14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Security researcher Jonas Lyk has found a DoS vulnerability in Discord.
If you try to paste the string "http://./\<#0>: ://./<#0>" into Discord it will crash
¯\_(ツ)_/¯
The organizations listed below were victims of the now defunct ALPHV ransomware group.
Why is it being listed? Possibilities:
- ALPHV has secretly been administrating RansomHub
- ALPHV affiliates have moved to RansomHub
- ALPHV leaked data to RansomHub
- It's a scam
Today we met a gentleman who shared with us tons of information on random places — including police departments.
He told us that in his spare time he enjoys watching police body cam footage for credential exposure
Want to get into Cyber Security?! 🥰
It's easy! 😎 Here are our TOP 3 tips to land your dream job!
👉 ???
👉 ???
👉 Become CEO of Google
Follow us for more tips! 🙏
Panera Bread got hit by ransomware.
"Panera Sip Club members were particularly frustrated because they could not take advantage of the unlimited drinks they had paid $14.99 per month for as part of their subscription."
https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/
We asked our friend Joseph Cox from 404 Media for an advanced copy of his new book "Dark Wire". He gave us an advanced copy, signed it, and asked "what's the password?" 😭😭
tl;dr he snuck into an FBI conference with a wig and fake mustache and got the inside scoop on stuff
Hello, how are you?
We are testing out an 'update' page which lists new additions. Please note there are no links to the files – you can search them yourself. However, this new listing allows you to look at new additions easier.
Have a nice day.
https://vx-underground.org/Update%20Notes
Today a couple of media outlets picked up on a patent filed by Roku in 2022. In a brief summary: a patent which allows Roku to slipstream advertisements via the HDMI cable. It would allow content to be paused so advertisements can be displayed.
Link: https://patents.google.com/patent/US20230388589A1/en
Everytime you see a malicious porn advertisement on Twitter do 1 push up
You in 1 week:
Yesterday the United States Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion.
They spit in Microsoft's face 😭😭😭
You can read the full independent review here: https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf
Tuukka Ojala is a blind software developer. He almost exclusively uses the command line. He relies on text-to-speech and braille to code.
tl;dr completely blind dude is a better coder than you
https://www.vincit.com/blog/software-development-450-words-per-minute
Good morning, or afternoon, or night.
We've updated the vx-underground APT collection of March, 2024. Later today we will be updating our malware analysis collection from Malpedia. Sometime later this week we will add more papers too.
That's all we've got right now.
Love you
Plot twist: companies would rather pay a ransom than watch 8 hours of sensitivity training
Читать полностью…
We've updated the vx-underground "The Old New Thing" archive for March, 2024
Please read it or Raymond Chen will haunt you for 35 years
https://vx-underground.org/Archive/The%20Old%20New%20Thing
Earlier today (or yesterday depending on where you live) RansomHub ransomware group listed Change Healthcare – an organization which was previously ransomed by ALPHV ransomware group.
If you're not familiar with the ... 'lore' ..., it should probably be noted that Change Healthcare did pay (although they deny it, but transaction details discovered by researchers indicate otherwise) and upon receiving roughly $22,000,000 from Change Healthcare ALPHV administration pulled an exit scam.
Under normal circumstances ALPHV administration group receives roughly 20% of the ransom payment (depending on various factors) and the remaining 80% of the ransom money goes to the person (or persons) responsible for deploying the ransomware on the victim organization. When ALPHV received $22,000,000 they did not pay the affiliate their 80% cut. They just left.
This left many researchers wondering: what happened to the data? Will Change Healthcare be extorted again?
Well now, assuming RansomHub is telling the truth, we know the answer. Besides listing Change Healthcare on their site, they also briefly explained that they now have the Change Healthcare data, so they're extorting Change Healthcare again.
However, it is not clear if RansomHub is a rebrand of ALPHV ransomware group, the affiliate at ALPHV is moving to RansomHub, or if this is a scam by RansomHub ransomware group trying to intimidate Change Healthcare into paying again.
We have not investigated the current Change Healthcare listing on RansomHub's website to indicate if this is a scam.
If we had to guess, we would guess the ransomware affiliate from ALPHV simply moved over to RansomHub and want to collect their approx. $17,600,000 they believed they're due.
¯\_(ツ)_/¯
Special thanks to Dominic Alvieri for sharing the RansomHub explanation post with us.
For example, based on his understanding of hundreds or possibly thousands of police body cam footage, he has learned that Walmart employee usernames are in the format of username.store_number
Читать полностью…
We made it into the New York Times by shit posting and saying dumb shit
Читать полностью…
"Our malware bypasses ALL EDRs! It is undetectable and silent"
The undetectable and silent malware:
(we haven't had a chance to read it, no idea if he wore a wig and fake mustache, but we sure hope he did)
(leaked image of Joseph sneaking into the conference)
Hello,
We've uploaded quite a few things to vx-underground, including roughly 12,000 new malware samples.
You can see the full list of additions here: https://vx-underground.org/Update%20Notes
A leader from Israel's Unit 8200 made an OPSEC mistake in a book published in 2021. The mistake resulted in media outlet TheGuardian unveiling his identity today.
https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse
Imagine trying to present an educational video to inform people about the xz backdoor and thousands of people have to see our dumb ass takes 😂😂
Читать полностью…
One of our recommendations to nerds to keep up to date with stuff —allocate a binge read day.
1. Bookmark or save interesting tweets
2. Every Thursday, or Tuesday, or whatever, spend an hour, or more reviewing stuff.
3. Flex newly learned stuff to seem cool and badass
tfw Tuuka can't even see what bad code looks like. Tuuka can physiologically detect bad code like he's in the Matrix
Читать полностью…
A group of Threat Actors operating under the monikers; IntelBroker, Sanggiero and EnergyWeaponUser claim to have compromised Acuity Inc, a Federal tech consulting firm based out of Reston, Virginia.
The Threat Actors claim to have successfully exfiltrated sensitive information on United States government personnel, and United States allies.
Some data shared shows information on individuals from the Department of Justice, Federal Bureau of Investigation, Department of Homeland Security, and Department of State. The information shared shows employee full name, government e-mail address, and government phone number (and extension if applicable).
Other snippets of data show alleged plans or operations by the United States government (not entirely sure, they're just snippets of text)
We have not verified the authenticity of these files... we're also not entirely sure how we could verify these files 🤔
We are not sure of the size or scale of the files either.
Amazon has announced they're phasing out their checkout-less grocery stores.
The "Just Walk Out" technology, which was labeled as automatic, was actually thousands of Indian employees monitoring you as you walked through the store.
https://gizmodo.com/amazon-reportedly-ditches-just-walk-out-grocery-stores-1851381116
Ransomware but it makes everyone watch workplace sensitivity training videos
Читать полностью…
Sam Bankman-Fried looks like he's having fun amongst his new esteemed colleagues
Читать полностью…