A leader from Israel's Unit 8200 made an OPSEC mistake in a book published in 2021. The mistake resulted in media outlet TheGuardian unveiling his identity today.
https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse
https://www.theguardian.com/world/2024/apr/05/top-israeli-spy-chief-exposes-his-true-identity-in-online-security-lapse
the Guardian
Top Israeli spy chief exposes his true identity in online security lapse
Exclusive: Yossi Sariel unmasked as head of Unit 8200 and architect of AI strategy after book written under pen name reveals his Google account
π€£147π18β€7π6π€4π3π±3π―2π₯°1π1π€©1
Hello, how are you?
We are testing out an 'update' page which lists new additions. Please note there are no links to the files β you can search them yourself. However, this new listing allows you to look at new additions easier.
Have a nice day.
https://vx-underground.org/Update%20Notes
We are testing out an 'update' page which lists new additions. Please note there are no links to the files β you can search them yourself. However, this new listing allows you to look at new additions easier.
Have a nice day.
https://vx-underground.org/Update%20Notes
β€28π15π₯5π2π€1
Hello,
We've uploaded quite a few things to vx-underground, including roughly 12,000 new malware samples.
You can see the full list of additions here: https://vx-underground.org/Update%20Notes
We've uploaded quite a few things to vx-underground, including roughly 12,000 new malware samples.
You can see the full list of additions here: https://vx-underground.org/Update%20Notes
β€27π2π€2
We asked our friend Joseph Cox from 404 Media for an advanced copy of his new book "Dark Wire". He gave us an advanced copy, signed it, and asked "what's the password?" ππ
tl;dr he snuck into an FBI conference with a wig and fake mustache and got the inside scoop on stuff
tl;dr he snuck into an FBI conference with a wig and fake mustache and got the inside scoop on stuff
π₯110β€24π11π€10π5π4π€£3π1
vx-underground
We asked our friend Joseph Cox from 404 Media for an advanced copy of his new book "Dark Wire". He gave us an advanced copy, signed it, and asked "what's the password?" ππ tl;dr he snuck into an FBI conference with a wig and fake mustache and got the insideβ¦
(we haven't had a chance to read it, no idea if he wore a wig and fake mustache, but we sure hope he did)
(leaked image of Joseph sneaking into the conference)
(leaked image of Joseph sneaking into the conference)
π57π€£14π7π±7β€3π₯3π€1
Panera Bread got hit by ransomware.
"Panera Sip Club members were particularly frustrated because they could not take advantage of the unlimited drinks they had paid $14.99 per month for as part of their subscription."
https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/
"Panera Sip Club members were particularly frustrated because they could not take advantage of the unlimited drinks they had paid $14.99 per month for as part of their subscription."
https://www.bleepingcomputer.com/news/security/panera-bread-week-long-it-outage-caused-by-ransomware-attack/
BleepingComputer
Panera Bread week-long IT outage caused by ransomware attack
Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer.
π€£69β€6π2π1π€1
This media is not supported in your browser
VIEW IN TELEGRAM
"Our malware bypasses ALL EDRs! It is undetectable and silent"
The undetectable and silent malware:
The undetectable and silent malware:
π€£147π₯8β€5π4π3π2π€2π€©1
Want to get into Cyber Security?! π₯°
It's easy! π Here are our TOP 3 tips to land your dream job!
π ???
π ???
π Become CEO of Google
Follow us for more tips! π
It's easy! π Here are our TOP 3 tips to land your dream job!
π ???
π ???
π Become CEO of Google
Follow us for more tips! π
π€£182π€24β€16π11π―10π5π₯4π€3π±2π2π₯°1
Today we met a gentleman who shared with us tons of information on random places β including police departments.
He told us that in his spare time he enjoys watching police body cam footage for credential exposure
He told us that in his spare time he enjoys watching police body cam footage for credential exposure
π€£124π€―17β€16π8π€5π1
vx-underground
Today we met a gentleman who shared with us tons of information on random places β including police departments. He told us that in his spare time he enjoys watching police body cam footage for credential exposure
For example, based on his understanding of hundreds or possibly thousands of police body cam footage, he has learned that Walmart employee usernames are in the format of username.store_number
π€£108π₯20π€―13π€9π€6β€5π1π€1π«‘1
Earlier today (or yesterday depending on where you live) RansomHub ransomware group listed Change Healthcare β an organization which was previously ransomed by ALPHV ransomware group.
If you're not familiar with the ... 'lore' ..., it should probably be noted that Change Healthcare did pay (although they deny it, but transaction details discovered by researchers indicate otherwise) and upon receiving roughly $22,000,000 from Change Healthcare ALPHV administration pulled an exit scam.
Under normal circumstances ALPHV administration group receives roughly 20% of the ransom payment (depending on various factors) and the remaining 80% of the ransom money goes to the person (or persons) responsible for deploying the ransomware on the victim organization. When ALPHV received $22,000,000 they did not pay the affiliate their 80% cut. They just left.
This left many researchers wondering: what happened to the data? Will Change Healthcare be extorted again?
Well now, assuming RansomHub is telling the truth, we know the answer. Besides listing Change Healthcare on their site, they also briefly explained that they now have the Change Healthcare data, so they're extorting Change Healthcare again.
However, it is not clear if RansomHub is a rebrand of ALPHV ransomware group, the affiliate at ALPHV is moving to RansomHub, or if this is a scam by RansomHub ransomware group trying to intimidate Change Healthcare into paying again.
We have not investigated the current Change Healthcare listing on RansomHub's website to indicate if this is a scam.
If we had to guess, we would guess the ransomware affiliate from ALPHV simply moved over to RansomHub and want to collect their approx. $17,600,000 they believed they're due.
Β―\_(γ)_/Β―
Special thanks to Dominic Alvieri for sharing the RansomHub explanation post with us.
If you're not familiar with the ... 'lore' ..., it should probably be noted that Change Healthcare did pay (although they deny it, but transaction details discovered by researchers indicate otherwise) and upon receiving roughly $22,000,000 from Change Healthcare ALPHV administration pulled an exit scam.
Under normal circumstances ALPHV administration group receives roughly 20% of the ransom payment (depending on various factors) and the remaining 80% of the ransom money goes to the person (or persons) responsible for deploying the ransomware on the victim organization. When ALPHV received $22,000,000 they did not pay the affiliate their 80% cut. They just left.
This left many researchers wondering: what happened to the data? Will Change Healthcare be extorted again?
Well now, assuming RansomHub is telling the truth, we know the answer. Besides listing Change Healthcare on their site, they also briefly explained that they now have the Change Healthcare data, so they're extorting Change Healthcare again.
However, it is not clear if RansomHub is a rebrand of ALPHV ransomware group, the affiliate at ALPHV is moving to RansomHub, or if this is a scam by RansomHub ransomware group trying to intimidate Change Healthcare into paying again.
We have not investigated the current Change Healthcare listing on RansomHub's website to indicate if this is a scam.
If we had to guess, we would guess the ransomware affiliate from ALPHV simply moved over to RansomHub and want to collect their approx. $17,600,000 they believed they're due.
Β―\_(γ)_/Β―
Special thanks to Dominic Alvieri for sharing the RansomHub explanation post with us.
π38π€11π’7β€5π5
Security researcher Jonas Lyk has found a DoS vulnerability in Discord.
If you try to paste the string "https://./\<#0>: ://./<#0>" into Discord it will crash
Β―\_(γ)_/Β―
If you try to paste the string "https://./\<#0>: ://./<#0>" into Discord it will crash
Β―\_(γ)_/Β―
π56π±24π16π8β€3π€£2π1
Sugargoo, a competitor to PandaBuy, has allegedly been compromised. Individuals operating under the monikers "IntelBroker" and "Sanggiero" are claiming responsibility for the breach.
- The data they claim to have exfiltrated is primarily user activity and settings. However, the data does include the users email address. The data stolen is not nearly as severe as the PandaBuy breach
- The data has not been made public. The individuals responsible for the breach are trying to sell the data.
- IntelBroker and Sanggiero are the same individuals who compromised PandaBuy
- In a twist of fate, the breach was mostly unnoticed until Sugargoo administrators began timing-out people from their Discord who questioned staff members on the breach. This resulted in more people discussing the issue.
Thank you, Faderz for sharing the screenshot with us as proof.
- The data they claim to have exfiltrated is primarily user activity and settings. However, the data does include the users email address. The data stolen is not nearly as severe as the PandaBuy breach
- The data has not been made public. The individuals responsible for the breach are trying to sell the data.
- IntelBroker and Sanggiero are the same individuals who compromised PandaBuy
- In a twist of fate, the breach was mostly unnoticed until Sugargoo administrators began timing-out people from their Discord who questioned staff members on the breach. This resulted in more people discussing the issue.
Thank you, Faderz for sharing the screenshot with us as proof.
π€£44π7β€1π€―1
vx-underground
Sugargoo, a competitor to PandaBuy, has allegedly been compromised. Individuals operating under the monikers "IntelBroker" and "Sanggiero" are claiming responsibility for the breach. - The data they claim to have exfiltrated is primarily user activity andβ¦
tl;dr if your company has allegedly been compromised, do not start banning, or timing out people, who are asking questions about it. It only fuels the fire and makes the questioning and rumors more ferocious.
π«‘41π9β€5π€£1
Good morning, afternoon, or night.
Today we mailed out the remaining vx-underground collection harddrives. It was sent to 6 people.
To those people: during packaging we discovered some sort of mysterious goo on the harddrive boxes. We do not know what it is. It is mysterious.
Today we mailed out the remaining vx-underground collection harddrives. It was sent to 6 people.
To those people: during packaging we discovered some sort of mysterious goo on the harddrive boxes. We do not know what it is. It is mysterious.
π€62π€£36β€13π3π1π1