Researchers at Sangfor published the PoC, in what appears to have been a mistake, or a miscommunication between the researchers and Microsoft. The test code was quickly deleted, but not before it had already been forked on GitHub.
https://twitter.com/edwardzpeng/status/1409810304091889669
>At least Windows works.
PushpinREvil affiliate "sub:8254" - watch for changing logged-on user's pass & config to automatically login on reboot as "DTrump4ever"
https://twitter.com/LloydLabs/status/1411098844209819648
-
If launched as a service, sleeps for 1000ms indefinitely
-
If ServiceCrtMain is called, main malicious logic is unwrapped
-
Initial payload is unpacked, XOR'd using a calculated key and execution continues
>DTrump4ever
https://www.bleepingcomputer.com/news/security/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode/
REvil ransomware now changes password to auto-login in Safe Mode
A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords.
In March, we reported on a new Windows Safe Mode encryption mode added to the REvil/Sodinokibi ransomware. This mode can be enabled using the -smode command-line argument, which would reboot the device into Safe Mode, where it would perform the encryption of files.
It is believed that this mode was added as a way to evade detection by security software and to shut down backup software, database servers, or mail servers to have greater success when encrypting files.
However, at the time of our reporting, the ransomware required someone to manually login to Windows Safe mode before the encryption would start, which could raise red flags.
New version automatically logs Windows into Safe Mode
At the end of March, a new sample of the REvil ransomware was discovered by security researcher R3MRUM that refines the new Safe Mode encryption method by changing the logged-on user's password and configuring Windows to automatically login on reboot.
With this new sample, when the -smode argument is used, the ransomware will change the user's password to 'DTrump4ever.'
The ransomware then configures the following Registry values so that Windows will automatically login with the new account information.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultUserName"="[account_name]"
"DefaultPassword"="DTrump4ever"
While it unknown if new samples of the REvil ransomware encryptor continue to use the 'DTrump4ever' password, at least two samples uploaded to VirusTotal in the past two days continue to do so.
These changes illustrate how ransomware gangs continuously evolve their tactics to successfully encrypt victims' devices and force a ransom payment.
REvil also recently warned that they would perform DDoS attacks on victims and email victims' business partners about stolen data if a ransom is not paid.
>https://en.wikipedia.org/wiki/San_Francisco_Committee_of_Vigilance
The catalyst for its formation was the criminality of the Sydney Ducks gang
https://en.wikipedia.org/wiki/Sydney_Ducks
The Sydney Ducks was the name given to a gang of criminal immigrants from Australia in San Francisco, during the mid-19th century. Because many of these criminals came from the well-known British penal colonies in Australia, and were known to commit arson, they were blamed for an 1849 fire that devastated the heart of San Francisco, as well as the rampant crime in the city at the time.
>airports are torture chambers
>https://t.me/Teoanon17/3674
>the taste of blood does not attract me.
>omg. when did this devolve into nerdville?
>i9 speed demon
Install linux as dual boot. The only reason to keep Windows is to play Subnautica.
https://apnews.com/article/john-kerry-donald-trump-archive-b8446cbf5b504b1abaf49eb0d646367b
US sent $221 million to Palestinians in Obama’s last hours
WASHINGTON (AP) — Officials say the Obama administration in its waning hours defied Republican opposition and quietly released $221 million to the Palestinian Authority that GOP members of Congress had been blocking.
A State Department official and several congressional aides said the outgoing administration formally notified Congress it would spend the money Friday morning. The official said former Secretary of State John Kerry had informed some lawmakers of the move shortly before he left the State Department for the last time Thursday. The aides said written notification dated Jan. 20 was sent to Congress just hours before Donald Trump took the oath of office.
In addition to the $221 million for the Palestinians, the Obama administration also told Congress on Friday it was going ahead with the release of another $6 million in foreign affairs spending, including $4 million for climate change programs and $1.25 million for U.N. organizations, the congressional aides said. The aides and the State Department official weren’t authorized to speak publicly on the matter and demanded anonymity.
Congress had initially approved the Palestinian funding in budget years 2015 and 2016, but at least two GOP lawmakers — Ed Royce of California, the chairman of the House Foreign Affairs Committee, and Kay Granger of Texas, who sits on the House Appropriations Committee — had placed holds on it over moves the Palestinian Authority had taken to seek membership in international organizations. Congressional holds are generally respected by the executive branch but are not legally binding after funds have been allocated.
The Obama administration had for some time been pressing for the release of the money for the Palestinian Authority, which comes from the U.S. Agency for International Development and is to be used for humanitarian aid in the West Bank and Gaza, to support political and security reforms as well as help prepare for good governance and the rule of law in a future Palestinian state, according to the notification sent to Congress.
The $1.25 million for U.N. agencies is to be used as voluntary contributions to the U.N. Peacebuilding Fund; the U.N. Special Coordinator on improving the U.N. response to sexual exploitation and abuse; the Montreal Protocol Secretariat, which oversees the protection of the ozone layer; the Inter-American Commission on Human Rights; and the U.N. System Staff College.
The $4 million for climate programs includes assistance for clean energy, sustainable landscapes, cutting greenhouse gas emissions and creating a climate technology center.
The last-minute allocation also contained $1.05 million in funding for the State Department’s Special Representative for Afghanistan and Pakistan office and the Bureau of South and Central Asian Affairs.
The Palestinian funding is likely to draw anger from some in Congress as well as the Trump White House. Trump has vowed to be a strong supporter of Israel and has invited Israeli Prime Minister Benjamin Netanyahu to visit Washington next month.
He has also pledged to move the U.S. Embassy in Israel from Tel Aviv to Jerusalem, although White House spokesman Sean Spicer said Monday a final decision on that had yet to be made. Despite speculation in Israel that an announcement of the move is imminent, Spicer said the decision-making process is only in its very early stages.
“If it was already a decision, then we wouldn’t be going through a process,” Spicer told reporters.
>US sent $221 million to Palestinians in Obama’s last hours
Secretary of State John Kerry speaks with the media in Paris. Defying Republican opposition, officials say the Obama administration in its waning hours quietly released $221 million to the Palestinian Authority that GOP members of Congress had been blocking. The official said John Kerry had informed some lawmakers of the move shortly before he left the State Department for the last time on.
https://apnews.com/article/africa-health-coronavirus-pandemic-religion-102ce7e1bf0d81df12e04cbf0e019e4f
LGBTQ youth of faith pray, bond at ‘Beloved Arise’ group
Jessika Sessoms grew up in a conservative Black evangelical family, attended Christian schools and often heard that being gay was an abomination, until she understood that she was queer while studying to become a missionary.
The 23-year-old from Florida came out publicly last year and has found healing and a sense of community after joining Beloved Arise, a Christian nonprofit dedicated to celebrating and empowering LGBTQ youth of faith.
Maria Magdalena Gschwind, 20, from Germany, credits the U.S.-based group for inspiring her to study Protestant theology in college at a time when she had doubts about whether her sexuality would conflict with her faith. Samuel Cavalheiro, 21, a Brazilian living in Mozambique, feels so connected to the group’s members that he calls them his “chosen family.”
They are among hundreds of young people worldwide who have joined Beloved Arise during the coronavirus pandemic to worship, sing and bond virtually. The group celebrated its second annual Queer Youth of Faith Day on Wednesday — the last day of Pride Month — with podcasts, concerts, online panels of teens and seminars on LGBTQ history and churches.
“We wanted to do something that would be there to uplift and honor … queer youth of all faiths,” the Rev. Ashley DeTar Birt, program coordinator for Beloved Arise, said during one of the panels.
“Something that would let them know that there’s no contradiction between being a queer and trans person and being a person of faith … that those things can go together.”
Across the U.S., circumstances vary widely for LGBTQ youth seeking religious engagement.
Some major denominations, including the Roman Catholic Church and the Southern Baptist Convention, condemn same-sex unions and say all sexual activity outside of a marriage between a man and a woman is sinful. But thousands of houses of worship, including many mainline Protestant churches and synagogues, have LGBTQ-inclusive policies.
“I can tell you how important it is to accept because I’m proof of that. I grew up in a church where LGBT people were accepting and accepted and loved,” said DeTar Birt, who was ordained as a Presbyterian minister and has worked as a Sunday school teacher and youth pastor. “I came out in college and … I had a lot of trepidation and anxiety around it, but the church wasn’t part of that.”
Beloved Arise was founded in Seattle in February 2020 by Jun Love Young, a former board member of Christian development agency World Concern. He grew up in a Catholic family in the Philippines and kept quiet about his queer identity until his mid 40s.
“And it was due to religious pressure, which is why I created Beloved Arise, so that other kids wouldn’t have to wait until their forties,” he said.
“I was so surprised in my forties to learn that what I thought I knew about the Bible was gravely misinformed, and I just want young people to be aware that in every faith tradition there is a progressive faith that has searched the sacred texts and has created an open space for queer identities,” he said, adding that he felt safe to come out thanks in part to affirming theology.
Young said his nonprofit aims to empower and provide resources for young LGBTQ people, “who often face rejection and shaming at home, at schools and in their faith communities.” He said the group has grown to more than 400 members and expanded its social media presence during the pandemic to tens of thousands of followers on Instagram and TikTok.
“TikTok is a platform that has enabled us to reach digital natives, Gen Z,” he said about the generation born after 1996.
“Unlike other youth ministries that exist, we started digital, we were born in the cloud,” Young added. “And we were born during the pandemic, where the only way people had to connect was through digital means, so that really gave us the foresight and sensitivity to pay attention to where kids are hanging out.”
Americans are becoming less religious in the formal, traditional sense, and the trend is more marked among young adults, according to Pew Research Center surveys from recent years. Young people are less likely to pray daily, attend religious services or believe in God.
Still, surveys show younger Americans are just as spiritual as their older counterparts, and many have found other expressions of faith outside formal religion.
Beloved Arise holds popular weekly youth gatherings online where its members pray, sing and discuss scriptures.
“This group is basically my chosen family,” said Cavalheiro, who chats with other members on WhatsApp throughout the week after their virtual worship. The son of Brazilian Baptists living in Mozambique, he still struggles to talk about his sexuality with his family. But he feels understood by other members of Beloved Arise.
“It feels like we’ve known each other for a lifetime,” said Cavalheiro, a college freshman studying computer science in Maputo. “We’ve been through the same pain … (it) binds us together.”
Gschwind grew up Catholic, and her faith was always important to her. But she said she felt unwelcome when she got involved with a Pentecostal church in New Zealand during her gap year.
“I was pretty open about it from the start, but then I realized that queerness is something a lot of Christians see as a sin,” she said. “So I started to question myself a lot.”
Joining Beloved Arise influenced her choice of college major.
“If I hadn’t found this youth group, I would probably not have studied theology … because I would probably be at a point where I don’t want to have anything to do with Christianity and theology,” she said. “Because I met a lot of people who engage in theological discussions and have different perspectives on things … I just realized that theology was something that excites me a lot.”
Sessoms had hoped to become a missionary. But she began to question her path when she felt attracted to a woman while they attended Liberty University, a Christian institution in Virginia with a strict code of conduct forbidding “sexual relations outside of a biblically-ordained marriage between a natural-born man and a natural-born woman.”
“Reconciling all of that with my sexuality was hard because we were taught that gay people were an abomination, that it’s not God’s will,” said Sessoms, who is now a senior studying marketing at the University of North Florida in Jacksonville.
“And it’s been really healing. It’s been really nice to be around people who identify as me, have been through the same struggles as me, people who take their faith seriously but also celebrate who they are as an LGBTQ person.”
Associated Press journalists David Crary, Emily Leshner and Jessie Wardarski contributed to this report.
Associated Press religion coverage receives support from the Lilly Endowment through The Conversation U.S. The AP is solely responsible for this content.
https://apnews.com/article/philippines-plane-crashes-ebfe276f195550702e9dc664facba50a
Philippine military plane crashes, 31 dead, 50 rescued
MANILA, Philippines (AP) — A Philippine air force C-130 aircraft carrying combat troops crashed in a southern province while landing Sunday, killing at least 29 army soldiers on board and two civilians on the ground, while at least 50 were rescued from the burning wreckage, officials said.
Some soldiers were seen jumping off the aircraft before it crashed and exploded around noon in the periphery of the Jolo airport in Sulu province, military officials said. Two of six villagers who were hit on the ground have died.
Defense Secretary Delfin Lorenzana said rescue and recovery efforts were ongoing. The aircraft had 96 people on board, including three pilots and five crew and the rest were army personnel, the military said, adding 17 soldiers remained unaccounted for by nightfall. The pilots survived but were seriously injured, officials said.
The Lockheed C-130 Hercules was one of two ex-U.S. Air Force aircraft handed over to the Philippines as part of military assistance this year. It crashed while landing shortly before noon Sunday in Bangkal village in the mountainous town of Patikul, military chief of staff Gen. Cirilito Sobejana said.
Military officials said at least 50 people on board were brought to a hospital in Sulu or flown to nearby Zamboanga city and troops were trying to search for the rest. “Per eyewitnesses, a number of soldiers were seen jumping out of the aircraft before it hit the ground, sparing them from the explosion caused by the crash,” a military statement said.
Initial pictures released by the military showed the tail section of the cargo plane relatively intact. The other parts of the plane were burned or scattered in pieces in a clearing surrounded by coconut trees. Soldiers and other rescuers with stretchers were seen dashing to and from the smoke-shrouded crash site.
The plane was transporting troops, many of them new soldiers who had just undergone basic training, from the southern Cagayan de Oro city for deployment in Sulu, officials said.
“They were supposed to join us in our fight against terrorism,” Sulu military commander Maj. Gen. William Gonzales said. Government forces have been battling Abu Sayyaf militants in the predominantly Muslim province of Sulu for decades.
It was not immediately clear what caused the crash. Regional military commander Lt. Gen. Corleto Vinluan said it was unlikely that the aircraft took hostile fire, and cited witnesses as saying that it appeared to have overshot the runway then crashed in the periphery of the airport.
“It’s very unfortunate,” Sobejana told reporters. “The plane missed the runway and it was trying to regain power but failed and crashed.”
An air force official told The Associated Press that the Jolo runway is shorter than most others in the country, making it more difficult for pilots to adjust if an aircraft misses the landing spot. The official, who has flown military aircraft to and from Jolo several times, spoke on condition of anonymity because of a lack of authority to speak publicly.
Initial pictures showed that the weather was apparently fine in Sulu although other parts of the Philippines were experiencing rains due to an approaching tropical depression. The airport in Sulu’s main town of Jolo is located a few kilometers (miles) from a mountainous area where troops have battled Abu Sayyaf militants. Some militants have aligned themselves with the Islamic State group.
The U.S. and the Philippines have separately blacklisted Abu Sayyaf as a terrorist organization for bombings, ransom kidnappings and beheadings. It has been considerably weakened by years of government offensives but remains a threat.
President Rodrigo Duterte expanded the military presence in Sulu into a full division in late 2018, deploying hundreds of additional troops, air force aircraft and other combat equipment after vowing to wipe out the Abu Sayyaf and allied foreign and local gunmen.
Government forces at the time were running after Muslim armed groups a year after quelling the five-month siege of southern Marawi city by hundreds of militants linked to the Islamic State group. More than 1,000 people, mostly militants and long-elusive Abu Sayyaf commanders, were killed in months of intense air and ground assaults.
Sunday’s crash comes as the limited number of military aircraft has been further strained, as the air force helped transport medical supplies, vaccines and protective equipment to far-flung island provinces amid spikes in COVID-19 infections.
The Philippine government has struggled for years to modernize its military, one of Asia’s least equipped, as it dealt with decades-long Muslim and communist insurgencies and territorial rifts with China and other claimant countries in the South China Sea.
https://apnews.com/article/joe-biden-senate-elections-capitol-siege-election-2020-house-elections-62e7985e962e6852ef5041b32c63368c
6 months after Capitol assault, corporate pledges fall flat
As shockwaves spread across the country from the Jan. 6 insurrection at the U.S. Capitol, corporate America took a stand against the lies that powered the mob. Or so it seemed.
Dozens of big companies, citing their commitment to democracy, pledged to avoid donating money to the 147 lawmakers who objected to Congress’ certification of Joe Biden’s victory on the false grounds that voting fraud stole the election from then-President Donald Trump.
It was a striking gesture by some of the most familiar names in business but, as it turns out, it was largely an empty one.
Six months later, many of those companies have resumed funneling cash to political action committees that benefit the election efforts of lawmakers whether they objected to the election certification or not. When it comes to seeking political influence through corporate giving, business as usual is back, if it ever left.
Walmart, Pfizer, Intel, General Electric and AT&T are among companies that announced their pledges on behalf of democracy in the days after Trump supporters stormed the Capitol in a violent bid to disrupt the transfer of power.
The companies contend that donating directly to a candidate is not the same as giving to a PAC that supports them. Given America’s porous campaign finance laws, that’s a distinction without a difference to campaign finance experts.
The companies’ argument also glosses over the fact that, in large measure, they did their giving through PACs before their pledge, rather than to individuals, so in many cases nothing changed.
“Pledging not to give to a certain person doesn’t mean that much when there are so many other ways that corporate money reaches elected officials,” said Daniel Weiner, a former senior counsel at the Federal Election Commission who now works at the Brennan Center for Justice at New York University’s law school. “These pledges are largely symbolic.”
Walmart’s moral stand lasted three months. In January, the retail giant said it would suspend all donations to the 147 lawmakers who objected to the election results. But in April, the company gave $30,000 to the National Republican Congressional Committee, the party organization that supports House Republicans in elections.
Two-thirds of those House members voted against certifying Biden’s win.
Walmart gave an additional $30,000 to the House committee’s counterpart for Senate Republicans, the National Republican Senatorial Committee. That group is led by an objector to the election’s certification, Sen. Rick Scott of Florida, who stands to benefit from the contribution along with seven other GOP senators who also sought to overturn the will of voters. Messages left with both committees by The Associated Press were not returned.
In January, after the attack, General Electric said it would “halt donations to lawmakers who voted against certification” because “we believe it is important to ensure that our future contributions continue to reflect our company’s values and commitment to democracy.” But that’s not exactly what happened.
In April, General Electric gave $15,000 each to the House and Senate GOP election groups.
Likewise, Pfizer pledged to suspend contributions to Republican objectors for six months. But after only three months, it gave $20,000 to the GOP’s Senate group. Pfizer spokeswoman Sharon Castillo told the AP that the company drew a distinction between giving money to individual lawmakers and to groups created to help those same lawmakers. “We just don’t think it is an accurate connection,” she said.
Yet she said Pfizer had no commitment from the Senate election committee that the company’s donation would not be used to benefit the eight senators who voted against certification.
AT&T also pledged not to give money to lawmakers who objected, but the company sent $5,000 in February to the House Conservatives Fund. Company spokeswoman Margaret Boles said AT&T received assurances the money would not flow to lawmakers who objected to election results, though the PAC is led by a lawmaker who did.
Campaign finance experts say there’s no way to know whether the money given to Republican PACs will end up directly in the campaign accounts of incumbents who objected to the election results. These Republican committees, like the ones for Democrats, help incumbents in a variety of ways, whether through direct contributions or technical and professional help with voter data, advertising and get-out-the-vote assistance.
Moreover, corporate donations to the party committees do not include so-called dark money contributions given to groups that are not required to disclose details publicly. Dark money is a favored vehicle for corporate giving.
“It’s completely frustrating from an accountability point of view,” Ciara Torres-Spelliscy, a Stetson University Law School professor who studies corporate campaign finance.
Many of the lawmakers who objected to the certification leaned heavily on the GOP House and Senate election committees in the past and can be expected to want substantial help from them again.
For the 2020 election, the NRCC passed along contributions to 39 Republican lawmakers who later objected to the election result, compared with 11 who did not. Altogether, the objectors of Jan. 6 got five times more money in total last year than did those who later voted to certify the states’ electoral tallies.
Pfizer, GE, Walmart and other companies contacted by the AP said their criticism of lawmakers who objected to the election results stands.
For other companies, the pledges may just be a cynical attempt to look good in the eyes of the public. Few of the companies that made pledges tended to give big donations to individual lawmakers anyway, preferring the big party PACs or dark money groups.
Weiner said that if companies were serious about using their clout to support democracy, they would fund efforts to defeat Republican measures that would make it harder to vote in many states.
“I don’t think these companies are giving to these groups because they supported the insurrection,” Weiner said. “They give money — and are pressured to give money — for a lot reasons all related to their bottom line.”
Some companies did follow through on their pledges. Hallmark, for instance, said it would not donate to objectors — and the record to date shows no PAC donations by that company this year as well as no direct giving to the 147 objectors.
Hallmark also asked two objectors, Republican Sens. Josh Hawley of Missouri and Roger Marshall of Kansas, to return direct contributions it made to them before the insurrection. Campaign finance records do not yet show those refunds. Messages seeking comment from the two senators were not returned.
Other companies said they would halt campaign contributions following Jan. 6 to give them time to reassess their campaign finance strategy. That list includes Charles Schwab, Citigroup, Archer Daniels Midland and Kraft Heinz.
The money given to Republican groups by companies that pledged not to support objectors is small compared with the huge amounts of cash given overall. Walmart’s $60,000 contribution to the GOP Senate and House committees is just a fraction of the company’s overall political spending on both parties, which last year topped $5 million.
Companies often give money to Democrats and Republicans alike as they try to cultivate good relations with whichever party is in power. The companies behind the pledges are no exception.
Jan. 6 seemed to shake up that calibration. The violent images from the Capitol were so visceral, the assault at the core of American democracy so extraordinary and the falsehoods behind the attack so audacious that some loyal Republicans abandoned their president and denounced the objectors in their ranks.
If the objectors got their way, Senate Republican leader Mitch McConnell of Kentucky said that fraught night, “our democracy would enter a death spiral.”
For a time, all but the 147 seemed on the side of the angels, and corporations jostled to get on board with their pro-democracy pledges. But the devil was in the details.
https://apnews.com/article/venezuela-immigration-business-coronavirus-pandemic-health-72e16118a21cf9ae3d0d4c9204f24643
Driven by pandemic, Venezuelans uproot again to come to US
https://apnews.com/article/joe-biden-capitol-siege-business-electoral-college-media-efe0ea1092bc11c6d3f42ea4ef752d98
Rioters accused of erasing content from social media, phones
https://apnews.com/article/joe-biden-science-united-nations-coronavirus-pandemic-health-89c26f334f399f71fe5cace8663eb10f
Experts question if WHO should lead pandemic origins probe
https://apnews.com/article/tx-state-wire-jeff-bezos-science-2b7f734eecefea80de8c1c5eebf239ee
Richard Branson announces trip to space, ahead of Jeff Bezos
https://apnews.com/article/droughts-climate-change-science-government-and-politics-environment-and-nature-dd8ef971f3083006b6f314e24d530f27
Water crisis reaches boiling point on Oregon-California line
What show was that?
https://en.wikipedia.org/wiki/Honda_NSR500