Julius Kivimäki, a member of Lizard Squad, has been arrested (again). He was previously arrested in 2015 on 50,000 counts of computer crimes

He has been arrested in France and is soon to be extradited to Finland for extorting a therapist center in 2020

Intel via RecordedFuture

The recently identified ESXiArgs ransomware group has infected hundreds of ESXi hosts across the globe with a CVE-2021-21974 spray-and-pray.

Numbers vary, but Shodan queries from various researchers show an est. 300 - 500 ransomed entities this weekend.

tl;dr TA like:

"VXUG gives a voice to Threat Actors"

"VXUG has sold out, they charge for access to the MWDB"

"VXUG tweets too many memes"

"VXUG swears too much in their tweets, its unprofessional"

"VXUG made a Threat Intel feed, they're helping White Hats"

We would like to offer our deepest condolences to all of our friends and colleagues in Turkey who have been affected by the recent 7.8 magnitude earthquake.

We've updated the vx-underground Windows malware paper collection

2023-01-23 - Exfiltrating data using Powershell and WAV files
2023-01-24 - Persistence via VSCode Profile Abuse
2023-02-03 - Windows Domain Controller NTDSUTIL activate instance abuse

https://www.vx-underground.org/windows.html

Turkey and Syria have been struck by 2 large earthquakes.

Thousands are suspected to be dead.

Thousands remain missing.

We encourage all individuals to donate to any humanitarian effort which can assist those affected by the earthquakes.

We have donated to Doctors w/o Borders.

Google has announced they are creating a competitor to ChatGPT named "Bard". This comes shortly after Microsoft unveiled it is integrating ChatGPT into their Microsoft Bing search engine.

https://www.cnbc.com/2023/02/06/google-announces-bard-ai-in-response-to-chatgpt.html

We've updated the vx-underground Windows malware paper collection

- 2021-05-12 - Breaking the WDAPT Rules with COM
- 2022-12-08 - Hooking System Calls in Windows 11 22H2 like Avast Antivirus
- 2023-02-06 - Diving Deeper Into Pre-created Computer Accounts

https://www.vx-underground.org/windows.html

On the Windows OS the data type BOOL is not the same as data type BOOLEAN

POV: You're at Microsoft and you describe a BOOL as having more than a TRUE/FALSE state ... or a BOOL as 0 or -1

If the function BindIoCompletionCallback fails you can use GetLastError to get extended information on why the function failed. The documentation states GetLastError will return an NTSTATUS error code and you should use RtlNtStatusToDosError to get the system error code.

???

mdyOzQThJn0TyX+LVlwEp8xdC+KiZb4dvJoJ4/U2FznS4AI7FI7L3ezZKUSxSGxeHXp4wsFPqWWKuVqgoUBdVxjBQy5hVFOa2GWTarURNoSwsPD4diuDf/N8l+vVhSnd4zQpMRMx/P43H2TOoJBQrUjtkjbsy3MbUBY+/baaDn4sAbK32Cr6RrngAghisvVukLwuA6uqxEbjW6cZRTtXfjKUvlzpPPqwBo9EnwPs/Y8=

yx6HByVP3gAxmF97cpf7uLTN9iaTyFe3sXjsLf+IbGYogJf4lHItWphTW98ZjRpnLmi9SUizL8jGWLlfUQhtP3ocBWOYQbfFzilxgAZzdg0usZvAb7WvlITSUsbn9E4Y4ffzh4sODejXmdsr8oIiDA==

We've updated the vx-underground Windows malware paper collection

- 2022-09-26 - Sacrificing Suspended Processes
- 2023-02-01 - Weird things I learned while writing an x86 emulator
- 2023-02-07 - Lets Make Some OneNote Phishing Attachments

https://www.vx-underground.org/windows.html

Exciting to see search engines implement ChatGPT, or something similar, into their products. It will be exciting receiving disinformation, propaganda, or advertisements from the highest bidders

The United States and United Kingdom have sanctioned Trickbot.

More information: https://home.treasury.gov/news/press-releases/jy1256

Reddit was breached February 5th - the threat actors were able to exfiltrate internal documents and source code. Reddit confirmed the attack was conducted via a spear-phish.

Reddit is currently doing an AMA regarding the incident:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/