Thread: *** The Security News Thread ***

Originally Posted by Cujo

Originally Posted by Dragonfly

Originally Posted by Cujo

DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.

that's basic computer stuff, it's not my fault that you or harry are computer retards and need to follow scripts to understand computers

maybe you should get an education ?

By your definition most people are 'computer retards', so tone it down a bit for those ones.
Or is that below you?

what's your point ? like I said, get an education or some proper training, and not in a call center like that silly script bot of Harry

or maybe you are too lazy to learn, like 99% of the users

my point is educate yourself, it's not that difficult, and you have no excuse not to.

Look what happened when you don't and just parrot news bulletin, you end up like Harry in a call center working for Arabs in a desert

Originally Posted by Dragonfly

Originally Posted by Cujo

Originally Posted by Dragonfly

Originally Posted by Cujo

DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.

that's basic computer stuff, it's not my fault that you or harry are computer retards and need to follow scripts to understand computers

maybe you should get an education ?

By your definition most people are 'computer retards', so tone it down a bit for those ones.
Or is that below you?

what's your point ? like I said, get an education or some proper training, and not in a call center like that silly script bot of Harry

or maybe you are too lazy to learn, like 99% of the users

my point is educate yourself, it's not that difficult, and you have no excuse not to.

Look what happened when you don't and just parrot news bulletin, you end up like Harry in a call center working for Arabs in a desert

Why don't you take your own advice, you fat queer troll.

Just in case Mac users believe all that bollocks about them being safe...

The website of the HandBrake app has been compromised, and one of its download mirrors modified to host a version of the Proton RAT embedded in the app's Mac client.

HandBrake is a multi-platform transcoder, an app that helps users convert multimedia files from one format to another.

According to a security alert posted yesterday on the app's forum, an unknown attacker had compromised on of the website's download mirrors, located at download.handbrake.fr.

The miscreant(s) replaced the Mac version of the HandBrake client with his own version, which also contained Proton, a Remote Access Trojan for macOS.

The Proton RAT was first spotted in March when a crook put it up for sale on an underground hacking forum. The RAT can be used to steal data from infected devices, but also to allow attackers to connect via VNC or SSH to infected hosts.

https://www.bleepingcomputer.com/new...for-mac-users/

Originally Posted by harrybarracuda

Why don't you take your own advice, you fat queer troll.

that advice go for you too, love

Originally Posted by Dragonfly

Originally Posted by harrybarracuda

Why don't you take your own advice, you fat queer troll.

that advice go for you too, love

Must have missed this bit:

Don't worry about Buttplug, he's just a fat queer troll.

Anyone who takes advice from him is a fucking idiot.

I'll pass thanks, queer.

Originally Posted by harrybarracuda

Originally Posted by Dragonfly

Originally Posted by harrybarracuda

Why don't you take your own advice, you fat queer troll.

that advice go for you too, love

Must have missed this bit:

Don't worry about Buttplug, he's just a fat queer troll.

Anyone who takes advice from him is a fucking idiot.

I'll pass thanks, queer.

but you are a fucking idiot, regardless, so you might as well take it

can you write a single line of code, like "hello world" in C or even VBA you worthless fraud ?

Originally Posted by Dragonfly

Originally Posted by harrybarracuda

Originally Posted by Dragonfly

Originally Posted by harrybarracuda

Why don't you take your own advice, you fat queer troll.

that advice go for you too, love

Must have missed this bit:

Don't worry about Buttplug, he's just a fat queer troll.

Anyone who takes advice from him is a fucking idiot.

I'll pass thanks, queer.

but you are a fucking idiot, regardless, so you might as well take it

can you write a single line of code, like "hello world" in C or even VBA you worthless fraud ?

Which bit of "fuck off you fat queer troll" are you struggling with?

Originally Posted by harrybarracuda

Which bit of "fuck off you fat queer troll" are you struggling with?

Yes I love you too Harry

Originally Posted by Dragonfly

Originally Posted by harrybarracuda

Which bit of "fuck off you fat queer troll" are you struggling with?

Yes I love you too Harry

Really, I just think you're a fat queer troll. You should fuck off.

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

Originally Posted by harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

I've read that this consumes a great deal of memory and stuff.
You know all that energetic stuff that makes these electric computers work.
Is that the case?

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

I've read that this consumes a great deal of memory and stuff.
You know all that energetic stuff that makes these electric computers work.
Is that the case?

If it is, I haven't noticed it.

The service uses 40-50Mb of RAM, a small amount of Disk i/o and blips at <1% CPU.

Hardly a hog considering what it's saving you from.

Where did you read that? Was it an early release? It's now in version 2.2.7.0.

Originally Posted by harrybarracuda

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

I've read that this consumes a great deal of memory and stuff.
You know all that energetic stuff that makes these electric computers work.
Is that the case?

If it is, I haven't noticed it.

The service uses 40-50Mb of RAM, a small amount of Disk i/o and blips at <1% CPU.

Hardly a hog considering what it's saving you from.

Where did you read that? Was it an early release? It's now in version 2.2.7.0.

I just googled it and there were a few comments but it's worth noting that there were more comments in favour.
Anyway I've downloaded it and I thank you for the tip.

Cheers

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

I've read that this consumes a great deal of memory and stuff.
You know all that energetic stuff that makes these electric computers work.
Is that the case?

If it is, I haven't noticed it.

The service uses 40-50Mb of RAM, a small amount of Disk i/o and blips at <1% CPU.

Hardly a hog considering what it's saving you from.

Where did you read that? Was it an early release? It's now in version 2.2.7.0.

I just googled it and there were a few comments but it's worth noting that there were more comments in favour.
Anyway I've downloaded it and I thank you for the tip.

Cheers

You can always uninstall if you get different results to me.

BTW if you get a red exclamation mark on the icon in the system tray, that simply means it requires a reboot. It does that after upgrade, I'm not sure about installation.

Originally Posted by harrybarracuda

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

Originally Posted by crackerjack101

Originally Posted by harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

I've read that this consumes a great deal of memory and stuff.
You know all that energetic stuff that makes these electric computers work.
Is that the case?

If it is, I haven't noticed it.

The service uses 40-50Mb of RAM, a small amount of Disk i/o and blips at <1% CPU.

Hardly a hog considering what it's saving you from.

Where did you read that? Was it an early release? It's now in version 2.2.7.0.

I just googled it and there were a few comments but it's worth noting that there were more comments in favour.
Anyway I've downloaded it and I thank you for the tip.

Cheers

You can always uninstall if you get different results to me.

BTW if you get a red exclamation mark on the icon in the system tray, that simply means it requires a reboot. It does that after upgrade, I'm not sure about installation.

OK Cheers.

fuck, it doesn't work on XP

Harry where is the download link for the XP version ?

Originally Posted by Dragonfly

fuck, it doesn't work on XP

Harry where is the download link for the XP version ?

Sorry, this thread is in English, so you'll have to get a dictionary and scroll up.

Ooops.

Originally Posted by harrybarracuda

Ooops.

Yes, I laughed at that. It happened around the time they were saying LOS wasn't affected. LMFAO

I wonder if the BTS would be affected, with all those ads screen in the station, they all run on Vista or Win7

You have to wonder if Wikileaks actually want Assuange in jail...

WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight
WikiLeaks released user guides for CIA malware implants Assassin and AfterMidnight which target Windows PCs.
Credit: Michael Kan

The latest WikiLeaks release of CIA malware documentation was overshadowed by the WannaCry ransomware attack sweeping across the world on Friday.

WikiLeaks maintains that “Assassin” and “AfterMidnight” are two CIA “remote control and subversion malware systems” which target Windows. Both were created to spy on targets, send collected data back to the CIA and perform tasks specified by the CIA. Both are persistent and can be scheduled to autonomously uninstall on a specific date and time.

The leaked documents pertaining to the CIA malware frameworks included 2014 user’s guides for AfterMidnight, AlphaGremlin – an addon to AfterMidnight – and Assassin. When reading those, you learn about Gremlins, Octopus, The Gibson and other CIA-created systems and payloads.

AfterMidnight

WikiLeaks described AfterMidnight as allowing “operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of ‘Gremlins’ via a HTTPS based Listening Post (LP) system called ‘Octopus’.”

When describing AfterMidnight’s footprint, the CIA’s guide says that after the first reboot, the non-networking component runs as a DLL inside a process running as System. “The service is only loaded long enough to load Midnight Core before it stops. In this way there is nothing, no running service entry or loaded DLL, to show that AM is actually running.”

The “Gremlins” – small hidden payloads for the AfterMidnight implant – can be securely deleted by overwriting files in memory with zeros as in the spooks came, conquered and poofed without the target ever knowing he or she was a target.

The 68-page user’s guide for AfterMidnight explains how it works and should be deployed, its capabilities and even hints at what the author considers to be funny. At one point the following example was given:

This example will simulate an operation with two target computers. The goal will be to prevent one target from using their web browser (so that he can get more work done) and we’ll annoy the other target whenever they use PowerPoint (because, face it, they deserve it for using PP).

Under the heading of Advanced, 7.1.1 am.state, AfterMidnight users were warned with a note: “You can destroy everything in the universe by following these directions. User discretion is advised.”

That is followed up in the next section by kick back and relax as “AfterMidnight will take care of the rest.”

How old is AfterMidnight user’s guide?

The change log has three entries: May 2013, April 2014 and August 2014. DLLs will be in any versions of Windows, but for a timeline comparison, 2013 as when Microsoft released Windows 8.1 and RT 8.1. Windows 10 wasn’t released until July 2015.

AlphaGremlin

The special payload AlphaGremlin, which has 7 pages of documentation dated June 2014, is to be used in addition to the AfterMidnight tool suite for running extra customized tasks on the target’s Windows PC. Accompanying screenshots included in the AlphaGremlin v0.1.0 user’s guide appear to show Windows 7.

Assassin

In the 204-page Assassin v1.4 user’s guide, the CIA described Assassin as “an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. Assassin will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment.”

Like AfterMidnight, the Assassin malware framework allows the CIA to spy on and collect information from a target as well execute tasks. It can capture and return the user’s data and be securely wiped.

The Assassin implant, which can be configured to hibernate on a target’s system before going active, has four subsystems: Implant, Builder, Command and Control (C2) and Listening Post (LP). The Listening Post subsystem, which contains a beacon server, queue and log collector, enables the Assassin implant to communicate with the C2 via a web server. The CIA added, “The Assassin C2 and LP subsystems are referred to collectively as The Gibson.”

The “Grasshopper” user guide for installing payloads was not included in this leak, but referenced in the guide for Assassin as an installation utility to provide “soft persistence on Microsoft Windows targets.”

Sadly I didn’t fully grasp this portion, but when describing the Implant Pernicious ICE DLL, the CIA noted that the implant “meets the NSA Pernicious Ice specification.” The guide goes on to talk about FAF (Fire and Forget).

Under troubleshooting issues as well as upload queue, the CIA noted, “The Assassin implant will not store more than 16,384 files in the staging directory to prevent overflowing the limitations of the file system.” It also covered what to if a CIA operator wanted to run multiple Assassin implants on a target at the same time.

How old is the Assassin implant user’s guide?

The first entry on the changelog was in January 2012 and the last, updated for the Assassin 1.4 release, was dated June 2014.

The 21-page Assassin Training documentation, which ironically appears to be a PowerPoint presentation, has one section titled “Assassin Tasking for Fun and Profit.”

Microsoft blasted NSA and CIA for stockpiling vulnerabilities

While Microsoft’s President and Chief Legal Officer, Brad Smith, was talking about the WannaCry ransomware attack and not referring to the latest documentation of CIA malware implants, he blasted the CIA as well as the NSA in a blistering critique of why the government should not stockpile vulnerabilities and digital weapons.

The WannaCry attack, Smith wrote, “provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.” He added, “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Edward Snowden, who incidentally urged the US government to drop its investigation into Julian Assange and WikiLeaks, claimed that Microsoft confirming a NSA-developed exploit was used in the WannaCry attack was “extraordinary.”

Until this weekend's attack, Microsoft declined to officially confirm this, as US Gov refused to confirm or deny this was their exploit. https://t.co/i52jeJyD0l

— Edward Snowden (@Snowden) May 14, 2017

WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight | Computerworld

Shame they couldn't nick something decent...

In a report from The Hollywood Reporter and Deadline, Iger confirmed that an upcoming movie from Disney has been stolen by hackers who are seeking a huge payout to not release the movie. Unsurprisingly Disney has no interest in dealing or giving in to the hackers and according to Iger, the company has no plans to pay them and are working with the FBI to sort it out.
It was not revealed what movie the hackers might have stolen, but Deadline claims to have heard from their sources that the movie in question is the latest title in the Pirates of the Caribbean franchise. The hackers are saying that they will release bits of the movie should their demands not be met, so presumably unless the FBI can get the movie back in time, we should have confirmation pretty soon.

A Disney Movie Is Reportedly Being Held Hostage By Hackers | Ubergizmo

Nice bit of diversion then?

On Friday, May 12, attackers spread a massive ransomware attack worldwide using the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. EternalBlue, originally exposed on April 14 as part of the Shadow Brokers dump of NSA hacking tools, leverages a vulnerability (MS17-010) in Microsoft Server Message Block (SMB) on TCP port 445 to discover vulnerable computers on a network and laterally spread malicious payloads of the attacker’s choice. This particular attack also appeared to use an NSA backdoor called DoublePulsar to actually install the ransomware known as WannaCry.

Over the subsequent weekend, however, we discovered another very large-scale attack using both EternalBlue and DoublePulsar to install the cryptocurrency miner Adylkuzz. Initial statistics suggest that this attack may be larger in scale than WannaCry: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.

Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance. Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity. However, it should be noted that the Adylkuzz campaign significantly predates the WannaCry attack, beginning at least on May 2 and possibly as early as April 24. This attack is ongoing and, while less flashy than WannaCry, is nonetheless quite large and potentially quite disruptive.

In the course of researching the WannaCry campaign, we exposed a lab machine vulnerable to the EternalBlue attack. While we expected to see WannaCry, the lab machine was actually infected with an unexpected and less noisy guest: the cryptocurrency miner Adylkuzz. We repeated the operation several times with the same result: within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet.

https://www.proofpoint.com/us/threat...e-doublepulsar

UK Schedule 7 – Man Charged For Not Sharing Password

May 19, 2017

Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws.

A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty shitty.

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War On Terror).

On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.

“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”

Rabbani apparently committed the offense last November and was protecting some pretty heavy evidence it seems and he also been stopped under Schedule 7 many times.

This time it’s going to court and three months jail time is no joke.

If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.

Schedule 7 was controversial when it was first introduced by the Blair administration. Back then it was claimed by the Labour government that it would be used only in extreme terrorism cases, but since then has been used plenty of times – most notably to hold the partner of Glenn Greenwald over the leaking of the Snowden archives.

What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.

To be fair Cage does have a bit of a dodgy reputation for being terrorism apologists, so he does fit a certain profile that would explain the 20+ Schedule 7 stops.

And if he’s really carrying such sensitive data in the open on his laptop and phone he’s a bit of a n00b ain’t he?

https://www.darknet.org.uk/2017/05/u...ring-password/

The CIA has lots of ways to hack your router

New WikiLeaks docs reveal how spies rewrote firmware in the supply chain
by Russell Brandom@russellbrandom Jun 15, 2017, 5:20pm EDT

Routers sit at the front gate of nearly every network, offering total access and few security measures to prevent remote attacks. If you can compromise someone’s router, you’ve got a window into everything they’re doing online.

According to new documents published by WikiLeaks, the CIA has been building and maintaining a host of tools to do just that. This morning, the group published new documents describing a program called Cherry Blossom, which uses a modified version of a given router’s firmware to turn it into a surveillance tool. Once in place, Cherry Blossom lets a remote agent monitor the target’s internet traffic, scan for useful information like passwords, and even redirect the target to a desired website.

The document is part of a series of publications on CIA hacking tools, including previous modules targeting Apple products and Samsung Smart TVs. As with previous publications, the document dates to 2012, and it’s unclear how the programs have developed in the five years since.

The manual describes different versions of Cherry Blossom, each tailored to a specific brand and model of router. The pace of hardware upgrades seems to have made it arduous to support each model of router, but the document shows the most popular routers were accessible to Cherry Blossom.

“As of August 2012,” the manual reads, “CB-implanted firmwares can be built for roughly 25 different devices from 10 different manufacturers, including Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics.”

The manual also goes into detail on how CIA agents would typically install the modified firmware on a given device. “In typical operation,” another passage reads, “a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation.” The “supply-chain operation” likely refers to intercepting the device somewhere between the factory and the user, a common tactic in espionage operations. No public documents are available on the “Claymore tool” mentioned in the passage.

It’s unclear how widely the implant was used, although the manual generally refers to use against specific targets, rather than for mass surveillance. There’s also reason to believe the NSA was employing similar tactics. In 2015, The Intercept published documents obtained by Edward Snowden that detailed efforts by the UK’s GCHQ to exploit vulnerabilities in 13 models of Juniper firewalls.

https://www.theverge.com/2017/6/15/1...linksys-belkin