Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

290
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#ransomware

6 posts5 participants0 posts today
Public
Dissent Doe :cupofcoffee:

A little ray of sunshine:

The Journal Times, part of Lee Enterprises, had been seriously impacted by the #ransomware attack by Qilin in February. Today, they announced that they are back to full strength: journaltimes.com/opinion/colum

Sincere congrats to them after what was almost two months of intensive and dedicated efforts to fully recover.

Journal TimesAfter cyberattack, The Journal Times is back to full strengthToday, we cannot be more pleased to tell you we are back to full strength.
#journalism#freepress
Public
your auntifa liza 🇵🇷 🦛 🦦

it should be obvious by now that anything created by the #techbros behind this coup needs to be considered #malware

wired.com/story/doge-rebuild-s

and that includes the 2-3 years of #Palantir having free reign hacking everything related to not just #immigration but #passports

DOGE IS MORE THAN #MALWARE IT’S #RANSOMWARE

so who is putting up contingencies to use all the #OpenGOV tools we have had developed the last 20 years, to audit the White House’s acts of digital terrorism?

WIRED · DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System CollapseBy Makena Kelly
Replied in thread
Public
Erik van Straten

@aral :

I don't want to pay a cent. Neither donate, nor via taxes.

infosec.exchange/@ErikvanStrat

@TheDutchChief @EUCommission @letsencrypt @nlnet

Screenshot from the top of https://www.virustotal.com/gui/ip-address/13.248.197.209/relations The page had already redreshed when I copied the following domain names, so this is just to get an idea: tiles-35312.bond sleepwear-14660.bond prostate-cancer-treatment-95682.bond diet-98948.bond electric-cars-94009.bond packing-jobs-44721.bond dental-implants-48408.bond mattress-19892.bond breast-reduction-mammoplasty-surgery-24489.bond dental-implants-76071.bond rv-camper-motorhomes-90728.bond roofing-services-61345.bond maid-service-26172.bond
Infosec ExchangeErik van Straten (@ErikvanStraten@infosec.exchange)Attached: 1 image @aral@mastodon.ar.al : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites. They're the ultimate manifestation of evil big tech. They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks. DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks). Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website). However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake. Decent online authentication is HARD. Get used to it instead of denying it. REASONS/EXAMPLES 🔹 Troy Hunt fell in the DV trap: https://infosec.exchange/@ErikvanStraten/114222237036021070 🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: https://infosec.exchange/@ErikvanStraten/114224682101772569 🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: https://infosec.exchange/@ErikvanStraten/114224264440704546 🔹 Stop phishing proposal: https://infosec.exchange/@ErikvanStraten/113079966331873386 🔹 Lots of reasons why LE sucks: https://infosec.exchange/@ErikvanStraten/112914047006977222 (corrected link 09:20 UTC) 🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/. However, this gang is still active, open the RELATIONS tab in https://www.virustotal.com/gui/ip-address/13.248.197.209/relations. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/ @EUCommission@ec.social-network.europa.eu @letsencrypt @nlnet@nlnet.nl #Authentication #Impersonation #Spoofing #Phishing #DV #GoogleIsEvil #BigTechIsEvil #Certificates #httpsVShttp #AitM #MitM #FakeWebsites #CloudflareIsEvil #bond #dotBond #Spam #Infosec #Ransomware #Banks #CloudflareIsEvil #FakeWebsites
#Authentication#Impersonation#Spoofing
Replied in thread
Public *
Erik van Straten

@aral : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.

They're the ultimate manifestation of evil big tech.

They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.

DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).

Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).

However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.

Decent online authentication is HARD. Get used to it instead of denying it.

REASONS/EXAMPLES

🔹 Troy Hunt fell in the DV trap: infosec.exchange/@ErikvanStrat

🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: infosec.exchange/@ErikvanStrat

🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: infosec.exchange/@ErikvanStrat

🔹 Stop phishing proposal: infosec.exchange/@ErikvanStrat

🔹 Lots of reasons why LE sucks:
infosec.exchange/@ErikvanStrat (corrected link 09:20 UTC)

🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): newly-registered-domains.abtdo. However, this gang is still active, open the RELATIONS tab in virustotal.com/gui/ip-address/. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: bleepingcomputer.com/news/secu

@EUCommission @letsencrypt @nlnet

Screenshot from the top of https://www.virustotal.com/gui/ip-address/13.248.197.209/relations The page had already redreshed when I copied the following domain names, so this is just to get an idea: tiles-35312.bond sleepwear-14660.bond prostate-cancer-treatment-95682.bond diet-98948.bond electric-cars-94009.bond packing-jobs-44721.bond dental-implants-48408.bond mattress-19892.bond breast-reduction-mammoplasty-surgery-24489.bond dental-implants-76071.bond rv-camper-motorhomes-90728.bond roofing-services-61345.bond maid-service-26172.bond
#Authentication#Impersonation#Spoofing
Replied to ⚯ Michel de Cryptadamus ⚯
Public
Kay :heart_bi: :tinoflag:

@cryptadamist Also
Virginia OAG #ransomware attack: The Cloak ransomware gang has taken credit for breaching the Virginia Attorney General's Office last week. The agency took down its computer network and told staff to return to paper court filings while they dealt with the attack. The Cloak gang has dumped all the agency's data, suggesting officials declined to pay the ransom.
#Cybersecurity
securityweek.com/ransomware-gr

Public *
⚯ Michel de Cryptadamus ⚯

December 2023: US District Attorney Jessica Aber indicts 4 Russians for war crimes in #Ukraine

September 2024: US District Attorney Jessica Aber indicts Russian cryptocurrency money launderer / cybercriminal #SergeyIvanov

November 2024: US District Attorney Jessica Aber accuses Virginia based companies of running "three different schemes to illegally transship sensitive American technology to Russia," including sending equipment to a Russian telecommunications company linked to the #Kremlin and Russia's notorious #FSB security agency.

March 2025: Former US District Attorney Jessica Aber found dead at age 43

More: newsweek.com/jessica-aber-deat

WASHINGTON, DC — DECEMBER 6: U.S. Attorney for the Eastern District of Virginia Jessica Aber speaks during a press conference at the U.S. Department of Justice on December 6, 2023 in Washington, DC. The Department of Justice announced today that four Russian military personnel have been indicted for war crimes committed against a U.S. national living in Ukraine, the first of such charges ever to be brought under the U.S. war crimes statute. (Photo by Samuel Corum/Getty Images)
Former US attorney for eastern district of Virginia found dead at age 43 Alexandria police find Jessica Aber unresponsive after responding to reports and say investigation under way Maya Yang Sun 23 Mar 2025 14.55 EDT The former US attorney for the eastern district of Virginia was found dead in Alexandria on Saturday, authorities said. In a statement on social media, Alexandria police announced that at about 9.18am on Saturday, police responded to the 900 block of Beverley Drive following reports of an unresponsive woman. Upon arriving at the scene, authorities located a deceased woman who they later identified as 43-year-old Jessica Aber.
#Putin#VladimirPutin#JessicaAber
Public *
JayeLTee

Dealing with something ridiculous at the moment that is a great example of just how 'easy' it really is to close down exposed data:

Found a server recently with no access controls at all that was hit by ransomware in May 2024 and most of the data is encrypted. (It got hit by an automated script, it wasn't targeted by a ransom group)

Found a non encrypted directory:

The company is STILL uploading, monthly, hundreds of millions of records of logs with their clients data.

Tried to reach out to the company, nothing. Company is from AUS so I tried ASD, nothing.

I sent an email to AUSCERT, they validated with me the issue and forwarded the information and my contact to ASD, they also tried to reach out to the company themselves.

Not a word from anyone and the server is still exposed a month after my initial alerts.

Logs are still being uploaded to the server so it's obvious no one did anything.

So what am I supposed to do here?

#cybersecurity#infosec#ransomware
Public
DFN-CERT

CERT.at investigates ransomware attacks via critical Fortinet vulnerabilities (FortiOS, FortiProxy) and recommends urgent forensic investigations of all devices that didn't have FortiOS 7.0.16 installed before 2025-01-27, when the PoC for CVE-2024-55591 was published. Those devices may be compromised despite having been patched later.

Check (German) warning by @CERT_at
cert.at/de/warnungen/2025/3/ra

Long story with Forescout:
forescout.com/blog/new-ransomw

Screenshot of attack timeline from Forescout's blog post.
#ransomware#fortinet#Mora_001
Public
Nonilex

‘People Are Scared’: Inside #CISA as It Reels From #TrumpPurge
Employees at the #Cybersecurity & #Infrastructure #Security Agency…are struggling to protect the #US while the #Trump admin dismisses their colleagues & poisons…partnerships.
#MassLayoffs & weak leadership are taking a severe toll on the US govt’s #cyber #defense agency, undermining its ability to protect America from…adversaries bent on crippling infrastructure & #ransomware gangs…bleeding #SmallBusiness dry.
archive.is/2025.03.13-143433/h

ExploreLive feeds
About