yx6HByVP3gAxmF97cpf7uLTN9iaTyFe3sXjsLf+IbGYogJf4lHItWphTW98ZjRpnLmi9SUizL8jGWLlfUQhtP3ocBWOYQbfFzilxgAZzdg0usZvAb7WvlITSUsbn9E4Y4ffzh4sODejXmdsr8oIiDA==

We've updated the vx-underground Windows malware paper collection

- 2022-09-26 - Sacrificing Suspended Processes
- 2023-02-01 - Weird things I learned while writing an x86 emulator
- 2023-02-07 - Lets Make Some OneNote Phishing Attachments

https://www.vx-underground.org/windows.html

Exciting to see search engines implement ChatGPT, or something similar, into their products. It will be exciting receiving disinformation, propaganda, or advertisements from the highest bidders

The United States and United Kingdom have sanctioned Trickbot.

More information: https://home.treasury.gov/news/press-releases/jy1256

Reddit was breached February 5th - the threat actors were able to exfiltrate internal documents and source code. Reddit confirmed the attack was conducted via a spear-phish.

Reddit is currently doing an AMA regarding the incident:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

We would like to advise companies, of any size or demographic, to not hold public "AMAs" following a breach. The questions and comments presented by users on Reddit are ... interesting... posing questions such as "Why didn't the employee use a password manager?"

Modern day cyber security explained featuring:

- Reddit
- Microsoft (Bing)
- Rockstar Games
- NVIDIA
- Okta
- Uber
- Ubisoft
- Samsung
- Riot Games

We've updated the vx-underground paper collection

- 2022-10-22 - WAM BAM - Recovering Web Tokens From Office
- 2023-02-09 - Transitioning from UM to KM - Extravagant Prick
- 2023-02-10 - Forensic Log-Based Detection of Keystroke Injection BadUSB Attacks

https://www.vx-underground.org/

February 8th Avast announced the discovery of a Threat Actor targeting users through DOTA2.

DOTA contained an outdated build of V8 which the Threat Actor exploited through malicious game mods. V8 was not sandboxed.

Incredible read here: https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

The Windows OS needs to stop forcing updates on users before this man implodes like a dying sun

*Warning: extremely loud, swearing. Don't wanna blow your ear drums:)

The government of Oakland, California, has been hit by ransomware.

Bravo for the full disclosure and not saying this is a "cyber incident".

https://twitter.com/Oakland/status/1624142546946633729

We've updated the vx-underground malware sample collection.

- Virusshare 0458, Virusshare0459
- 80,000+ unique samples
- All named using Kaspersky naming convention

Check it out here: https://samples.vx-underground.org/samples/Blocks/

Twitter administration have determined making access to the Twitter API exclusively an enterprise privilege to be ... not ideal.

They have implemented free and limited usage which will suffice for our RansomwareNews bot.

tl;dr RansomwareNews bot not going anywhere.

https://twitter.com/RansomwareNews

We've updated the vx-underground Windows malware paper collection. The latest additions demostrate the following:

- Unhooking NTDLL from Disk
- Unhooking NTDLL from KnownDlls
- Unhooking NTDLL from Remote Server
- Unhooking NTDLL from Suspended Process

https://www.vx-underground.org/

Ransomware but instead of encrypting files and extorting your company, it makes you watch corporate compliance training videos on repeat

Microsoft in 2023: Windows 11 will allow tabs in the Windows Explorer!

Microsoft in 1995:

The Israel Institute of Technology was hit by ransomware this morning.

- DarkBit ransomware (???)
- Ransom note is political
- Attackers want $1,700,000+ (80 BTC)
- Ransom note is written using an English translator

Image courtesy of CyberIL

We've made some improvements to The Old New Thing archive. All papers from Raymond Chen are organized by year, month, and now date.

Thanks _BradleyVX for the additions

Check it out here: https://www.vx-underground.org/the_old_new_thing.html