- Joined
- May 18, 1997
- Messages
- 55,634
It is hitting transit in Europe now, trying to get details.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Yup, we have continued phishing tests & if you click on a link that is part of the phish it is logged..Just an email list and an email server from the sounds of how it works.
People open up things/click on links that they never should have and you end up with this kind of mess.
We have our people pretty well trained to immediately report any email that they weren't expecting or that looks suspicious.
I haven't had an issue with anybody opening up crap like this in the last 2 years.
They report it to me and I send it on to the security team to check out.
Better to have false alarms than what is going on with this crap.
They say something about it at gameguru.box.sk.I totally am brain farting on where I saw that!
EDIT: I thought I read it over on a Kaspersky site/blog, but I think it's no longer int he article, so yeah it might have been a false report.
Well, apparently it didn't work.
the patch does work, but it takes companies time to update all their systems since uptime/reliability is a much higher priority.
That's not how ransomeware works, unless the source gets leaked somehow you can't undo it, btw one of the local hospitals in Toronto seems to have gotten hit by this.I am hoping that there will be a decryption tool for this shortly. Whoever is doing this doesn't deserve to make money from it.
the patch does work, but it takes companies time to update all their systems since uptime/reliability is a much higher priority.
Because linux updates are easy peasy and never break anything.MS doesn't make it dead simple to apply security updates. This attack highlights the biggest issue with windows. It isn't that it is the OS with the highest install base and thus the prime target for these types of things. The issue is MS PITA update system... that makes companies ignore even major security updates, and end users skip updates to avoid the loss of use while updates complete and restart their machines.
MS needs to stop coming up with marketing names for Update packages... and instead update their update process. Their should be no reason that this afternoon I installed almost 1gb of updates on my Linux system in less then 10 min including 7 min of downloading... and MS can't manage to offer something at least close to that experience in their closed source paid for operating system.
If updates where easy and painless in windows as they are these days in the modern Linux distros... MS wouldn't have to implement forced updates and roll ups ect.
Because linux updates are easy peasy and never break anything.
Did i get that right.
MS doesn't make it dead simple to apply security updates. This attack highlights the biggest issue with windows. It isn't that it is the OS with the highest install base and thus the prime target for these types of things. The issue is MS PITA update system... that makes companies ignore even major security updates, and end users skip updates to avoid the loss of use while updates complete and restart their machines.
MS needs to stop coming up with marketing names for Update packages... and instead update their update process. Their should be no reason that this afternoon I installed almost 1gb of updates on my Linux system in less then 10 min including 7 min of downloading... and MS can't manage to offer something at least close to that experience in their closed source paid for operating system.
If updates where easy and painless in windows as they are these days in the modern Linux distros... MS wouldn't have to implement forced updates and roll ups ect.
Said it once and I'll say it again: if the person or persons responsible for creating these kinds of tools and distributing them are ever found, a bullet in the skull cavity is OK with me, I'll even pay for the ammunition.
Hmmm... Windows Update has also decided to download 'Feature Update to Windows 10, version 1703'.
Do you have the KB# for that?
MS doesn't make it dead simple to apply security updates. This attack highlights the biggest issue with windows. It isn't that it is the OS with the highest install base and thus the prime target for these types of things. The issue is MS PITA update system... that makes companies ignore even major security updates, and end users skip updates to avoid the loss of use while updates complete and restart their machines.
MS needs to stop coming up with marketing names for Update packages... and instead update their update process. Their should be no reason that this afternoon I installed almost 1gb of updates on my Linux system in less then 10 min including 7 min of downloading... and MS can't manage to offer something at least close to that experience in their closed source paid for operating system.
If updates where easy and painless in windows as they are these days in the modern Linux distros... MS wouldn't have to implement forced updates and roll ups ect.
Because linux updates are easy peasy and never break anything.
Did i get that right.
deadlib() { lsof | grep 'DEL.*lib' | cut -f 1 -d ' ' | sort -u; }
$ deadlib
at-spi-bu
dconf\x20
gdbus
gmain
Yeah, I got that through another channel earlier, was told it was the airport, made me question the authenticity, then they said train station.
"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus". Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.
"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target..
If you are running snort or have an IDS that can take snort rules, this will aid in detection...Though if it occurs in your environment you will know pretty quickly anyway.
Well, that would be the government that created it so what are you really going to do?
110% agree with this.. i can't stand windows updating process.. i usually just do a mass update every 2-3 months because i can't afford to have my systems randomly restarting from updates.
Attack Vector = Remote Command Execution via SMB. In other words. Eternal Blue and Double Pulsar exploits. Not delivered via phishing for most of these instances. Proliferation occurs peer to peer. Network enumeration. Worm like behavior. In fact I would say that a new class of malware has been unleashed.
Behold World. The RansomWorm.
So ... the US Government is now an accessory to unauthorized access of a protected computer, unauthorized access with intent to defraud, damaging a computer or computer information, and threatening to damage a computer under the Computer Fraud and Abuse Act right? Who's gonna take the fall for this one? Not to mention any laws or civil penalties involving lack of responsible disclosure.
If Microsoft didn't have as shitty a reputation and a major trust problem, maybe folks would update their PCs.
Yeah, but it has to infect one of the systems first before it can propagate across the network.
There has been viruses that propagated across the network in the past. They just aren't super common is all.
Hasn't been used for ransomware before that I am aware of, but I still wouldn't call it a new class of malware. They just combined a couple things that already existed.
Please use code brackets as the forum chunks it.
If Microsoft didn't have as shitty a reputation and a major trust problem, maybe folks would update their PCs.