[Computer Security Thread] DejaBlue worms? Sounds so familiar, it makes me WannaCry.

1656667686971»

Posts

  • CarpyCarpy Registered User regular
    On the other hand CVE-2020-1048 is a fun abuse of the print spooler to get persistent SYSTEM access with one line of powershell. It got patched yesterday but you'll also want to investigate any file based printer ports, the patch fixes the underlying issue but can't remove existing access.


    https://windows-internals.com/printdemon-cve-2020-1048/

    LD50furlionKhepra
  • DrascinDrascin Registered User regular
    So, with all this stuff and breaches and shit, it's becoming increasingly clear that annoying as it is, a password manager is going to be kind of inevitable. Is there any recommended free option, or at least cheap one? Preferably one that isn't too much of a pest to use in both a couple computers and a phone?

    Steam ID: Right here.
  • MugsleyMugsley Registered User regular
    Bitwarden is the one I hear about most. It's open source and free.

  • furlionfurlion Riskbreaker Lea MondeRegistered User regular
    I use Keepass which has a Windows, Linux, and Android version which I sync urine Dropbox. Free and open source.

    sig.gif Gamertag: KL Retribution
    PSN:Furlion
    OrcaBanzai5150VoodooVelectricitylikesmeSoggybiscuit
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited May 17
    furlion wrote: »
    I use Keepass which has a Windows, Linux, and Android version which I sync urine Dropbox. Free and open source.

    I didn't know you could use Dropbox like that. Be careful that you don't piss anyone off!

    TetraNitroCubane on
    VuIBhrs.png
    V1mJebus314kimeSmokeStacksJazzIanatorDisruptedCapitalistBucketmanPolaritie
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    Been using Lastpass for years, no complaints. Keepass also pops up as a good choice whenever the question gets asked.

    DisruptedCapitalistBucketman
  • BahamutZEROBahamutZERO Registered User regular
    hey, is there any security problem with having old C++ redistributables lying around from old game installs in the same way that having old versions of java lying around on a system is a security problem?

    BahamutZERO.gif
  • bowenbowen How you doin'? Registered User regular
    hey, is there any security problem with having old C++ redistributables lying around from old game installs in the same way that having old versions of java lying around on a system is a security problem?

    I don't even think having the old jre's laying around would be a security problem unless you ran code through them.

    But no, C++ redistributables are often just libraries for the STL and stuff like that, patching over them with newer ones should get rid of their security problems as discovered.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • DisruptedCapitalistDisruptedCapitalist screaming Registered User regular
    I agree it is a bit annoying to see dozens of redistributables in my programs list that are probably left over from a game I uninstalled ages ago. They're just litter.

  • SiliconStewSiliconStew Registered User regular
    Looking at one of the CVE sites, it doesn't look like there's been any reported vulnerabilities in visual c++ since 2010.

    Just remember that half the people you meet are below average intelligence.
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    It's not that the C runtimes aren't full of security holes, they've just managed to eliminate all the ones that aren't by design

    LD50bowenBlackDragon480
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 8
    So, unfortunately I need a little help with my positively least favorite computer security topic:

    Family tech support.

    It sounds like my parents somehow infected their mac with something nasty, because Chrome keeps telling them they're downloading malicious files. Even when they're not downloading files at all.

    I need to remotely access the machine, because I am sick to death of trying to tell them what to do over the phone and getting "The little MAN with the FACE is doing the THING" as their responses.

    Does anyone have any advice for remote-desktop options on mac, preferably ones that can be used cross-platform, and ones that won't open a gigantic gaping security hole in their computer with neon lighted arrows and a sign that says "HACKERS ENTER HERE" (that is, Zoom)?

    TetraNitroCubane on
    VuIBhrs.png
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.

    The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).

    The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.

    OrcaDisruptedCapitalista5ehren
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 8
    If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.

    The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).

    The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.

    I agree 100%.

    But I'm talking about two +65 year old individuals who don't understand that their email password is different than their wifi password, and regularly call up their ISP because they're unable to log into GMail.

    When I told them that they likely had malware, and to stop using the computer and cancel their credit cards immediately, they said that "sounded like too much work". I'm just trying to do something, anything, to mitigate.

    They absolutely have zero capacity to clone the HDD from an All-in-One Mac on their own. Nevermind reinstalling the OS on their own.

    TetraNitroCubane on
    VuIBhrs.png
  • FremFrem Registered User regular
    edited June 8
    Chrome Remote Desktop is decent and easy to set up. It doesn’t look like it’s had a CVE for over a decade a couple years.

    Frem on
    Shadowfire
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.

    The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).

    The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.

    I continue to swear by MalwareBytes, and they have a Mac version that is free to download and use. Once you're rid of the malware, there's little reason to nuke the computer from orbit these days. The vast majority of malware these days aren't viruses or rootkits, they're bullshit browser extensions and garbage like MacKeeper.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
    a5ehrenV1m
  • a5ehrena5ehren AtlantaRegistered User regular
    Yeah, Chrome Remote Desktop is fine and pretty easy to install. https://remotedesktop.google.com/support

  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    Thanks all. Chrome remote desktop was easy enough to use, and I was able to get MalwareBytes on their machine, as well as do a few other cursory scans. Hopefully that can be at least a band-aid until I can someday manage to get at the machine in person and do a full reinstall.

    I very much appreciate all the advice!

    Family tech support is positively the worst.

    VuIBhrs.png
    FremShadowfirefurlionBahamutZEROJaysonFour3lwap0V1mDizzenPolaritie
  • jothkijothki Registered User regular
    Earlier today, I received 16 email verification codes from the Kenya Revenue Authority. No links, so it looks like an attempt to use my email for fraud rather than a phishing attempt against me. Weirdly enough, I checked and there's no associated login attempts to my email that I can see.

    Is this kind of thing worth following up on?

  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    jothki wrote: »
    Earlier today, I received 16 email verification codes from the Kenya Revenue Authority. No links, so it looks like an attempt to use my email for fraud rather than a phishing attempt against me. Weirdly enough, I checked and there's no associated login attempts to my email that I can see.

    Is this kind of thing worth following up on?

    Probably not. Change your password, make sure 2FA is attached, move on.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
    3lwap0
  • VoodooVVoodooV Registered User regular
    In an ideal world, both the 2005 and the 2008 C++ runtimes have been end of life'd and should be removed from any and all computers. I think there were some low severity vulnerabilities attached to them if I remember my time with Qualys vulnerability scans.

    But in reality, I still run into games that aren't that old that still sneak them on to your computer.

  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    Yeah, then you have the door control access systems that do the same…

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • jothkijothki Registered User regular
    Got a few more emails. Are scammers just flailing around with random email addresses hoping that they'll get the 1 in 10000 chance of guessing what code was sent?

  • BahamutZEROBahamutZERO Registered User regular
    edited July 3
    probably bots scraping lists of stolen email/password combinations and trying them all on government identity systems and banks and such

    BahamutZERO on
    BahamutZERO.gif
    Shadowfire
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited July 15
    Currently unfolding story:

    A number of prominent personalities have apparently had their Twitter accounts compromised. Targets include Bill Gates, Kanye West, and Elon Musk, as well as Apple and Uber's Twitter account. Also a wide swath of cryptocurrency related Twitter accounts.
    Elon Musk’s Twitter account has seemingly been compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates also had his account seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address. Both accounts are continuing to post new tweets promoting the scam almost as fast as they are deleted.

    Shortly after the initial wave of tweets, the accounts of Apple, Uber, Amazon CEO Jeff Bezos, hip-hop mogul Kanye West, former New York City mayor and billionaire Mike Bloomberg, and even former President Barack Obama have also been compromised and are promoting the scam. It’s unclear show how widespread the operation is, but it appears to be affecting major companies and extremely high-profile individuals, suggesting that someone has either found a severe security loophole in Twitter’s login process or has gained access to a Twitter employee’s admin privileges.
    The Tesla CEO’s account issued a mysterious tweet at 4:17PM ET this afternoon reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.

    The fact that this is hitting so many prominent accounts so rapidly, and that apparently Twitter is deleting the tweets as quickly as they appear, indicates that someone has high level access - and Twitter can't keep them out.

    This doesn't look like a standard phishing compromise.

    Edit:


    So far I've seen tweets from the accounts of Elon Musk, Jeff Bezos, Bill Gates, and Kanye West. Hackers are putting back tweets as soon as account owners delete them. They've already made $103,000 in two hours.

    MalwareTechBlog is... a Malware tech blog.

    Jezum Crow. This is a wicked game of whack a mole. Whoever is doing this already hit Biden.

    I predict the moment they try to hit Trump, Twitter will actually do something about this.

    Double Edit (This is moving fast!):

    There's some indication that the accounts in question have been fully compromised, including alterations to recovery email options.
    It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.

    TetraNitroCubane on
    VuIBhrs.png
    LD50ShadowfirefurlionBucketman
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited July 15
    I'm watching this unfold in real time and it's just phenomenal that Twitter aren't taking any action. Like, IMMEDIATELY.

    This may be the single most significant security breach of the last... I don't even know. But considering that the United States is currently run by a man who issues orders via Decree by Twitter, someone with this level of access could fuck some shit up to say the least.

    TetraNitroCubane on
    VuIBhrs.png
    furlionFremBucketmanTelMarine
  • furlionfurlion Riskbreaker Lea MondeRegistered User regular
    I'm watching this unfold in real time and it's just phenomenal that Twitter aren't taking any action. Like, IMMEDIATELY.

    This may be the single most significant security breach of the last... I don't even know. But considering that the United States is currently run by a man who issues orders via Decree by Twitter, someone with this level of access could fuck some shit up to say the least.

    They would rather watch the country burn then shut down for even a few minutes to fix this.

    sig.gif Gamertag: KL Retribution
    PSN:Furlion
    TetraNitroCubaneBucketman
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    They've limited some features, apparently, but the ad-revenue train MUST GO ON.


    We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.

    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    Cross-posted from the Social Media Thread - It appears someone has likely gained access to Twitter's Admin Functions Panel.
    Two sources close to or inside the underground hacking community provided Motherboard with screenshots of an internal panel they claim is used by Twitter workers to interact with user accounts. One source said the Twitter panel was also used to change ownership of some so-called OG accounts—accounts that have a handle consisting of only one or two characters—as well as facilitating the tweeting of the cryptocurrency scams from the high profile accounts.

    Twitter has been deleting screenshots of the panel and has suspended users who have tweeted the screenshots, claiming that the tweets violate its rules.

    VuIBhrs.png
  • bowenbowen How you doin'? Registered User regular
    Why is the admin functions panel accessible to the internet is the real question

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    LD50BlackDragon480ShadowfireTetraNitroCubaneNaphtaliFremJebus314OrcaBucketmanMugsleyThawmus
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited July 16
    So Twitter has an official statement out. I'll link the start of the thread, and summarize thereafter.


    We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

    We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

    Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

    We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

    This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

    We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

    Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

    So, TLDR seems to be that this was social engineering of employees within Twitter. Likely bribery.

    First, why did ANY employee have access to make Tweets from any account?

    Second, why did ANY employee have access to change the account's recovery email?

    Third, what else did they have access to? They likely left something to get back in. They likely stole sensitive information (DMs, etc).

    Fourth, HOLY FUCK TWITTER, this is SECURITY 101 SHIT HERE. The human is always the weakest link in the chain, so you LIMIT THEIR PERMISSIONS.

    Twitter servers should be air-gapped. All of them.

    TetraNitroCubane on
    VuIBhrs.png
    OrcadanxfurlionkimeBucketmanbowenShadowfireBlackDragon480DisruptedCapitalist
  • OrcaOrca Registered User regular
    Twitter servers should be air-gapped. All of them.

    Lit on fire and tossed in the ocean.

    How the hell is that crap accessible to the internet?

    TetraNitroCubanedanxfurlionBucketmanbowenNaphtaliShadowfireThawmus
  • BucketmanBucketman Call me SkraggRegistered User regular
    I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too

  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    Yeah, but if trump started tweeting about bitcoin and demanding money, would anyone know there was a problem?

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
    bowenfurlionTetraNitroCubaneShadowfireMugsleyLostNinjaIanatorDisruptedCapitalistBucketman
  • bowenbowen How you doin'? Registered User regular
    Bucketman wrote: »
    I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too

    Oh my god I didn't even think of that.

    $5 says he was the real target and they're distracting by making other accounts seem like they were the priority

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
    tsmvengyfurlionthatassemblyguyBucketmanThawmus
  • ThawmusThawmus Registered User regular
    bowen wrote: »
    Bucketman wrote: »
    I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too

    Oh my god I didn't even think of that.

    $5 says he was the real target and they're distracting by making other accounts seem like they were the priority

    Can I take you up on the bet simply because I want to pay $5 for that to be true?

    steam_sig.png
    V1mbowen
  • OrcaOrca Registered User regular
    Good news everyone, Instacart may be leaking information, if not pwned outright!

    https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online
    The personal information of what could be hundreds of thousands of Instacart customers is being sold on the dark web. This data includes names, the last four digits of credit card numbers, and order histories, and appears to have affected customers who used the grocery delivery service as recently as yesterday.

    ...

    “It’s looking recent and totally legit,” Nick Espinosa, the head of cybersecurity firm Security Fanatics, told BuzzFeed News after reviewing the accounts being sold.

    Two women whose personal information was for sale confirmed they were Instacart customers, that their last order date and amount matched what appeared on the dark web, and that the credit card information belonged to them.

  • LostNinjaLostNinja Registered User regular
    Literally used instacart for the first time last week :mad:

  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    Obligatory "change your passwords, use a password manager, check statements for unapproved charges" post.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
    OrcaBlackDragon480BahamutZERO
  • DizzenDizzen Registered User regular
    Less than stellar news for folks who use Pulse Secure VPN (or rather, folks whose work places use it). Hackers used a vulnerability discovered last year to collect password and admin details on over 900 unpatched servers, and released it on a known ransomware forum.

    https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

    Dichotomy wrote: »
    it'd be like Jurassic Park, but with bananas
Sign In or Register to comment.