Today Avast unveiled 'GuptiMiner'.
tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware
We give this APT campaign an A+ because it's absurdly well executed
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
tl;dr eScan AV, out of India, used HTTP for AV updates, not HTTPS, North Korea man-in-the-middle'd updates to large networks to deliver malware
We give this APT campaign an A+ because it's absurdly well executed
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Gendigital
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Malware Campaign Exploiting Antivirus Updates
👍53🤯16❤13😁11🤣11🔥4😎4🎉2
Yesterday The New York Times unveiled that General Motor's had accidentally enrolled millions of people into its "OnStar Smart Driver+" program. If consumers chose to not enroll through the phone app – it would do it anyways.
Unenrolling requires consumers to contact OnStar customer support line. However, some people do not trust them and have turned to stripping the electronic devices from their car.
The OnStar Smart Driver+ data was being sold to LexisNexis, and insurance companies, to modify insurance rates. The data sold was invasive and logged:
- Number of trips
- Miles driven
- Minutes driven
- Hard-brake vents
- Rapid accelerates
- Speeding events
The reporter from the New York Times requested a copy of their data and received it. See attached image.
Unenrolling requires consumers to contact OnStar customer support line. However, some people do not trust them and have turned to stripping the electronic devices from their car.
The OnStar Smart Driver+ data was being sold to LexisNexis, and insurance companies, to modify insurance rates. The data sold was invasive and logged:
- Number of trips
- Miles driven
- Minutes driven
- Hard-brake vents
- Rapid accelerates
- Speeding events
The reporter from the New York Times requested a copy of their data and received it. See attached image.
👏63👍9🤔7😱7😎7❤3🤯3😢3🤣3😇2
This media is not supported in your browser
VIEW IN TELEGRAM
This morning our Intrusion Detection System (meemaw) identified two (2) highly sophisticated Threat Actors trying to brute force our access portal.
Viewer discretion advised
Viewer discretion advised
🤣169🤯32❤21❤🔥11👍10😁9🤝6🤓3🎉1💯1
Our advice to anyone who wants to get a job in cyber security is to intentionally poop your pants in public.
You need to put yourself in difficult situations to understand how to overcome adversity in the every expanding threat landscape.
You need to put yourself in difficult situations to understand how to overcome adversity in the every expanding threat landscape.
🫡145👍34🤣15❤14😁9🎉6👏4🤔3💯3🤓3🤩1
In Japan – the Fukui Prefectural Police Echizen Police Station have created the "Virus/Trojan horse removal fee payment card" and the "Unpaid charges/delinquent charges payment card".
The fake cards, designed to combat telephone scammers, are positioned intentionally at convenience stores to assist police at identifying victims and safeguarding them from financial harm. When someone tries to purchase the card the police are immediately notified.
Upon placement in stores in November 2023, it immediately stopped 3 elderly people from being scammed in November and December.
No additional information has been released regarding the success rate. However, the police officers who came up with the idea were given a promotion in February, 2024.
Information via TopiLaron, ten_forward, and fukuinpmedia
The fake cards, designed to combat telephone scammers, are positioned intentionally at convenience stores to assist police at identifying victims and safeguarding them from financial harm. When someone tries to purchase the card the police are immediately notified.
Upon placement in stores in November 2023, it immediately stopped 3 elderly people from being scammed in November and December.
No additional information has been released regarding the success rate. However, the police officers who came up with the idea were given a promotion in February, 2024.
Information via TopiLaron, ten_forward, and fukuinpmedia
❤157👍28🤓9🔥7🫡6😁5🤔2🎉1🤩1
Hello,
We have 3 harddrives left in stock. Once the last 3 are purchased the cloning stage will begin.
- Each buyer gets a free duck (not a joke)
- My home is full of packing material (also not a joke)
- Buy them!!!!!11
https://www.vx-underwear.org/collections/vxug-collection
We have 3 harddrives left in stock. Once the last 3 are purchased the cloning stage will begin.
- Each buyer gets a free duck (not a joke)
- My home is full of packing material (also not a joke)
- Buy them!!!!!11
https://www.vx-underwear.org/collections/vxug-collection
vxunderground
VXUG HDD Collection
Contains a collection of malware source code, samples, and papers, all stored on a USB HDD.
🤯35🤣12❤7👍7🤓3😍2😇2🔥1
Hello,
We have a lot of super cool stuff happening behind the scenes. We think all of you will enjoy it.
In the meantime, please look at this random proof-of-concept images which totally aren't related to the vx-underground 5 year anniversary
We have a lot of super cool stuff happening behind the scenes. We think all of you will enjoy it.
In the meantime, please look at this random proof-of-concept images which totally aren't related to the vx-underground 5 year anniversary
🔥46❤🔥17😁6❤4😇2
Today Microsoft open-sourced MS-DOS 4.0.
You can check it out here: https://github.com/microsoft/MS-DOS
You can check it out here: https://github.com/microsoft/MS-DOS
GitHub
GitHub - microsoft/MS-DOS: The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes - microsoft/MS-DOS
🔥167👍18❤10👏8❤🔥6🤣6😁4🤓4
Hello, we hope everyone is enjoying their weekend so far. We've made some updates to the vx-underground malware sample collection. Additionally, we have papers in queue but they have not been addressed yet.
Samples and families added:
- Virussign.2024.04.19
- Virussign.2024.04.20
- Virussign.2024.04.21
- Virussign.2024.04.22
- Virussign.2024.04.23
- Virussign.2024.04.24
- Virussign.2024.04.26
- InTheWild.0121
- InTheWild.0120
- SmokeLoader
- STRRAT
- TriangleDB
- QuasarRAT
- SnakeKeylogger
- NewBotLoader
- PikaBot
- PlanetStealer
- NetSupportRAT
- NjRAT
- LummaStealer
- EvilAntRansomware
- DarkGateLoader
- BunnyLoader
- DoNexRansomware
Samples and families added:
- Virussign.2024.04.19
- Virussign.2024.04.20
- Virussign.2024.04.21
- Virussign.2024.04.22
- Virussign.2024.04.23
- Virussign.2024.04.24
- Virussign.2024.04.26
- InTheWild.0121
- InTheWild.0120
- SmokeLoader
- STRRAT
- TriangleDB
- QuasarRAT
- SnakeKeylogger
- NewBotLoader
- PikaBot
- PlanetStealer
- NetSupportRAT
- NjRAT
- LummaStealer
- EvilAntRansomware
- DarkGateLoader
- BunnyLoader
- DoNexRansomware
❤30😎8👍5🔥2🤓2🫡2