Home Tags Pastebin

Tag: Pastebin

A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokersrdquo;.

These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most effectively of known ransomware to date.

Network-sniffing, automation, machine learning: How to get better threat intel

When two 'innocent' events on the network are anything but IT teams can get away with poor service management, outdated software development methods and outdated apps running on legacy tin, but they might want to think twice before skimping on cybersecurity.
If you don't stay on top of this stuff, while you might not be found out today or tomorrow, eventually, your customersrsquo; personal details might just turn up on Pastebin.…

How the Macron campaign slowed cyberattackers

In the wake of French president-elect Emmanuel Macron's victory over Marine Le Pen, IT armchair quarterbacks should look at the Macron campaign's security playbook for ideas on how to fight off targeted phishing and other attacks.When 9GB of files b...

Hacker leaks Orange is the New Black new season after ransom...

Breach of post-production company poses potential threat to many networks' shows.

From Shamoon to StoneDrill

Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East.

The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

Free decryption tools now available for Dharma ransomware

Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.Dharma first appeared in November and is based on an older ransomware program known as Crysis.
It’s easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum.

The post, he claimed, contained the decryption keys for all Dharma variants.To read this article in full or to leave a comment, please click here

Breach site LeakedSource apparently raided by feds

A message on Pastebin said its servers were "subpoenaed" and the site is under federal investigation.

Hacker claims FBI CMS zero day hack, dumps 155 purported logins

Amnesty nobs Plone CMS bug A hacker is claiming to have breached the FBI's content management system, dumping email addresses and SHA1 encrypted passwords with salts online. The hacker using the handle (@cyberzeist) claims to have breached the Plone CMS using a zero day flaw allegedly for sale on an unnamed dark web site. The Register has contacted the FBI to confirm the allegations. It was not immediately available for comment, however an operative was aware of the claimed incident. Cyberzeist claims to have conducted the hack last month and has posted to Twitter what they claim are screen captures showing the FBI patching against the vulnerability, which appeared to permit public access. The hacker dumped the 155 purported stolen credentials to online clipboard pastebin, claiming a vulnerability resides in a Plone Python module. They said the websites of the European Union Agency for Network and Information Security and the National Intellectual Property Rights Coordination Center are also vulnerable. Cyberzeist also claimed the FBI contacted the hacker requesting a copy of the stolen credentials, which they declined to provide. The hacker reckoned the CMS was hosted on a virtual machine running a custom FreeBSD. They said they will tweet the zero day flaw once it is no longer for sale. FBI trying to patch-up their Plone CMS #0day at https://t.co/IRhqdQjNbp, too late!! #ComingSoon #NewYearsEve pic.twitter.com/u7KOXNO3qV — CyberZeist (@cyberzeist2) December 31, 2016 The FBI is a confirmed user of the Plone CMS, as is Amnesty International. The latter organisation acknowledged a warning from Cyberzeist that its CMS was exposed. The hacker claimed the FBI's site was offline on New Year's Eve, but none of the dozen WayBackMachine site captures of the FBI's homepage on 31 December and 1 January indicated it was unavailable. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub

Nemucod Downloader Spreading Via Facebook

Earlier today, a friend of mine notified me of something strange going on with his Facebook account; a message containing only an image (an .svg file in reality) had been sent automatically, effectively bypassing Facebook's file extension filter: 'Photo_9166.svg' What is an .svg file? From Wikipedia: Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation.

The SVG specification is an open standard developed by the World Wide Web Consortium (W3C) since 1999.
More specifically, this means that you can embed any content you want (such as JavaScript), additionally, any modern browser will therefore able to open this file.Contents of our 'photo' are as follows: Copy of file on Pastebin here It's a heavily obfuscated script, which, after opening, redirected you to the following website: Fake Youtube A website purporting to be Youtube, wih a video from Facebook - of course, you needed to install an additional extension to view it :)The extension has no icon and thus seems invisible, additionally it can do the following: Currently, I'm not exactly sure what this extension is supposed to do beside spreading itself automatically via Facebook, but likely it downloads other malware to your machine.One of my security colleagues had in fact noticed similar behavior and got ransomware (Locky) as payload: — peterkruse (@peterkruse) November 20, 2016 The extensions' description can be one of the following, and seem semi-random. Note that other variations are possible: One ecavu futolaz corabination timefu episu voloda  Ubo oziha jisuyes oyemedu kira nego mosetiv zuhum The Facebook security team as well as Google Chrome's store security team have been notified.RemovalRemove the malicious extension from your browser immediately: Additionally, run a scan with your antivirus and change your Facebook password afterwards.Notify your friends you sent a malicious file, or in the other case, let your friend know he/she is infected.
If you keep receiving the same message from your friend, you may want to temporarily block their messages.ConclusionAs always, be wary when someone sends you just an 'image' - especially when it is not how he or she would usually behave.Additionally, even though both Facebook and Google have excellent security controls/measures in place, something bad can always happen.For those interested, all related files have been uploaded to VirusTotal, and their hashes and domains can be found, as always, on AlienVault's OTX:Nemucod downloader spreading via Facebook

CrySis Ransomware Master Decryption Keys Released

The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public. Researchers at Kaspersky Lab said they have already folded the keys into the company’s Rakhni decryptor and victims of CrySis versions 2 and 3 now have a means of recovering their lost files. The key was posted at 1 a.m.

Eastern time to the BleepingComputer.com forums by a user known only as crss7777, said founder Lawrence Abrams.

Abrams speculates that it could have been the ransomware developer who posted the key on the site’s CrySis support forum page; the post included a Pastebin link to a header file written in C that contains the master decryption keys and instructions on how to use them. “Though the identity of crss7777 is not currently known, the intimate knowledge they have regarding the structure of the master decryption keys and the fact that they released the keys as a C header file indicates that they may be one of the developers of the CrySiS ransomware,” Abrams said. “Why the keys were released is also unknown, but it may be due to the increasing pressure by law enforcement on ransomware infections and the developers behind them.” CrySis surfaced in February after a report by researchers at Eset said the ransomware was quickly gaining favor from hackers after the decryption of TeslaCrypt ransomware.

CrySis spread via email attachments with double file extensions or through links in spam messages.
It was also found lurking in Trojanized versions of freely available software such as compression programs like WinRAR. Like most ransomware, it could encrypt a large number of file types and sought to encrypt data stored on shared drives.

Documents encrypted by CrySis have their filenames changed to include a .xtbl extension and an email address, similar to [filename].id-[id].[email_address].xtbl, BleepingComputer said. Kaspersky researchers said CrySis accounted for 1.15 percent of ransomware infections this year, with most of the victims found in Russia, Japan, South and North Korea, and Brazil. A number of virulent ransomware families have been extinguished this year, including CryptXXX, TeslaCrypt, Chimera, Jigsaw and others. Ransomware has been among the most feared malware threats of the year; attacks have taken large organizations in a number of industries offline and have impacted customer service.

A number of high-profile attacks against hospitals and utilities put ransomware on the map as patient care was impacted in a couple of attacks as organizations wrestled with the question of whether to pay the attackers’ demands. In the meantime, the FBI put out a number of warnings about ransomware, urging businesses to be vigilant about patching software that could be targeted by exploit kits spreading the malware, or about email campaigns spreading these infections. “The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation,” the FBI said in May. In September, the FBI made a public plea to organizations that have been ransomware victims to share incident reports, looking for details on how the infection happened, any losses incurred, the attackers’ Bitcoin wallet address and more.

6.6 million plaintext passwords exposed as site gets hacked to the...

Reusing four-year-old passwords from MySpace for GitHub?ABC Photo Archives / Getty Images reader comments 21 Share this story Plaintext passwords, usernames, e-mail addresses, and a wealth of other personal information has been published for more t...

Inside Eve: Online’s propaganda machine—from Photoshop to DDoS

reader comments 48 Share this story On June 30, 2016, a costly battle took place in Eve: Online.

An alliance of players calling themselves the Imperium—assisted by allies in the game's low security region—destroyed four Titan-class ships (the game's largest and most expensive) and inflicted damage worth half a trillion of the in-game currency (ISK) on their enemies in the Money Badger Coalition (MBC).

This battle was one of the largest since the so-called Bloodbath of B-R5RB in 2014, which resulted in losses of 11 trillion ISK—worth roughly $300,000 (£228,000) in real-world money.The Imperium’s recent assault on the MBC is hardly a left-field event; Eve players blast the hell out of each other on an almost daily basis.

But this battle was special; it took place just days after the MBC declared that it had won once and for all the game's latest large-scale war, with forum posts, fan sites, and Facebook feeds featuring links showing how the Imperium and its allies had been driven back across Eve's map of space.

The MBC was gleeful in its declaration of victory in the months-long struggle it had taken to calling "World War Bee;" it was over and MBC had won. "Our goal was to dismantle the CFC coalition [a looser collection of groups accounting for more than 40,000 players, including the Imperium]," says Killah Bee, a fleet commander in Pandemic Legion, which is part of the MBC. "We dismantled the coalition—the only thing left is the Imperium, the others have left—and we freed the north [territories].

That's what we set out to do." Enlarge / The Money Badger Coalition's logo. However, cast an eye at TheMittani.com, a major Eve fan news site, or even SomethingAwful.com, and a very different narrative emerges.

Both sites are supporters of the Imperium—whose ultimate leader runs the former—and by extension the Goonswarm, a coalition of factions the Imperium heads up.

To hear them tell it, World War Bee (a name they thoroughly resent) is far from over.
In fact, it's just getting started. "The war's not over at all," says the Mittani himself, Alex Gianturco. "All of [what you're hearing from the MBC], including the victory declaration, is what we predicted they'd do after only a couple of months—so we're right on schedule.

They've now commenced infighting in earnest. We, on the other hand, have been very aggressive in dropping Citadels [space stations] and assisting chunks of the MBC against each other.
I think our enemies would be unwilling to acknowledge this." This all sounds strange; conflict isn't supposed to be up for debate in a video game.
In most games, you're in no doubt as to whether you're under fire from your opponents.
So what gives? Why are two of Eve's biggest factions not only at odds with each other in the game, but in total disagreement as to whether they're even fighting in the first place? The answer lies in Eve's grand narrative and the dogged determination of players to own it. In Eve, as in the real world, the winners write the history books. Or blog posts, as the case may be. Spin a yarn Eve's story is written by its players. While nearly every other story-based game, including almost all other MMOs, has a plot that's based on the vision of its developer, Eve's lore relies not on what its developer CCP wants, but on the actions of its declining, but still sizeable player base.
In Eve, legendary characters aren't AI controlled—like, say, the iconic Garrosh Helllscream or Sylvanas Windrunner in World of Warcraft—they're real people. The reason for this is due to the game's structure. Eve is divided into three main regions: High Security (High-Sec), Low Security (Low-Sec) and No-Security (Null-Sec). High-Sec is the starting area, where players get to grips with Eve's mechanics in relative safety through one of the worst tutorials ever made in gaming.

The rewards for staying there are slender, but if anyone tries to grief a new player in this region, the AI shuts them down. Low-Sec is where players take off their water-wings; it's a little more of a free-for-all, but the game still provides some semblance of protection.
Footage from the Bloodbath of B-R5RB shows just how vast battles in Eve: Online can be. Null-Sec is the heart of Eve, and it's about as forgiving as the post-apocalyptic world presented in Mad Max. Here, Darwin's law applies; only those that band together survive, and lone wolves are quickly picked off. Players band together in factions, which in turn team up as coalitions, with the larger ones boasting tens of thousands of members. It's also in Null-Sec where the plot unfolds. Eve’s myriad coalitions battle one another for territory and resources using assets both in and outside of the game. Yes, gigantic dogfights take place, ambushes are set and triggered, and fleets move to contain chokepoints on the map.

But unlike other games, where conflicts are mostly confined to the game itself, the wars in Eve spill out in the real world: players make shady deals over chat channels, secrete sleeper cells within one another's ranks, and grief enemies on social media. The reason is that the stakes are always high in Eve. Unlike other MMOs—where death usually causes the player to respawn with all of their weapons, skills, and equipment intact—death in Eve can see assets that have taken hundreds of hours and piles of in-game money to accrue reduced to ash in the blink of an eye.

Damage is permanent: if your ship is blown up in Eve, it's gone for good. In an effort to control the narrative—particularly when things don't go in their favour—players flood forums, fan sites, and social media with disinformation and propaganda, making it impossible for outsiders to obtain a true picture of the state of play. Hop onto an Eve social media stream and you'll see World War II posters photoshopped to represent the views of either side of the war, lengthy propaganda videos on YouTube, and deep think-pieces. One op-ed the Mittani published during World War Bee even called into question whether IWantISK.com, an online "space casino" where players gamble using in-game cash to win modules, ships, implants, or even ISK payouts, was even legal under meatspace Florida law, the state where the site is based. Enlarge / An example of player-made propaganda from Eve: Online. Rixx Javix Enlarge Jason Kollat "It's not at Gamergate levels," says Gianturco. "You don't have people receiving, say, bomb threats.

Death threats have happened in Eve, but there's nothing that has ever reached the level of full-on harassment.
In general, the community looks at it all as good clean fun.

The metagame has always been there. People in the media will always look at platforms like Facebook or Pastebin as a sign of modernisation.

Back in the day the outside game interaction was confined to online forums." "CCP has a zero-tolerance policy for these things happening on their official forums, but it's so hard to police on other forums," says Peter Farrell, aka Elise Randolph, one of the high-ranking members of Pandemic Legion. "The Eve community is robust, and it is very hard to police. CCP has levied severe bans when harassment has taken place on out-of-game forums and the end-user license agreement is broad enough that they can take action on basically anything. Hopefully we'll never have to see them make use of this." And yet, despite what some players maintain, harassment levels in the game have now escalated far beyond a few crude photoshop jobs.

There have been instances where factions have launched DDoS attacks against the comms channels of their enemies just before a major battle, while key players have also been anonymously sent pictures of their homes by opponents as a form of intimidation. "As far as I'm aware, nobody in Eve has ever released the home address or anything of the sort," says Farrell. "However, outing a player's sexual preference, exposing real-world relationships and professions, and attempting to glean information based on posting on other non-Eve related forums and social media are some of the more prominent doxxing stories." According to Killah Bee, most of the metagame is instigated by individuals within each faction.
It's not something the fleet commanders on each side usually coordinate. "There are very small groups that do that kind of stuff.
It rarely happens and it hasn't happened in World War Bee," he says. So the poor old ostrich died for nothing Like all wars—both real and virtual—World War Bee wasn't triggered by a single event. While some have pointed to a failed Kickstarter which the Imperium organised to turn the history of The Fountain War (a major military victory in 2013) into a novel, others have pointed to a feud that the Space Monkey Alliance (SMA), a part of the Goonswarm, had been having with the owners of IWantISK.com as the cause. When the SMA/IWI conflict came to a head, one of the site's owners—who goes by the in-game name of Lenny Kravitz2—started bankrolling mercenary factions in Eve to go after SMA and its allies, and things started snowballing from there. The injection of in-game cash into what became the MBC caused thousands of players to sign up to the new coalition. Having been battered by the Goonswarm, a long-dominant and not entirely friendly force in the game, for years, lots of players wanted revenge, so it was easy for MBC to recruit. Killah Bee says that the involvement of Pandemic Legion gave the movement a boost.

The Imperium's enemies could finally see its throat exposed.
Eve: Online's news network The Scope discusses the fight in World War Bee earlier this year. "The players in Eve had been hesitating to go all in on the war," he says. "They didn't know if they could do it without Pandemic Legion.

As soon as we declared war and they knew this was for real, everybody [with a problem with the Goons] joined us." Faced with such an onslaught, the Goonswarm responded using Fabian strategy—the practice of avoiding pitched battle in order to frustrate enemies—by ceding territory and retreating without much of a fight. Not only did this have the effect of making the game more boring, which encouraged new players to leave, it allowed the Goonswarm to keep most of its fleet intact. On the downside, it was forced to abandon most of its territory and flee into Low-Sec. "They are completely abandoning the north and are moving down south with the rest of what's left of their coalition," says Killah Bee. "I never expected that to happen, not this fast, but with that happening, World War Bee is basically over." Not over 'til it's over Killah Bee's appraisal of the war isn't one Mittani shares. "After stating that they [Pandemic Legion] were out to destroy Goonswarm and that Goonswarm would never be allowed to field more than 200 people in a fleet, they left," he says. "They've moved their goalposts." Gianturco also points to Eve's most recent expansion, Citadel, which allows players to build gigantic space cities, as possibly providing the Imperium and its allies the means to return the territory they've lost without technically retaking it. Enlarge / A Citadel in Eve: Online. "Using citadels allows us to be more independent of the vicissitudes of the Sov System (the in-game method of claiming territory)," he says. "Citadels, when they're used in large numbers, allows us to—kind of how Zerg Creep [in Starcraft] works—build a carpet of these structures expanding outwards that do not show up on the in-game map at all." "In previous versions of Eve: Online, the Sov System required factions to scout and use recon.
In order to contest territory you needed to see where your enemy's assets were," he continues. "The current Sov System doesn't require this, so players have even more of an advantage when you’re defending.

Citadels don't play to this. You need to scout them out to see if they're vulnerable. We've been throwing down extremely large numbers of these citadels, which have inherent defences that we've used to vaporise a number of attackers. You won't see us advance until a system is filled with citadels." Is World War Bee over? The MBC seems to thinks so, but the Mittani is adamant it's not. "The goal here is the complete obliteration of our enemies," he says. "We're not going to just retake our empire; we're going to take revenge on anyone who participated in this war against us." A sincere threat or idle propaganda? In Eve, you can never be sure. This post originated on Ars Technica UK