Same campaign
The autorun.inf would be in the flash drive, not the executable they uploaded to Any.Run. Were any pics of the flash drive contents shared?
Nothing sophisticated about this attack.
The people who DDoSed Internet Archive never claimed to be behind the breach. That was some media companies who misreported this. The breach happened over a week before the DDoS attack, according to Troy Hunt. Stop…
Article says API token was stolen in original breach.
This is bad enough. This alone is a privacy bug/data leak. Theoretically, someone could scrape the pages and compile a list of exposed email addresses.
There is a strange dynamic between the threat actors who conduct these breaches and researchers. When not used for extortion and for "status" in the hacking community, they share them with researchers (commonly HIBP) to…
More details here about the data breach. Stolen database contains 31 million records. https://www.bleepingcomputer.com/news/security/internet-arch...
It's doubtful to me that this is due to malware. Many malware hijack search settings. However, very few hijack default browsers themselves these days. In the past (10 years ago) it was much more common. Furthermore, I…
Including Firefox who previously bypassed it: https://www.theverge.com/2021/9/13/22671182/mozilla-default-...
So you bought and fed 14,500 books into the AI to make these summaries?
Title is clickbait. I am sure the content of the article clears it up, but the title implies Microsoft is forcing all users to pay for normal security updates. In reality, it's your choice to stay on an end-of-support…
Because the title makes it sounds like Microsoft will charge for any security update in the future. These are for end of life products and it is very common for companies to require additional support contracts to keep…
Such BS clickbait. This article should be removed from Ycomb. Microsoft is not charging anyone for security updates unless you wish to use the operating system after end of life.
There is absolutely nothing wrong with trying different titles on a story.
Very common to get access to the Azure/Local AD in ransomware attacks. That Bing CMS bug was only exploited by the researchers who disclosed it to MS.
I have NordVPN on one device. Nothing in their license agreement and no settings for this at all. Doesn't appear they are recruiting devices into this residential proxy service.
Actually, looks like they understand how the leaks occurred. Just not that AWS automatically decrypts the files, making it unable to protect against those types of breaches.
Looks like this change is more to protect against Insider threats, ie Amazon employees or their infrastructure is compromised, and to make it easier to comply with some security policies that require EAR.
Debunked over and over. This is just more clickbait.
Sorry, but this is a joke of a response. When they started sending out password reset emails, they should have explained why. Not only when people started complaining, and the media picked up on the lack of transparency.
If you login with a different profile, is the GoGuardian software still running? Or is it only running on the managed school account?
Factory reset and not logging into the account again, should fix the issue.
Prosecute for what, though? It's very common for school accounts to take over a chromebook until you remove their profile/perform factory reset. This sounds more like a Google issue for allowing this behavior in the…
The Chromebook isn't ruined. Just do a factory reset and do not log into the school account. I know it doesn't help the op's kids who needs the CB for school, but there is nothing being done that a factory reset can't…
Same campaign
The autorun.inf would be in the flash drive, not the executable they uploaded to Any.Run. Were any pics of the flash drive contents shared?
Nothing sophisticated about this attack.
The people who DDoSed Internet Archive never claimed to be behind the breach. That was some media companies who misreported this. The breach happened over a week before the DDoS attack, according to Troy Hunt. Stop…
Article says API token was stolen in original breach.
This is bad enough. This alone is a privacy bug/data leak. Theoretically, someone could scrape the pages and compile a list of exposed email addresses.
There is a strange dynamic between the threat actors who conduct these breaches and researchers. When not used for extortion and for "status" in the hacking community, they share them with researchers (commonly HIBP) to…
More details here about the data breach. Stolen database contains 31 million records. https://www.bleepingcomputer.com/news/security/internet-arch...
It's doubtful to me that this is due to malware. Many malware hijack search settings. However, very few hijack default browsers themselves these days. In the past (10 years ago) it was much more common. Furthermore, I…
Including Firefox who previously bypassed it: https://www.theverge.com/2021/9/13/22671182/mozilla-default-...
So you bought and fed 14,500 books into the AI to make these summaries?
Title is clickbait. I am sure the content of the article clears it up, but the title implies Microsoft is forcing all users to pay for normal security updates. In reality, it's your choice to stay on an end-of-support…
Because the title makes it sounds like Microsoft will charge for any security update in the future. These are for end of life products and it is very common for companies to require additional support contracts to keep…
Such BS clickbait. This article should be removed from Ycomb. Microsoft is not charging anyone for security updates unless you wish to use the operating system after end of life.
There is absolutely nothing wrong with trying different titles on a story.
Very common to get access to the Azure/Local AD in ransomware attacks. That Bing CMS bug was only exploited by the researchers who disclosed it to MS.
I have NordVPN on one device. Nothing in their license agreement and no settings for this at all. Doesn't appear they are recruiting devices into this residential proxy service.
Actually, looks like they understand how the leaks occurred. Just not that AWS automatically decrypts the files, making it unable to protect against those types of breaches.
Looks like this change is more to protect against Insider threats, ie Amazon employees or their infrastructure is compromised, and to make it easier to comply with some security policies that require EAR.
Debunked over and over. This is just more clickbait.
Sorry, but this is a joke of a response. When they started sending out password reset emails, they should have explained why. Not only when people started complaining, and the media picked up on the lack of transparency.
If you login with a different profile, is the GoGuardian software still running? Or is it only running on the managed school account?
Factory reset and not logging into the account again, should fix the issue.
Prosecute for what, though? It's very common for school accounts to take over a chromebook until you remove their profile/perform factory reset. This sounds more like a Google issue for allowing this behavior in the…
The Chromebook isn't ruined. Just do a factory reset and do not log into the school account. I know it doesn't help the op's kids who needs the CB for school, but there is nothing being done that a factory reset can't…