Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughly 8,500,000 computers across the globe β including computer operations regarded as critical infrastructure.
No date has been released yet when George Kurtz will testify.
United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.
Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.
Information via Reuters, The Associated Press, and The Washington Post
No date has been released yet when George Kurtz will testify.
United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.
Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.
Information via Reuters, The Associated Press, and The Washington Post
π€£43π€29π€6π5
vx-underground
Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughlyβ¦
This by far one of the largest oopsies in cybersecurity history. We can't recall a moment where a vendor caused this much damage... ever. We're aware of instances where updates corrupted something, but nothing on this scale.
They'll probably talk about this in history books.
They'll probably talk about this in history books.
π―70π10π’2π€£1
20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it.
The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing
The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing
π89π11π₯4π€£4π2π’1
vx-underground
20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it. The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way throughβ¦
There is a REAL WORLD CHANCE your shitty memes could be in a history book πππππ
π€£122π’8π€©8π₯°6π―4π2
When the CEO of CrowdStrike testifies before the United States Congress, do we host a watch party?
(everyone has to bring different snacks, like chips, soda, cheese dip, whatever)
(everyone has to bring different snacks, like chips, soda, cheese dip, whatever)
Anonymous Poll
73%
Yes
4%
No
23%
I'm not bringing snacks
β€42π9π3π«‘2π1
This media is not supported in your browser
VIEW IN TELEGRAM
Damn why they cookin us πππ
π€£234π₯13π₯°8π6π’5π4π3π―3β€2β€βπ₯1
Updates to vx-underground:
Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats
Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook
Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23
Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats
Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook
Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23
β€30π7β€βπ₯6π₯3π’1π1
Some media outlets are reporting a compromise (and leak) of Leidos β a large IT service provider for the United States Pentagon.
Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.
Β―\_(γ)_/Β―
Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.
Β―\_(γ)_/Β―
π€£72π₯7π4π―4π4π€3π’1
vx-underground
Some media outlets are reporting a compromise (and leak) of Leidos β a large IT service provider for the United States Pentagon. Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.β¦
EDIT: It was posted on Breached on Sunday. We don't internet on Sundays
π€£76π―17β€4π1
This media is not supported in your browser
VIEW IN TELEGRAM
π87π€£63π―15π€5β€4π3π€2π1π’1
Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired.
Their blog post highlights North Korean identity fraud techniques.
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
Their blog post highlights North Korean identity fraud techniques.
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
Knowbe4
How a North Korean Fake IT Worker Tried to Infiltrate Us
π€£67π₯7π±5π€3β€2π’1
vx-underground
Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired. Their blog post highlights North Korean identity fraud techniques. httβ¦
Unironically, in the past vx-underground members have had difficulties passing background checks because of the amount of information required β in-depth job history, birth certificate, other forms of government identification, etc.
Yet North Korea passes it first try ππππ
Yet North Korea passes it first try ππππ
π€£103π€―14π11β€4
Yesterday Dragos unveiled 'FrostyGoop' an ICS (Industrial Control System) malware suspected to be developed by Russia's infamous sandworm team.
FrostyGoop successfully shut off the electricity of 600 apartment buildings in the midst of sub-zero temperatures (sub -17C temperatures) in January, 2024. It took Ukrainian officials almost 2 days to restore electricity of individuals impacted by FrostyGoop.
Dragos successfully identified the payload April, 2024.
This is the 9th ICS specific malware in history. This sort of malware is exceptionally rare, exceptionally difficult to develop, exceptionally difficult to test, and exceptionally difficult to deploy.
We do not have any malware samples for this payload. If one of you have this malware sample and would be willing to donate it to us, please do.
Check out the intelligence brief here:
https://vx-underground.org/APTs/2024/2024.07.24%20-%20FrostyGoop%20Intel%20Brief
FrostyGoop successfully shut off the electricity of 600 apartment buildings in the midst of sub-zero temperatures (sub -17C temperatures) in January, 2024. It took Ukrainian officials almost 2 days to restore electricity of individuals impacted by FrostyGoop.
Dragos successfully identified the payload April, 2024.
This is the 9th ICS specific malware in history. This sort of malware is exceptionally rare, exceptionally difficult to develop, exceptionally difficult to test, and exceptionally difficult to deploy.
We do not have any malware samples for this payload. If one of you have this malware sample and would be willing to donate it to us, please do.
Check out the intelligence brief here:
https://vx-underground.org/APTs/2024/2024.07.24%20-%20FrostyGoop%20Intel%20Brief
π’58π±22π₯12π₯°7π7β€5π€―5π3π€3π1π«‘1
404media is reporting Reddit is blocking ALL search engine crawls EXCEPT Google β which is currently paying $60,000,000/year for the right to scrape Reddit for AI training data.
More information:
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/
More information:
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/
404 Media
Google Is the Only Search Engine That Works on Reddit Now Thanks to AI Deal
DuckDuckGo, Bing, Mojeek, and other search engines are not returning full Reddit results any more.
π€£120π’17π8π5π€―4π€2
vx-underground
404media is reporting Reddit is blocking ALL search engine crawls EXCEPT Google β which is currently paying $60,000,000/year for the right to scrape Reddit for AI training data. More information: https://www.404media.co/google-is-the-only-search-engine-thatβ¦
Google 1999: Don't be evil
Google 2024: Fuck you
Google 2024: Fuck you
π€£154π’22π―20β€6π₯5π3
As many of you (probably) know β the BreachedForum version 1. database was leaked yesterday. This database contains private messages, IP addresses, e-mail addresses, blah blah blah.
We've seen people express concern over this leak, notably some Threat Actors who believe this puts them in a bulls-eye for law enforcement.
Law enforcement agencies have had this data since Pompompurin was arrested in 2023. The only threat Threat Actors face now is the wrath, or retaliation, of other Threat Actors.
Law enforcement agencies are probably laughing right now, legs propped up on the desk, drinking coffee, and enjoying the fact that individuals they want apprehended are fighting others individuals they want apprehended.
tl;dr criminals destroying themselves
We've seen people express concern over this leak, notably some Threat Actors who believe this puts them in a bulls-eye for law enforcement.
Law enforcement agencies have had this data since Pompompurin was arrested in 2023. The only threat Threat Actors face now is the wrath, or retaliation, of other Threat Actors.
Law enforcement agencies are probably laughing right now, legs propped up on the desk, drinking coffee, and enjoying the fact that individuals they want apprehended are fighting others individuals they want apprehended.
tl;dr criminals destroying themselves
π76π€£29π±11π9π’9β€5π―5π₯3π3
Per TechCrunch / lorenzofb β CrowdStrike is offering a $10 Uber Eats giftcard to individuals impacted by the recent CrowdStrike outage.
$10 USD is β¬9.21 EURO or Β£7.75.
There is no indication if this is per customer, per company, or per computer. Additionally, some users reportedly received an error message from Uber Eats when trying to use the giftcard with Uber Eats displaying the error message: "[this giftcard] has been canceled by the issuing party and is no longer valid."
More information:
https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/
$10 USD is β¬9.21 EURO or Β£7.75.
There is no indication if this is per customer, per company, or per computer. Additionally, some users reportedly received an error message from Uber Eats when trying to use the giftcard with Uber Eats displaying the error message: "[this giftcard] has been canceled by the issuing party and is no longer valid."
More information:
https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/
TechCrunch
CrowdStrike offers a $10 apology gift card to say sorry for outage
Several people who received the CrowdStrike offer found that the gift card didn't work, while others got an error saying the voucher had been canceled.
π€£257π8β€6π―6π2π±2π’2
Regarding the recent so-called 'CrowdStrike' breach which was posted on BreachForum: this is not a data breach.
The individual responsible for the information ....disclosure, ...leak (?), operating under the moniker USDoD, openly states the data is scraped. Not sure why it's being labeled as a breach.
We briefly spoke with USDoD regarding it this afternoon. In summary, USDoD was able to programmatically abuse CrowdStrike endpoints to pull IOCs from CrowdStrike. The data pulled is proprietary, however this is the same information which is distributed to consumers.
According to USDoD scraping this data took quite a bit time (roughly a month), and the time the scrape operation completed it just so happened by chance to coincide with the recent CrowdStrike scandel β they've got bad luck it seems.
Photo courtesy of FalconFeedsio
The individual responsible for the information ....disclosure, ...leak (?), operating under the moniker USDoD, openly states the data is scraped. Not sure why it's being labeled as a breach.
We briefly spoke with USDoD regarding it this afternoon. In summary, USDoD was able to programmatically abuse CrowdStrike endpoints to pull IOCs from CrowdStrike. The data pulled is proprietary, however this is the same information which is distributed to consumers.
According to USDoD scraping this data took quite a bit time (roughly a month), and the time the scrape operation completed it just so happened by chance to coincide with the recent CrowdStrike scandel β they've got bad luck it seems.
Photo courtesy of FalconFeedsio
π69π€£26β€5β€βπ₯1π1