StragintDo Not GiftAlways DeclinesRegistered Userregular
Since Thursday I've gotten a spam email, 4 total at this point saying the sender got malware on my system and they have access to everything on my network and took video of me without me knowing and I have 48 hours to send bit coin or they send the video to everyone on ny contact list.
Do I keep getting these because my email is on the dark web or should I actually be concerned?
PSN: Reaper_Stragint, Steam: DoublePitstoChesty
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
Since Thursday I've gotten a spam email, 4 total at this point saying the sender got malware on my system and they have access to everything on my network and took video of me without me knowing and I have 48 hours to send bit coin or they send the video to everyone on ny contact list.
Do I keep getting these because my email is on the dark web or should I actually be concerned?
I've gotten these before some years back. It's just a phishing spam template they robocall with.
+5
Options
StragintDo Not GiftAlways DeclinesRegistered Userregular
Since Thursday I've gotten a spam email, 4 total at this point saying the sender got malware on my system and they have access to everything on my network and took video of me without me knowing and I have 48 hours to send bit coin or they send the video to everyone on ny contact list.
Do I keep getting these because my email is on the dark web or should I actually be concerned?
I've gotten these before some years back. It's just a phishing spam template they robocall with.
Cool, thank you. I wasn't sure if it was a phishing attempt or not since there was no link or attachment to it. I will go ahead and ignore these spam emails.
PSN: Reaper_Stragint, Steam: DoublePitstoChesty
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
Since Thursday I've gotten a spam email, 4 total at this point saying the sender got malware on my system and they have access to everything on my network and took video of me without me knowing and I have 48 hours to send bit coin or they send the video to everyone on ny contact list.
Do I keep getting these because my email is on the dark web or should I actually be concerned?
I've gotten these before some years back. It's just a phishing spam template they robocall with.
Cool, thank you. I wasn't sure if it was a phishing attempt or not since there was no link or attachment to it. I will go ahead and ignore these spam emails.
They may also do things like including your username to something, or a password you use(d). Still phishing, but in this case make sure to change your password wherever that one was used :P
Since Thursday I've gotten a spam email, 4 total at this point saying the sender got malware on my system and they have access to everything on my network and took video of me without me knowing and I have 48 hours to send bit coin or they send the video to everyone on ny contact list.
Do I keep getting these because my email is on the dark web or should I actually be concerned?
I've gotten these before some years back. It's just a phishing spam template they robocall with.
Cool, thank you. I wasn't sure if it was a phishing attempt or not since there was no link or attachment to it. I will go ahead and ignore these spam emails.
I don’t think it’s technically phishing; if it’s the sort we used to get reported to us a couple years ago, it has a bitcoin wallet ID and a vague threat to expose your porn habits to everyone you know, or something like that? In that case it’s good old fashioned blackmail and no less illegal for being mediated electronically.
but yeah those get fired off by spambots in massive waves for the 1:10000 chance of someone gullible biting based off of the tiny amount of info they do have from ancient email lists floating around the dark web
+3
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I got one that, instead of threatening to release my porn habits, said that it would release naked webcam pics of me. Which like.. sure I don't have a webcam, but also that's not the threat you think it is. I'm well past caring if some moron on the internet sees me naked in my office, but they're definitely not going to like the view.
I got one that, instead of threatening to release my porn habits, said that it would release naked webcam pics of me. Which like.. sure I don't have a webcam, but also that's not the threat you think it is. I'm well past caring if some moron on the internet sees me naked in my office, but they're definitely not going to like the view.
Don't sell yourself short, have confidence. I'm sure you cut a dead sexy figure in nothing but a Geek Squad shirt.
No matter where you go...there you are. ~ Buckaroo Banzai
The one time one of those things managed to successfully freak me out was they knew my middle name. As far as I can remember I've never used my middle name for anything online so I panicked thinking someone was stalking me.
But apathy won out and I still didn't respond to their demands. Turned out their threats were just as empty as all the others! Go figure.
DisruptedCapitalist on
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I got one that, instead of threatening to release my porn habits, said that it would release naked webcam pics of me. Which like.. sure I don't have a webcam, but also that's not the threat you think it is. I'm well past caring if some moron on the internet sees me naked in my office, but they're definitely not going to like the view.
Don't sell yourself short, have confidence. I'm sure you cut a dead sexy figure in nothing but a Geek Squad shirt.
I wear the button down grey shirt still. They tried to get me switched to the polo but I told them in no uncertain terms that fat guys don't wear polos.
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Oh boy.
If you've been following the security news as of late, you're probably aware of the recent high-profile breaches of major tech companies like Samsung, Ubisoft, Nvidia, and even Microsoft.
The breaches have all been carried out by hacking group Lapsus$, who have been steadily releasing sensitive documents and proprietary source code in the wake of their attacks.
Most people have been puzzling over how this may have come to pass, as that's a LOT of high profile targets for a single group to hit, in such a short period of time.
Okta, an authentication company used by thousands of organizations around the world, says it’s investigating news of a potential breach, Reuters reports. The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
Any hack of Okta could have major ramifications for the companies, universities, and government agencies that depend upon Okta to authenticate user access to internal systems.
Writing in its Telegram channel, Lapsus$ claims to have had “Superuser/Admin” access to Okta’s systems for two months, but said its focus was “only on Okta customers.” The Wall Street Journal notes that in a recent filing Okta said it had over 15,000 customers around the world. It lists the likes of Peloton, Sonos, T-Mobile, and the FCC as customers on its website.
With Super User access to Okta, and for months now, Lapsus$ could just about do whatever they'd want in any of those systems.
So I'm pretty sure I have a virus on my home PC. What's the protocol on removing it nowadays? Just purge and restart? How do you even do that with Windows 10? I don't even have a disk anymore.
I ran a full scan using Bitdefender and nothing showed up but it doesn't make me feel any safer. My CPU is constantly tagged at 100% and I noticed a new program that started up when my computer started up called "Program".
Thanks I'll now have to search for a thumb drive haha.
I wonder if the slowness and weirdness is due to one of my drives failing. I was going to fix it in the morning but I couldn't sleep so I decided to check it out. As soon as I unplugged the drive that failed it started acting fast again.
Might just back up every thing and do it anyway.
urahonky on
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
Download Malwarebytes and run it real quick, see if it finds anything.
Yeah it just found 2 things: Utorrent.exe that apparently I downloaded like 6 years ago and NoxApp.exe that I downloaded for use with FFBE farming.
+3
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I will tell you that Malwarebytes is overzealous sometimes. uTorrent and Nox both had malware bundled versions at a couple points so it may be flagging them because of that. But if nothing else was found it's probably fine.
I will tell you that Malwarebytes is overzealous sometimes. uTorrent and Nox both had malware bundled versions at a couple points so it may be flagging them because of that. But if nothing else was found it's probably fine.
Yeah I'm willing to believe that it was likely my HDD that died that was causing some weirdness. The odd part was that I woke up at 3am and couldn't sleep so I was working on figuring out what was going on... And it just refused to connect to the internet. I assumed that was part of the virus so I was kind of ready to purge it but when I grabbed my phone it yelled at me that the internet was dead.
Just coincidental that I was trying to use my potentially infected PC right at the moment my internet died at the house lol.
0
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
I come from the “purge it with fire” camp. If I even SUSPECT there’s hostile code I am deleting the boot partition, formatting the disk, and reinstalling from scratch.
Pain in the ass, but I have trust issues when it comes to malware and viruses.
+8
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
I come from the “purge it with fire” camp. If I even SUSPECT there’s hostile code I am deleting the boot partition, formatting the disk, and reinstalling from scratch.
Pain in the ass, but I have trust issues when it comes to malware and viruses.
Yeah I'll likely still do it. I just have a ton of work related things setup that would be such a pain in the dick to get back up and running. However if in a day or so I still feel like there's issues going on then it's getting fired.
So follow up on Okta: Okta detected the breach at Sitel back in January, escalated it to a security incident and kicked it over to Sitel. Then, according to their own timeline, they sat on their hands for 2 months while they waited for Sitel's report.
So follow up on Okta: Okta detected the breach at Sitel back in January, escalated it to a security incident and kicked it over to Sitel. Then, according to their own timeline, they sat on their hands for 2 months while they waited for Sitel's report.
On top of that, their timeline also indicates that whoever was trying to compromise the Okta account in question was unsuccessful?
January 20, 2022, 23:18 - Okta Security received an alert that a new factor was added to a Sitel employee’s Okta account from a new location. The target did not accept an MFA challenge, preventing access to the Okta account.
But it seems like they were actually pretty successful? Even just from what Lapsus$ has disclosed, it looks like they got a bit further than just "We tried to access a superuser account but failed at the MFA challenge".
I donno. Something reeks in Okta's reporting on this.
It's a bit wishy washy but I think they're saying the RDP attack gave them full access to the account session on the machine, including access to Okta customer data, for the 5ish days. They then tried to add an MFA token to establish persistence which got detected and kicked off the IR efforts.
I come from the “purge it with fire” camp. If I even SUSPECT there’s hostile code I am deleting the boot partition, formatting the disk, and reinstalling from scratch.
Pain in the ass, but I have trust issues when it comes to malware and viruses.
It's a bit wishy washy but I think they're saying the RDP attack gave them full access to the account session on the machine, including access to Okta customer data, for the 5ish days. They then tried to add an MFA token to establish persistence which got detected and kicked off the IR efforts.
Oh, that would make much more sense. I was reading it as the attackers trying to spoof MFA as a means of initial access, but if they were just doing it to establish persistence that would line up much better with the proposed chain of events.
It's a bit wishy washy but I think they're saying the RDP attack gave them full access to the account session on the machine, including access to Okta customer data, for the 5ish days. They then tried to add an MFA token to establish persistence which got detected and kicked off the IR efforts.
Oh, that would make much more sense. I was reading it as the attackers trying to spoof MFA as a means of initial access, but if they were just doing it to establish persistence that would line up much better with the proposed chain of events.
Doesn't help that infosec Twitter had been having an information push about the limitations of MFA push prompts. Kind of muddies the waters when reading this report.
+1
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
I come from the “purge it with fire” camp. If I even SUSPECT there’s hostile code I am deleting the boot partition, formatting the disk, and reinstalling from scratch.
Pain in the ass, but I have trust issues when it comes to malware and viruses.
I can understand where that thought process comes from. And I also know I won't change any minds here. But most of what people consider malware today is really adware and PuPs which, while annoying and can absolutely slow things down and redirect you into places you don't want to be, won't actually do anything that really compromises your life long term. It's mostly them redirecting you to sites that make them money from clicks. Once they're removed, the problem is usually resolved forever.
British police have arrested seven teenagers and young people, aged 16 to 21, whom they accuse of links to the hacker group Lapsus$. The BBC reports this, adding that a 16-year-old boy from Oxford is accused of being a leader of the group. However, it said it is not known whether he is among those who have since been released. Previously, rival hackers had made public his name, home address and other personal information, Bloomberg had reported Wednesday. According to the reports, however, investigators had been on his trail for a year. The boy was autistic, he said, and had been so fast at times that people had thought they were watching an automated process.
Translated with www.DeepL.com/Translator (free version)
So does anyone remember Ubiquiti's data breach? Long story short, Brian Krebs was told by a whistleblower about the breach before Ubiquiti announced it, and now they're suing him for it.
Suing Brian Krebs, one of the best known security researchers in the industry. They realize this isn't going to go the way they want it to go, right?
We'll see if anyone puts their money where their mouth is, but I've had 3 other WISP owners tell me they're going to start moving to Mimosa going forward.
I'm in the process of trying to figure out a way forward without them. It's really difficult to switch brands on this stuff without leaving people in the lurch for days at a time.
Sidenote: Ubiquiti has still not resolved the fact that they're violating the linux GPL, though they're also not the only wireless manufacturer to do so.
Lapsus$ is back dropping dumps of code from breaches at Apple, Alphabet, and Sony amongst others. Sony appears related to the Sykes/Sitel breach but not sure about the other dumps.
Reporting is also coming out about a Lapsus$ campaign where they used hacked law enforcement email accounts to send fake legal requests for user data. Appears that both Apple and Meta complied with the forged requests. The data was at a minimum used to enable harassment campaigns
Suing Brian Krebs, one of the best known security researchers in the industry. They realize this isn't going to go the way they want it to go, right?
We'll see if anyone puts their money where their mouth is, but I've had 3 other WISP owners tell me they're going to start moving to Mimosa going forward.
I'm in the process of trying to figure out a way forward without them. It's really difficult to switch brands on this stuff without leaving people in the lurch for days at a time.
Sidenote: Ubiquiti has still not resolved the fact that they're violating the linux GPL, though they're also not the only wireless manufacturer to do so.
With people using the equipment, sure, some might change. But I'm more thinking of the lawsuit itself here. This gets dangerously close to SLAPP stuff (says the guy who is definitely not a lawyer), and I'm guessing most of the industry is going to back Krebs.
Posts
Do I keep getting these because my email is on the dark web or should I actually be concerned?
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
I've gotten these before some years back. It's just a phishing spam template they robocall with.
Cool, thank you. I wasn't sure if it was a phishing attempt or not since there was no link or attachment to it. I will go ahead and ignore these spam emails.
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
They may also do things like including your username to something, or a password you use(d). Still phishing, but in this case make sure to change your password wherever that one was used :P
3DS Friend Code: 3110-5393-4113
Steam profile
I don’t think it’s technically phishing; if it’s the sort we used to get reported to us a couple years ago, it has a bitcoin wallet ID and a vague threat to expose your porn habits to everyone you know, or something like that? In that case it’s good old fashioned blackmail and no less illegal for being mediated electronically.
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
Don't sell yourself short, have confidence. I'm sure you cut a dead sexy figure in nothing but a Geek Squad shirt.
~ Buckaroo Banzai
But apathy won out and I still didn't respond to their demands. Turned out their threats were just as empty as all the others! Go figure.
I wear the button down grey shirt still. They tried to get me switched to the polo but I told them in no uncertain terms that fat guys don't wear polos.
If you've been following the security news as of late, you're probably aware of the recent high-profile breaches of major tech companies like Samsung, Ubisoft, Nvidia, and even Microsoft.
The breaches have all been carried out by hacking group Lapsus$, who have been steadily releasing sensitive documents and proprietary source code in the wake of their attacks.
Most people have been puzzling over how this may have come to pass, as that's a LOT of high profile targets for a single group to hit, in such a short period of time.
The answer? Apparently Lapsus$ has somehow compromised Okta, an authentication layer used by many large enterprise companies. Notably used by those companies for their single-sign on solutions
With Super User access to Okta, and for months now, Lapsus$ could just about do whatever they'd want in any of those systems.
Needless to say
https://www.youtube.com/watch?v=-W6as8oVcuM
Okta's now confirming. They're claiming only 2.5% of customers affected but gotta imagine that numbers going to go up
I ran a full scan using Bitdefender and nothing showed up but it doesn't make me feel any safer. My CPU is constantly tagged at 100% and I noticed a new program that started up when my computer started up called "Program".
I wonder if the slowness and weirdness is due to one of my drives failing. I was going to fix it in the morning but I couldn't sleep so I decided to check it out. As soon as I unplugged the drive that failed it started acting fast again.
Might just back up every thing and do it anyway.
Yeah I'm willing to believe that it was likely my HDD that died that was causing some weirdness. The odd part was that I woke up at 3am and couldn't sleep so I was working on figuring out what was going on... And it just refused to connect to the internet. I assumed that was part of the virus so I was kind of ready to purge it but when I grabbed my phone it yelled at me that the internet was dead.
Just coincidental that I was trying to use my potentially infected PC right at the moment my internet died at the house lol.
Pain in the ass, but I have trust issues when it comes to malware and viruses.
https://www.youtube.com/watch?v=aCbfMkh940Q
It's an enduring quote for a reason.
Sometimes the old ways are the most thorough.
Okta detected the breach at Sitel back in January, escalated it to a security incident and kicked it over to Sitel. Then, according to their own timeline, they sat on their hands for 2 months while they waited for Sitel's report.
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
On top of that, their timeline also indicates that whoever was trying to compromise the Okta account in question was unsuccessful?
But it seems like they were actually pretty successful? Even just from what Lapsus$ has disclosed, it looks like they got a bit further than just "We tried to access a superuser account but failed at the MFA challenge".
I donno. Something reeks in Okta's reporting on this.
God I love that movie.
Oh, that would make much more sense. I was reading it as the attackers trying to spoof MFA as a means of initial access, but if they were just doing it to establish persistence that would line up much better with the proposed chain of events.
Doesn't help that infosec Twitter had been having an information push about the limitations of MFA push prompts. Kind of muddies the waters when reading this report.
I can understand where that thought process comes from. And I also know I won't change any minds here. But most of what people consider malware today is really adware and PuPs which, while annoying and can absolutely slow things down and redirect you into places you don't want to be, won't actually do anything that really compromises your life long term. It's mostly them redirecting you to sites that make them money from clicks. Once they're removed, the problem is usually resolved forever.
German article
https://www.heise.de/news/Hacker-Gruppe-Lapsus-Sieben-Teenager-in-Grossbritannien-festgenommen-6625675.html
Translated with www.DeepL.com/Translator (free version)
Wtf... Did they literally catch hackerman?
Edit
https://www.bbc.com/news/technology-60864283
Link to the BBC story
We'll see if anyone puts their money where their mouth is, but I've had 3 other WISP owners tell me they're going to start moving to Mimosa going forward.
I'm in the process of trying to figure out a way forward without them. It's really difficult to switch brands on this stuff without leaving people in the lurch for days at a time.
Sidenote: Ubiquiti has still not resolved the fact that they're violating the linux GPL, though they're also not the only wireless manufacturer to do so.
Reporting is also coming out about a Lapsus$ campaign where they used hacked law enforcement email accounts to send fake legal requests for user data. Appears that both Apple and Meta complied with the forged requests. The data was at a minimum used to enable harassment campaigns
With people using the equipment, sure, some might change. But I'm more thinking of the lawsuit itself here. This gets dangerously close to SLAPP stuff (says the guy who is definitely not a lawyer), and I'm guessing most of the industry is going to back Krebs.