Posts by threatresearch@infosec.exchange
(DIR) Post #AQZkUcdBtrwbZWtUci by threatresearch@infosec.exchange
2022-12-13T19:04:53Z
0 likes, 0 repeats
I want to give a shoutout to #Microsoft who took our report seriously and busted ass to get the work done that will prevent these kernel-mode drivers from continuing to load in Windows computers, after they install today's Patch Tuesday (2022-12) update. This is their advisory.https://msrc.microsoft.com/update-guide/vulnerability/ADV220005At the time we were working on this, @SophosXOps didn't know that both #Mandiant and #SentinelOne were also working on the same things, from different angles. We found out this morning that they also published blog posts about this discovery. We're all on the same team here, fighting cybercriminals, so I'm grateful that we all stumbled upon the same thing in roughly the same timeframe and that we all engaged in an ethical notification process, helping Microsoft protect everyone, everywhere, from these threats. Good job, all. These companies have an amazing reputation.Here are their blogs as well.https://www.mandiant.com/resources/blog/hunting-attestation-signed-malwarehttps://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
(DIR) Post #AQZkUeFVssC0afpbzk by threatresearch@infosec.exchange
2022-12-13T19:10:54Z
0 likes, 0 repeats
Q&A from https://haqueers.com/@Rairii/109507917782602234> what's the OEM who signed this driver through MS?Here's that info, I think. The IOCs for files related to this story are on Github at https://github.com/sophoslabs/IoCs/blob/master/Troj_Agent-BJJB.csv
(DIR) Post #AQZkUfdeib6Atq8PGS by threatresearch@infosec.exchange
2022-12-13T19:18:58Z
0 likes, 0 repeats
Q&A from @SwiftOnSecurity https://infosec.exchange/@SwiftOnSecurity/109507911749697432(Similar question from @malwareinfosec)>Could you post a pastebin of all the targeted program names?Good idea! Here's the list in Pastebin. This file is already on VirusTotal as well.https://pastebin.com/v8SwWdFuhttps://www.virustotal.com/gui/file/0460be53c17c6a244b6758b081a77f8ed1d5756ffca1e21d6852b18cede17cc6/content
(DIR) Post #AQZkUh4HP5zPKhbBOy by threatresearch@infosec.exchange
2022-12-13T19:36:53Z
0 likes, 0 repeats
@SwiftOnSecurity also wanted to point out this page, linked from Microsoft's advisory, which gives instructions about how to implement driver limiting rules on Windows 10/11 machines, in case you haven't seen it https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
(DIR) Post #AQdufBN9MczCOEuAkK by threatresearch@infosec.exchange
2022-12-15T19:28:55Z
0 likes, 2 repeats
Just before the invasion, #Ukraine made a deal with #Amazon #AWS to create a data warehouse for its government information and infrastructure: tax and property records, bank statements, and the like. Things that an invaded and occupied Ukraine might lose if Russia got their hands on the only copies.They literally snuck Pelican crates full of SSDs into the country and spirited them back offshore after backing up 10 petabytes of important historic and legal records.This paragraph, second from the end, really put a fine point on why Amazon did this: They were not beholden to, nor being held hostage by, any Russian operations...because they never had any:Amazon didn’t have to worry about its relationship with Russia on the Snowball project. It doesn’t have one. “We didn’t have anything to turn off there,” Maxwell said. “We had never invested there. It’s a point of principle.”Truly an amazing story from the #LATimes.https://www.latimes.com/business/story/2022-12-15/amazon-ukraine-war-cloud-data
(DIR) Post #ATW1A84vBI4jiO3qKm by threatresearch@infosec.exchange
2023-03-10T23:07:30Z
0 likes, 1 repeats
tl;dr: Don't buy SSDs from Amazon. They sell counterfeit goods and have a too-short return policy. Bought a brand-new Western Digital NVMe SSD hard drive from Amazon in January to replace one that was failing, and received it right away. It has been causing me nothing but trouble - randomly it just stops responding, causing bluescreens and general failures constantly - but it only had a 30-day return window.So I went to Western Digital's website today to register the serial number and set up an RMA for the product and - could you imagine my surprise? - the serial number printed on the SSD is a counterfeit, tied to a real item but from a completely different product line.It doesn't even look like the product shown on the box, or the other WD NVMe SSDs that I own.On the phone with support now - they are issuing a refund even though this is outside of the return window. Never buying storage from Amazon ever again. They are not a reliable vendor. This came not from a third party seller but out of their own warehouse sold "by" Amazon.EDIT: Apparently the small-sticker version looks like what they shipped to PC Mag for a review. I still say this is a counterfeit device, based on the serial number/product mismatch, but it does, in fact, look like the one posted to https://www.pcmag.com/reviews/wd-black-sn770-nvme-ssd
(DIR) Post #ATv7D0sikpTP3k9Q6i by threatresearch@infosec.exchange
2023-03-23T21:52:32Z
0 likes, 0 repeats
@alex Good job. Don't get me started on the harm caused by Niantic having terrible data privacy policies.
(DIR) Post #AW5pPDvJHtoBLSfAgK by threatresearch@infosec.exchange
2023-05-26T21:08:27Z
0 likes, 1 repeats
Last fall, after leaving Twitter for good, I took advantage of a service called Semiphemeral to download my Twitter archive and delete the whole damn thing, while maintaining a now-empty account.It took days, but it felt so good.Welp, I guess that was just a cruel joke. Not by @micahflee but by the goon squad who now apparently run that hellsite. Apparently I am one of those people whose tweet archive was mysteriously restored in the past week.https://www.theverge.com/2023/5/22/23732497/twitter-bug-restoring-deleted-tweets-retweets
(DIR) Post #AWcnMUKRuWG5WIjh9k by threatresearch@infosec.exchange
2023-06-12T18:09:31Z
0 likes, 1 repeats
A hospital in Illinois will close as a result of the after-effects of a #ransomware attack in 2021. The attack prevented the hospital from doing timely billing and contributed to its financial failure. Locals will now have to travel more than 30 minutes for emergency care at the nearest hospital.https://www.nbcnews.com/tech/security/illinois-hospital-links-closure-ransomware-attack-rcna85983
(DIR) Post #AZCcErEelTv8pMJQNU by threatresearch@infosec.exchange
2023-08-28T21:09:53Z
0 likes, 1 repeats
I'd really like to know why some of the most important and influential #infosec conferences have decided that it's totally a-OK to host their event in the kingdom of Saudi Arabia, whose leader personally ordered his security staff to detain, and torture to death a US-based reporter who exposed corruption in the kingdom.If you feel strongly that the #infosec industry should stand by its principles, demand that Informa PLC end the practice of hosting #BlackHat in Saudi Arabia.
(DIR) Post #Ac2SRbyf9ow9vu2NTE by threatresearch@infosec.exchange
2023-11-21T17:50:43Z
0 likes, 0 repeats
@sj ah yes, the "too shitty to fail" pipeline
(DIR) Post #Ac4eZxTYhMwogw9fW4 by threatresearch@infosec.exchange
2023-11-22T07:22:48Z
0 likes, 0 repeats
Happy travels, everyone 😬 https://www.vice.com/en/article/m7bk3v/commercial-flights-are-experiencing-unthinkable-gps-attacks-and-nobody-knows-what-to-do
(DIR) Post #AcIsQzdPQBZ8LtowHw by threatresearch@infosec.exchange
2023-11-29T15:57:12Z
0 likes, 0 repeats
@sj you're not my generative AI manager!
(DIR) Post #Ad1ZWDDq8p2Odfvwwa by threatresearch@infosec.exchange
2023-12-19T12:08:20Z
0 likes, 1 repeats
If you work for any size of #hotel, beware of the weird email requests for assistance or complaints that include a link to a password protected zip or rar archive.You are being targeted with #malwarehttps://news.sophos.com/en-us/2023/12/19/inhospitality-malspam-campaign-targets-hotel-industry/#travel #hospitality #inhospitable #hotels #holiday
(DIR) Post #Ad7iHVppW4u1u5tDnM by threatresearch@infosec.exchange
2023-12-24T02:12:00Z
0 likes, 1 repeats
Scotch eggs ✅ achievement unlocked 🔓
(DIR) Post #AoBelJ1CrqbCsaxxKK by threatresearch@infosec.exchange
2024-11-18T23:45:49Z
0 likes, 0 repeats
So I created an account on BlueSky.Followed ZERO people. Unfollowed the automatic bsky account. Did not like or repost anything. So the algorithm knows nothing about me.Spent the first 30 minutes reading five posts, scrolling down, and seeing a flood of angry, trolly buttholes just spewing verbal feces in every direction about their god emperor and how 'he's going to teach you cucks a lesson' - you know, the complete expected, bot-driven algorithmic hate speech drivel from the firstname-bunchanumbers crowd.Funny, I never had that experience on Mastodon. It has been great so far, never going back to the Bad Place, and I have absolutely no desire to get back into that mess or this new one. I only created the account there to reserve the username.I guess moderation at BlueSky is still in beta.
(DIR) Post #AoMuAd9KnG7ybcrQbA by threatresearch@infosec.exchange
2024-11-22T20:48:46Z
0 likes, 0 repeats
I approve this message.https://www.cpr.org/2024/11/21/boulder-explicit-traffic-safety-signs/#boulder
(DIR) Post #At3rPLBBKUf4whBxUu by threatresearch@infosec.exchange
2025-04-13T21:45:17Z
0 likes, 1 repeats
This is civil infrastructure disobedience, and I appreciate the level of technical skill employed to pull this off. https://www.paloaltoonline.com/technology/2025/04/12/silicon-valley-crosswalk-buttons-apparently-hacked-to-imitate-musk-zuckerberg-voices/
(DIR) Post #Au7bvWwvQp7SdOqi7U by threatresearch@infosec.exchange
2025-05-15T14:34:26Z
1 likes, 0 repeats
What a time to be alive, amid a technological renaissance, a breakthrough in human and machine knowledge collaboration to bring us to a greater plane of existence.(Maybe I should have written 'flame of existence')(hat tip to https://transfem.social/notes/a7t06xoc1jrv5ixz)#AI #AIslop #sarcasm #Google #Gemini #StopForcingAIIntoEverything
(DIR) Post #AvZEYrBRrQPRwBRssy by threatresearch@infosec.exchange
2025-06-27T20:39:12Z
0 likes, 1 repeats
Buttons, has nobody told you that you shouldn't try to eat anything larger than several times the volume of your entire body?#Rats #RatsOfMastodon #PetRat