All members of the group have been active for some time on popular hacker forums.
Juan Antonio Velasco, cybersecurity analyst at Spanish financial services giant Santander Group, spoke about the recent career changes of four alleged members of the REvil ransomware group, using the pseudonyms Orange, MRT, Kajit and 999.
All of them were active for some time on various underground forums. Orange was the Chief Administrator of the hacker forum Ramp and gave details of the activities of the extortionist group Babuk following its attack on the Washington Metropolitan Police Department in April 2021. 999 was the moderator of the Ramp forum. Kajit has also performed some moderator duties and acted on competing forums such as XXX and Exploit.
Cybercriminals changed their occupation on October 18 this year after the servers of the REvil group were hacked. Orange, MRT and 999 decided to go into private activities, and Kajit took on the role of Ramp administrator. Velasco’s analysis of traffic on crime forums suggests that he or she is now in contact with the operators of the ransomware REvil. Kajit also initiated the redesign of the Ramp forum.
As noted by the researcher, on October 18, the REvil servers were turned off, but this does not mean the cessation of the criminal activities of the group. Operations are now split between groups that hack into networks and then sell access to seed brokers, Velasco said. The latter, in turn, resell access to hackers who actually hack the victim’s networks, install ransomware and steal data. Access brokers are divided into retailers and wholesalers. The latter sell sets of access to networks at prices ranging from $ 10,000 to $ 20,000. Retailers sell access to individual networks at prices ranging from $ 300 to $ 1,000.
Attackers are actively looking for partners on forums and other resources. Long-term relationships develop between seed brokers and criminals. As Velasco noted, forums create tools for secure transactions. Moreover, the administrators of the Ramp forum approached their Chinese counterparts with an invitation to participate in discussions, share tips and cooperate in attacks. Influential users and forum administrators have actively tried to communicate with new forum members in Chinese using machine translation.
Important Chrome Browser Security Services Update
Since the advent ofInternet, it was necessary to design interfaces to access it. This is how web browsers were born. Unfortunately, this giant network of communication is not without drawbacks. Indeed, ill-intentioned people called hackers use it to harm to everybody. It is surely with this in mind that the chrome browser has decided to make a major update to its security protocols.
In reality, this major overhaul will take place in two phase. New versions of said browser will be created in the coming months and will include security measures. security much safer than previous versions. It should be added that all browsers working with the chromium kernel (chromium) will have to be upgraded.
Many developers are at work in this large-scale project. These are, for example, Titouan Rigoudyn, engineer and software developers and Eiji Kitamura, expert engineer in web security.
Chrome 98 and 101: new security measures
The provisions embedded in the latest versions of this browser send a control request with the header ” Access-Control-Request-Private-Network “. Subsequently, this request must be validated and include the specification ” Access-Control-Allow-Private-Network : true.” »
“Chrome will start sending a preflight request CORS (Cross-Origin Resource Sharing) before any private network request for a sub-resource, which requests explicit permission from the target server” said Titouan Rigoudy and Eiji Kitamura . This means that from chrome 101, access to internal data by a site will be under control.
Basically, according to the engineers, all these provisions are intended to protect routers, as well as users against request forgeries leading to malicious domains
A general and mandatory evolution
In addition to Chrome, the browser edge Microsoft’s Chromium-based has added a new navigation mode to the beta channel (build 98.0.1108.23) to make it more secure. Furthermore, Microsoft declares: “This feature is a huge step forward as it allows us to mitigate unplanned zero active days (based on historical trends). »
The company continued in these terms: “When enabled, this feature brings hardware-enforced stack protection, arbitrary code protection (ACG), and content stream protection (CFG) as support for security mitigations. security to increase user safety on the web. »
Can Microsoft Defender antivirus be disabled in Windows 11?
microsoft defender has reached a spectacular level of maturing with windows 10. What started as a basic malware protection more serious, it has become one of the best antiviruses on the market, with the advantage that it is free, lightweight, and is already included and activated with the operating system. However, there are times that we may be interested in deactivating it, but is it possible to do it with Windows 11?
When we install a third-party antivirus, Microsoft Defender is disabled. However, there may be times when it is not deactivated properly, or there may be times when we simply want to temporarily disable the antivirus to install something that is detected as a false positive. It is also possible that, on a weak computer, Microsoft Defender consumes a lot of resources; especially when booting the system. There are lighter options, or if we don’t have the internet connected device, we may not even need the antivirus.
Windows 11 allows you to disable antivirus
In the Security section of Windows 11, luckily, we can disable many antivirus functions, including Real-time Protection, which is the one that usually causes problems when it comes to detecting false positives in files that we know are safe. This protection can only temporarily deactivate, but the rest of the protection modules can be permanently disabled.
So, effectively, we can temporarily disable the protection in Windows. To do this, we go to Settings in Windows 11, and there we enter the Privacy security tab. In there, let’s windows security. Once there, click on the option that says Antivirus and threat protection. In there, we just have to go to the part of managing the configuration of Real-time protection, and disable it.
It can also be permanently disabled
This deactivation is temporary, so if we want to deactivate it completely, we will have to go to the Local Group Policy Editor. To go to this section, it is necessary to disable the function of Tamper Protection within the same section where real-time protection is temporarily disabled.
To do this, we look for theLocal Group Policy Editor«, or gpedit.msc. In there, let’s Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus. Once we get there, we look for the option «Disable Microsoft Defender Antivirus«. We double click, and we give Enabled. Now we just have to restart, and we will have the Windows 10 antivirus permanently disabled.
These are the best options we have for disable Microsoft Defender in Windows 11. Another option is to use programs like Defender Control or Configure Defender. This type of program allows you to manage a multitude of settings directly from the program and with a couple of clicks without having to navigate through the system settings.
ALL LG Smart TVs can be hacked through the Internet and DTT
The SmartTV They have all kinds of protection mechanisms against vulnerabilities. Some even integrate antivirus to prevent malware from entering them, and all their apps are carefully analyzed. However, they always end up discovering vulnerabilities, so some people prefer not to connect tvs to the internet. The problem is that they got to hack some remotely without even having them connected to the Internet.
The vulnerability has been discovered by the hacker David Buchanan, also know as retr0id. This fault consists of remote code execution via DVB-T standard. In other words, the broadcast of the exploit is carried out through the signal that reaches DTT through the antenna socket. Needless nor that the TV is connected to the Internet in order to exploit the vulnerability.
It hacks through DVB-T and HbbTV
The error consists in executing scripts to generate a DVB-T transmission with metadata from HbbTV, the standard used LovesTV. With these scripts, a web page is loaded on top of the video feed, containing a V8 n-day exploit. Buchanan says that now all he needs to do is find another vulnerability that allows him to escalate privileges on the TV for even more absolute control.
The exploit works on a 2019 LG Smart TVs. Until now, this type of attack required the Smart TV to be connected to the Internet, but now all it takes is for it to be turned on. Buchanan says it may also be possible to hack a TV that’s turned off, but he needs to keep testing.
The bug is still unpatched on LG TVs, whose latest update was released last January 13th. The vulnerability has been published on January 14, so LG has not had time to fix it yet. Although the bug has been exploited on a 2019 TV, Buchanan says the bug can be exploited on 2020 and 2021 models. However, these models use newer versions of Chrome as their browser, so an n-day exploit will be needed. different.
In the video that Buchanan has uploaded to his Twitter account, you can see how you can get almost total control of the TV, showing notifications, messages, and even choosing the video you want to play on it.
RCE over DVB-T
This is a 2019 model LG TV pic.twitter.com/o724k3K3IE
— David Buchanan (@David3141593) January 14, 2022
The vulnerability demolishes all those comments that say that “if you are concerned about your privacy, do not connect the TV to the Internet”. Now, it is possible to hack LG TVs without them being connected to the Internet. However, the flaw can be mitigated by disabling HbbTV’s autostart feature, although Buchanan says that many other vulnerabilities remain in DVB.
I just got DSMCC Carousels working.
That means the exploit still fires even if the TV is not connected to the internet. The entire exploit is served over the airwaves.
Everyone who said “just don’t connect it to the internet” can shut up now 😛 https://t.co/KSYMsdVmqo
— David Buchanan (@David3141593) January 14, 2022
Any LG TV can now be rooted
With this exploit it is possible root lg tv. There is a tool called RootMyTV, which makes it easier to take advantage of the vulnerability to install the homebrew channel on a TV after rooting it. Thanks to this, it is possible to install unauthorized applications and created by the community, such as moonlit to remotely play your PC games (since webOS does not have the Steam Link app), YouTube with enhanced features, RetroArch to play emulators, and many more to come in the future.
After the vulnerability, they have updated RootMyTV to the version 2.0, where, just by entering the website of rootmy.tv from an LG television, it is already possible root it to install apps on it. All current LG models can be rooted with this method, including those updated to version 04.30.57 released this week. The automatic system updates are disabled after rooting in case there is any problem with the updates. In case you want unroot, you just have to do a factory-reset of the TV to return it to the factory settings, so the method is quite safe.
— David Buchanan (@David3141593) January 14, 2022
YouTube has a new option for children to listen to music safely
Google is expanding the possibilities of supervised accounts so that parents can implement them in new applications. Just like YouTube,...
YouTube will have an option to loop your favorite part of the video
YouTube is preparing a new option that will allow you to loop some interesting part of the video, without having...
Bruce Campbell mocks Spider-Man 4 production on Twitter; look!
Through his social networks, actor and producer Bruce Campbell decided to play a prank on his childhood friend Sam Raimi,...
Instagram reduces visibility of ‘potentially harmful’ content
Instagram is implementing a new dynamic to reduce the visibility of content that can be “potentially harmful”. A new dynamic...