This article is very interesting: A real clever phishing attack for corporate computer users


suatcini54

Well-known member
Power User
VIP
Local time
4:49 AM
Posts
684
OS
Windows 11 Pro build 26200.8524

My Computers My Computers

  • At a glance

    Windows 11 Pro build 26200.8524Intel i7-4790Teams DDR3-1600 4x4 GBMSI Nvidia GeForce GTX 1050Ti
    OS
    Windows 11 Pro build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600 4x4 GB
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    Dell P2425D
    Screen Resolution
    2560 by 1440 pixels
    Hard Drives
    Corsair NVMe M.2 Core XT 1000 GB (Windows 11 v.25H2); Samsung SATA Evo 870 500 GB (Windows 11 v.25H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    500 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • At a glance

    MacOS 12 MontereyIntel Core i58 GBIntel integrated
    Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Keyboard
    Built-in
    Mouse
    Microsoft Wireless
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
Taking into account the current world events - all the major corporations abide to their Country/State monopoly/demands - for so called "state security/affairs" . Profit is still relevant ofc - so spying/monitoring user/corporate/governmental data - is a cat and mouse game with a heavy emphasis on denial, maybe even intended as a last result. But, it's not like times of global peace - where monopolized profit was the main interest. Even tho, that's when backdoor features like Intel Management Engine (IME) and AMD Platform Security Processor (PSP) - were created, while Microsoft or Apple's OSX - nobody really knows what they're sending home - since both have an ecosystem which revolves around uploads/downloads/updates with only basic or/and obscure info - on what they're gathering. Not to mention, every Update adds new features future emphasis on this direction - and then there's the obscure A.I. side of this story.

Coincidentally, 2 days ago OpenAI (ChatGPT) - officialized their colaboration. And many are uninstalling the app as a result. Personally, i respect their initiative on making that public - instead of playing their own cat and mouse game (till some whistleblower or a breach reveals such intents). Like Facebook kept playing and got caught - payed a fine (for selling their users data), then changed their tactic - but still caught in the act, paid another fine - and probably kept doing it to this day.

Weird tech times we live in. I'm missing the 90s... 😎
 

My Computer My Computer

At a glance

WinDOS 25H2Intel & AMDSO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-26...nVidia RTX 2060 6GB Mobile GPU (TU106M)
OS
WinDOS 25H2
Computer type
Laptop
CPU
Intel & AMD
Memory
SO-DIMM SK Hynix 15.8 GB Dual-Channel DDR4-2666 (2 x 8 GB) 1329MHz (19-19-19-43)
Graphics Card(s)
nVidia RTX 2060 6GB Mobile GPU (TU106M)
Sound Card
Onbord Realtek ALC1220
Screen Resolution
1920 x 1080
Hard Drives
1x Samsung PM981 NVMe PCIe M.2 512GB / 1x Seagate Expansion ST1000LM035 1TB
Thanks for your escalation of the subject.

The article referred to in my post is a new type of danger and quite scary, in my opinion.

A gang of hackers sets up a company legally and that company is accredited by official authorities for legitimate certificate conferral. This company is a shell company, a front corporation. Then this gang of hackers uses the legitimate certificate to bypass security measures of the operating systems and antivirus programs to install malicious software onto target computers in an attempt to steal sensitive data, most probably blueprints of new innovations, etc..

The other types of data mining you refer to in your post are also very scary and may lead to the futures of the whole nations.

Happy computing.
 

My Computers My Computers

  • At a glance

    Windows 11 Pro build 26200.8524Intel i7-4790Teams DDR3-1600 4x4 GBMSI Nvidia GeForce GTX 1050Ti
    OS
    Windows 11 Pro build 26200.8524
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600 4x4 GB
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    Dell P2425D
    Screen Resolution
    2560 by 1440 pixels
    Hard Drives
    Corsair NVMe M.2 Core XT 1000 GB (Windows 11 v.25H2); Samsung SATA Evo 870 500 GB (Windows 11 v.25H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    500 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • At a glance

    MacOS 12 MontereyIntel Core i58 GBIntel integrated
    Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Keyboard
    Built-in
    Mouse
    Microsoft Wireless
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
The phony certificate company angle is interesting.

In the case of this specific malware though, our users don’t have full-time admin rights, and we block PowerShell from getting to the Internet. Those two things go a long way toward hindering the current crop of malware miscreants.
 

My Computer My Computer

At a glance

I'm off Windows at home.
OS
I'm off Windows at home.
WDAC allows you to create execution policies which only allow executables or scripts signed by a known list of trusted certs to run. All other files are banned from running. Exceptions can be made for known applications.

The problem is a lot of this stuff is more work to implement, so only the largest or most secure organizations bother. In theory, a proper WDAC would force someone with a new or unknown app to run it past their IT team. They still might be tricked, but there's more visibility than automatically trusting any digitally signed app that shows up on the network.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
You could also use WDAC in the opposite way. That is, some
of the payload executables are signed, and you could use WDAC to block those certificates, if allowlisting is too cumbersome.
 

My Computer My Computer

At a glance

I'm off Windows at home.
OS
I'm off Windows at home.
Back
Top Bottom