40552
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Tuukka Ojala is a blind software developer. He almost exclusively uses the command line. He relies on text-to-speech and braille to code.
tl;dr completely blind dude is a better coder than you
https://www.vincit.com/blog/software-development-450-words-per-minute
Good morning, or afternoon, or night.
We've updated the vx-underground APT collection of March, 2024. Later today we will be updating our malware analysis collection from Malpedia. Sometime later this week we will add more papers too.
That's all we've got right now.
Love you
Plot twist: companies would rather pay a ransom than watch 8 hours of sensitivity training
Читать полностью…
We've updated the vx-underground "The Old New Thing" archive for March, 2024
Please read it or Raymond Chen will haunt you for 35 years
https://vx-underground.org/Archive/The%20Old%20New%20Thing
Today we learned RecordedFuture's Insikt group is pronounced 'In-sikt' and NOT 'in sync'. No idea where we got the 'N' from – but we did. For several years we thought the organization was named after Justin Timberlake's hit 90's boy band
Читать полностью…
Discord has announced they will begin displaying ads to boost revenue
Читать полностью…
PandaBuy has been breached by Threat Actors operating under the names "Sanggiero" and "IntelBroker". Exfiltrated data includes:
- UserId
- First name
- Last name
- Phone number
- Email
- Login Ip
- Full address
- Order information
Breach patrons are relatively excited
Most difficult things to do:
- Climbing Mt. Everest
- Mastering a second language
- Overcoming addiction
- Syncing Outlook
JiaT75 on GitHub pretending to be an OSS enthusiast and 100% NOT a state-sponsored Threat Actor
Читать полностью…
The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious.
This is the Silver Back Gorilla of nerds. The internet final boss.
meemaw shows nerds how to use ffmpeg, uses a 2 character password, uses neofetch, and complains about bloat on her 4gb linux box
based and linux pilled
https://www.youtube.com/watch?v=YVI6SCtVu4c
The more we read about the xz supply chain attack the more we realize that everyone needs to move to Windows XP.
This wouldn't have happened on Windows XP
Checked in with Lockbit ransomware group administrative staff yesterday. We haven't spoken with them in a few weeks. They're now looking to expand operations into Violence-as-a-Service.
Very cool – malware, extortion, money laundering, and now violence 👍
A group of Threat Actors operating under the monikers; IntelBroker, Sanggiero and EnergyWeaponUser claim to have compromised Acuity Inc, a Federal tech consulting firm based out of Reston, Virginia.
The Threat Actors claim to have successfully exfiltrated sensitive information on United States government personnel, and United States allies.
Some data shared shows information on individuals from the Department of Justice, Federal Bureau of Investigation, Department of Homeland Security, and Department of State. The information shared shows employee full name, government e-mail address, and government phone number (and extension if applicable).
Other snippets of data show alleged plans or operations by the United States government (not entirely sure, they're just snippets of text)
We have not verified the authenticity of these files... we're also not entirely sure how we could verify these files 🤔
We are not sure of the size or scale of the files either.
Amazon has announced they're phasing out their checkout-less grocery stores.
The "Just Walk Out" technology, which was labeled as automatic, was actually thousands of Indian employees monitoring you as you walked through the store.
https://gizmodo.com/amazon-reportedly-ditches-just-walk-out-grocery-stores-1851381116
Ransomware but it makes everyone watch workplace sensitivity training videos
Читать полностью…
Sam Bankman-Fried looks like he's having fun amongst his new esteemed colleagues
Читать полностью…
We've uploaded 85,000+ malware samples to vx-underground.
Download it.
We have no April Fool's day joke planned this year. Please accept this image of a cat instead.
Читать полностью…
Hello, how are you?
It is Sunday. Today is a day to rest. We hope everyone had a good week. We hope all of you have a good weekend.
We made a post congratulating and praising Andres Freund for his discovery of the xz backdoor
Dorks immediately started freaking out
>i WouLd hAvE cAuGhT ThiS
>i dO bEnChMarkS liKe tHiS tOO
How about you be happy for someone? Not everything is an attack on your ego 😤😤
Microsoft engineer: 500ms lag in liblzma? Something's up.
Also Microsoft engineer: 45 minute lag in Microsoft Teams? Perfect.
Times like this we need a reminder that only one person can protect us from OSS supply chain attacks
meemaw. She would know immediately
The xz situation is absolutely insane and almost certainly state sponsored.
This is an excellent example of a widely used software being maintained by basically one person.
Read this web article and then frown and become sad.
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Lockbit has clarified this is not to intimidate potential victims of ransomware. Lockbit administrative staff claim they were recently robbed and need to get their money back.
Читать полностью…
Happy Supply Chain Attack Friday!
tldr if you updated Kali Linux recently you're pwned with malware
https://twitter.com/kalilinux/status/1773786266074513523