parent company, Psyclone Inc, may have been the initial access point. Evidence supporting this is debug data present in The Post Millennial database dump as well as adjacent website HumanEvents going offline – however this still remains speculation.
17 days away from 5 year vx-underground anniversary
Читать полностью…
Today DropBox reported to the SEC that on April 24th, 2024, they detected unauthorized access to the DropBox Sign prod environment.
DropBox states an unknown Threat Actor(s) was able to access user e-mails, usernames, account settings, and in some scenarios hashed passwords, phone numbers, API keys, OAuth tokens, and MFA.
DropBox states there is no evidence the Threat Actor(s) accessed user contents or payment information. They state no other products owned by DropBox were compromised – only DropBox Sign was compromised.
They state an investigation is on-going and no specific Threat Actor(s) or group have been attributed to the attack.
More information: https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm
Today Yaroslav Vasinskyi, the REvil ransomware operator responsible for the infamous Kaseya supply chain attack, was sentenced to 13 years in prison.
https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
On Monday a former NSA employee was sentenced for attempting to sell Top Secret United States documents to the Russian Federation.
His plot was foiled when he tried to sell the documents to an undercover FBI Agent.
He was sentenced to 21 years in prison
https://www.justice.gov/opa/pr/former-nsa-employee-sentenced-over-21-years-prison-attempted-espionage
Today Julius Kivimäki a/k/a Zeekill, a former member of Lizard Squad, was sentenced to 6 years and 3 months in prison for the extortion of a psychiatric healthcare facility – threatening to disclose notes on 30,000 patients
Information and footage via Joe Tidy / BBC News
Bad passwords are illegal and for nerds
Literally, the United Kingdom has made bad passwords illegal
(this applies strictly to manufacturers who provide poor default passwords to consumers, among other issues)
More information: https://news.sky.com/story/admin-and-12345-banned-from-being-used-as-passwords-in-uk-crackdown-on-cyber-attacks-13125565
Hot take: we don't want ChatGPT in our mouse. We just want a mouse – that's all.
Читать полностью…
Today is the day of the rest. Enjoy your Sunday. Please ignore the crazy hallucinating artificial intelligence-thing.
Have a nice day.
Thank you to the people who enjoy calling us 'fart faces' and 'stinky' from compromised government e-mails. It's fun:)
It's also painstakingly obvious that less-developed countries run rampant with stealer malware and it poses a serious security threat
When you're a degenerate nerd but corporate asks you to go to a conference
Читать полностью…
When we're coding we like to listen to gangster rap (it makes us feel cool and dangerous)
Читать полностью…
Yesterday evening The Post Millennial, a Canadian conservative news website, was compromised. The landing page was defaced, displaying the transgender flag, as well as making a satirical post mocking conservative author and social media commentator Andy Ngo.
The Threat Actor(s) responsible for the compromise leaked information on 39,850 subscribers to the website. The leaked information includes:
- Gender
- Name
- Display name
- Nick name
- E-mail address
- Phone number
- Address
- Password
- Subscriber details (payment information)
- 'Daleted' – a boolean field incorrectly spelled
and more...
Passwords are in plain text. Payment information does not display credit card information. Payment information displays preferred payment method (e.g. PayPal, Credit Card, Debit Card) and currency used (e.g. CAD, USD). Some fields are optional such as telephone number or address. Additionally, this leak unveils some information on government representatives across the globe – including United States government personnel. This displays their contact information in plain text.
Also, the Threat Actor(s) leaked information on authors for The Post Millennial editors. We are not sure on the validity of this data, unless this website has 761 editors. Editor information disclosure shows:
- Username
- IP Address
- Phone number
- Country
- Email address
- Name
Image 1. Snippet of leaked subscriber information
Image 2. Snippet of leaked editor information
Image 3. Defaced website and satirical post
In Honor of World Password Day we would like to inform all of you that the password is "infected"
Thanks
Recently we've had a few companies contact us about doing sponsored tweets.
They see our engagement rates and likes on posts.
They don't see that a majority of our follower base is criminals, weebs, degenerates, Linux users, and C programmers
These are the last publicly posted images of Yaroslav Vasinskyi.
He was approx. 19 years old in these pictures.
He was arrested at approx. 22 years old.
He was sentenced at approx. age 25 years old.
He will be released from prison when he is approx. 38 years old.
He made approx. $8,300,000. Don't throwaway your life for ransomware.
2 weeks ago McAfee reported a variant of Redline stealer using Lua.
This is 100% some nerd from Roblox who decided to go into the stealer game 😂😂😂
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
"Are your malware builders clean?"
Hell no they're not clean – don't trust those things, not memeing.
Them: "lmfap"
Me: *sees obvious typo* "laughing my fucking ass pants"
1. It's too early in the week to start sending us e-mails from compromised government e-mails. Stop it.
2. Rude >:(
Angel Drainer shared a rap song and music video today.
We give this song and music video a B+
Logitech has announced their new "Logi AI Prompt Builder" software. This software ships with Logi Options+ 1.7 which was deployed earlier this month.
With Logitech's AI software users can click a button on their mouse and automatically bring up a ChatGPT prompt.
We hate it
12 hours+ of Twitter AI not understanding satire and hallucinating
Читать полностью…