Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

XWAUForceflow

Member
  • Content Count

    55
  • Joined

  • Last visited

Awards

This user doesn't have any awards

About XWAUForceflow

  • Title
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Absolutely, there are ways to secure the devices, but the responsibilities for this lies mostly in the IT departments hands and not in the end-users hands. Never ever rely on the end-user for your security, they are part of the chain for sure, but they are also the weakest link that has to be separated from the rest. You have to expect that part of the chain to fail and you need to make sure that this does not lead to a catastrophic failure. Yeah, from what I gathered the attack didn't come from the originally infected system at all. It appears that the original malware owners didn
  2. No he didn't, he did it on his personal PC. If the institute expects him to use his own PC for work then that is on them. BYOD means the company must secure against attacks, not you as a user. It's your PC, you can do what you want and you cannot be expected to keep it secure. That simply is way beyond the capabilities of the average Joe. Yes using cracked software was really stupid, but this really shouldn't be the focus of this story. He could have just as easily been infected by a drive-by-download or a phishing mail, or any other means of attack. The companies IT departmen
  3. But he didn't do it on the corporate environment. He did it on his own PC. Unfortunately he also was allowed to use this PC to remotely connect to the institute. Because he did this the malware was able to steal his credentials and use said credentials to log into the network from a completely different system and then infect it. Nothing he did infected the institutes systems, the only thing that he was responsible for was that his credentials were stolen. Yes that is bad, and no he shouldn't have used cracked software, but not using two factor authentication for remote connecting
  4. They should put a challenge up to the Corridor Crew to see what those guys could do in 20 minutes...
  5. Wow, that is a) a really cool find on your end and b) just shows the amount of detail love and care LTT puts into their merch!
  6. Well, it's not as easy as just restoring the backup and be done. The most obvious question is: is the backup still there? What makes you think a hacker will only target a few servers and then be done with it? A good cyber attacker will make sure they know what your backup system is and make sure they will attack it as well. This can go from just simply destroying or encrypting the backup-data to even compromising the backup-data, hiding Trojan horses within the backup that trigger once a system is restored. (One of the reasons why I am such a huge fan of using tape-backups as a last defense. O
  7. Small update that I heard. Apparently the direct infrastructure to control the pipelines was not affected because this is indeed on a separate network. However the impact of the attack was still big enough that it was decided to shut down the pipelines. (I am guessing that it's next to impossible to monitor the pipelines currently so it was safer to shut them down) Due to the reduced resource requirements because of Covid the company does not think it will lead to any serious issues in the availability of the resources. A state of emergency was never the less called: https://www.ft.c
  8. Do you have multiple monitor connectors? I've had it that for some reason the BIOS would only display on a certain output and not all of them. Windows is more flexible when it comes to that, so from your description I would call that highly likely...
  9. Summary A cyber attack threatens the distribution and production of the US' fuel supply. Details are sparse but already show how vulnerable critical infrastructure is to attacks. Quotes My thoughts Hopefully the situation will be resolved quickly and service will resume, but this really should be a wake-up call. Critical infrastructure like this needs to be better protected. Especially because attacks like this will become more frequent and the players attacking targets like this will become only better at it. Not to mention that those are also prime targe
  10. Well, he said he'd move in a few weeks anyways so honestly even taping down the cables was already more than I would've done
  11. Mhm... but what is the actual error coming up when you try to boot into Windows? And do you get any options from System Restore? Is your disk listed in the BIOS? Can you access the disk from the command prompt at all?
  12. Maybe this will help: https://www.windowslatest.com/2021/03/16/windows-10-kb5001567-released-to-fix-kb5000802-bsod-printing-issue/ Apparently there is a fix for the issues caused by KB5000802 and a way to install them. You might be able to install that one from safe-mode or after you go back to the older version and then make sure it's also installed before rebooting. I am not sure it will work as your issues with the KB does not sound like the issue most other people are having, but it might be worth a try.
  13. Can you give some more details on what's going on? Are you getting a bluescreen on boot or what's the issue. I just heard about a faulty update from Windows that triggers on AM4-Mainboards with X570 from Gigabyte and using NVMe-SSD as your boot device. Essentially it installs the wrong driver and Windows cannot access the device properly. The supposed fix is to go into repair mode and select the last known recovery point which should load to original driver again and let you boot up windows again. Once inside Windows do not reboot as it will just install the wrong driver again. You
  14. He didn't have a super high clearance, but you don't need that to attack a company, please read the full article. The institute offers a remote login capability and allows to use personal devices to do use this. (Without a two factor authentication) What he did was install the pirated software on his own laptop. Of course he can do this, it's his own device. The malware that came with the pirated software then took his credentials that he used for the login to the institute. Those login credentials were apparently then used by someone unknown to log into the institutes system from
  15. Really, no up-to-date backup and no two factor authentication for remote logins? Especially the second one really baffles me, I get why you allow BYOD (even though I don't condone it) but allowing remote connects from BYOD devices without a two factor authentication is pure madness.
×