Today on the Microsoft blog the Vice President of Windows and Devices, Pavan Davuluri, released new information & updates on Microsoft Recall citing that they 'have heard feedback' on Microsoft Recall and have decided to make some changes to how it operates.

- You can now choose whether or not you want Recall active during installation. It is no longer active by default

- "Windows Hello" enrollment is now required to enable Recall. A "proof-of-presence" is required to view and search Recall

- Recall is now implementing additional layers of protection – it is decrypted in-real-time with Windows Hello Enhanced Sign-in Security (ESS). Data is only decrypted when a user authenticates it. Search index is all encrypted.

They've also introduced more management features of administrators of corporate or enterprise environments.

Thanks to CyberCakeX for sharing this with us.

More information: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

Today cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub.

* Reposted for issue correction
* Initially attributed discovery to wrong person

Video shared from yacineMTB

Today following the CSS injection discovered by cloud11665, internet nerds also discovered you can do CSS injection on the issues tab.

The attached link is defanged. Someone did a CSS injection on a raised issue, which resulted in the issue being essentially hijacked. When the link is clicked it quickly flashes in black & white a Discord invitation link.

This could potentially pose an issue to individuals who suffer from epilepsy.

Link if you're curious what it looks like:

hxxps://github.com/tukaani-project/xz/issues/92

GitHub employees chasing down the nerds who turned their website into nothing but anime, IP grabbers, thread hijacks, and goatse spam... on a Friday night 😂😂😂

GitHub has ruined Christmas. The CSS injection has been patched.

GitHub CEO Thomas Dohmke realizing if they charged $9.99/month for customizable CSS on GitHub profiles their profit margins would go up %2000

The GitHub CSS Injection which was patched a few hours ago has already been bypassed.

Internet nerds are returning with wrath as they resume anime backgrounds and anime banners

We were asked not to show the bypass code to 340,000 people so it's not patched instantly ¯\_(ツ)_/¯

Leaked footage of Internet Degenerates and GitHub employees at the Battle of Anime Backgrounds (2024, colorized)

The aftermath of Internet Degenerates vs. GitHub employees at the Battle of Anime Backgrounds.

Photo taken the 8th of June, 2024. Respect to all the anime photos lost in the battle 🙏

After over 5 years of work, we believe vx-underground is now approaching "maintenance mode" — our work will primarily be keeping content up to date.

tl;dr 1,825 days of work

Hello, we hope all of you had a good week and weekend

Today is the day of rest. We'll see you Monday

Also, to clear up some confusion, we are still going to work on vx-underground, the post about 5 years of work was regarding older material

tl;dr got lots of stuff, feels good

We've received a lot of messages today regarding Lockbit ransomware groups Telegram.

We've been in contact with Lockbit ransomware group and several of their affiliates and subgroups since 2019. Lockbit ransomware group does not have a Telegram.

Lockbit is so paranoid he uses his own onion-based file sharing service. He thinks Telegram, Twitter, virtually all social media, is controlled by governments and refuses to use them.

Also, the account some of you send us named FbiSupp is not the real FBI. We have no idea what or who this account is — but the real FBI Telegram accounts are listed on the United States Department of Justice and Justice for Rewards (operated by the United States Department of State) website. These are imposters.

tl;dr being scammed by fake FBI because ??? and scammed by fake Lockbit because ???

ShinyHunters, the group (person?) responsible for administrating Breached has disappeared. Breached is offline on both clearnet and Tor

Additionally, Shiny's Telegram and Telegram Channel have been deleted

People are speculating they've been arrested

¯\_(ツ)_/¯

The only thing we know for sure is that it's Sunday. We dislike when things happen on Sunday

>:(

Meanwhile in the non-cyber security world: graphic design nerds are foaming out the mouth as Adobe slip steams 'your work is now ours' into their agreement checkbox (that you probably don't read)

tl;dr they own whatever you make in their software

David Fincher's 1999 cult-classic 'Fight Club', based on the novel written by Charles Palahniuk, has a scene which philosophically reminds us of what we witness every single day in the cyber-ecosystem

Updates to vx-underground:

Samples:
VirusSign.2024.06.02
VirusSign.2024.06.03
VirusSign.2024.06.04
VirusSign.2024.06.05
VirusSign.2024.06.06
VirusSign.2024.06.07
VirusSign.2024.06.08
VirusSign.2024.06.09

Papers:
- 2024-05-10 - Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
- 2024-05-14 - Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
- 2024-05-14 - QakBot attacks with Windows zero-day (CVE-2024-30051)
- 2024-05-15 - Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia
- 2024-05-15 - Black Basta overview and detection rules
- 2024-05-15 - Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
- 2024-05-15 - To the Moon and back(doors)- Lunar landing in diplomatic missions
- 2024-05-16 - Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
- 2024-05-16 - Springtail: New Linux Backdoor Added to Toolkit
- 2024-05-20 - Tiny BackDoor Goes Undetected: Suspected Turla leveraging MSBuild to Evade detection
- 2024-05-21 - Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign

Cybersecurity Among Us sponsored by keepitcloaked this Wednesday, 7 PM EST with h313n_0f_t0r repping vx-underground! We will be unable to stream it ourselves that day, so please enjoy by tuning in to your favorite participating streamer.