When Crypto-currency Recovery Is Time Sensitive

wefightforsecurityMarch 5, 2021March 7, 2021Uncategorized

Picture of bitcoin to resemble our bitcoin recovery

Written by Planet Zuda Staff and Luciolle24

Not all crypto-currency is recoverable, though we can recover a lot of it, even without a password. Some ways crypto-currency is stored can be retrieved without a password, but it is extremely time sensitive. This case was so time sensitive, we were paid to have a car drive us down to LA and then dig through the browsers cache. Browser cache doesn’t last forever and some browsers erase the oldest data first, even if you don’t delete it.

It took some work, but we were able to find the wallet and the wallet address, which no one knew. We were then able to reset the password and recover what would now be worth around 28 thousand dollars of Ethereum. This wouldn’t have been possible if the company hadn’t left the computer alone till we got there and called us the moment the issue occurred.

Hardware wallets are different, but this was a browser situation, which isn’t as easy as hardware wallet recovery.

If you have a problem with your crypto-currency and need it recovered, contact us ASAP.

I Could’ve Got Arrested By The UN By Reporting A Hack

wefightforsecurityMarch 4, 2021April 13, 2021Uncategorizedscary hacker stories, united nations, united nations cyber security, united nations hacked

How the right thing in cyber security could’ve ended with me disappearing…

Written by Planet Zuda Staff

We are starting a new series here, documenting our experiences while helping others and how things can go a bit crazy. Especially when you figure out something concerning one of the biggest societies in the world.

So how did I almost get arrested by the UN? It all started on a sunny day when I searched for a certain hack and the United Nations website came up. As you might know the United Nations has their own legal jurisdiction and operates outside of the normal legal system, which wasn’t really something I wanted to experience from the inside…

I spent the next few months looking for a friend who works for RAND. When he popped back up at weekly bowling, I knew it was the perfect occasion: I told him what I was up to now and asked him how he thought I should report to the UN. He clearly stated the risks and I asked him if he would be willing to bail me out if something went wrong. He chuckled at first, but finally decided to get on board with my plan as he still had contacts in the UN if things went south.

Even though it was really risky I knew reporting this was the right thing to do… So, I called up the United Nations and spoke to, I believe an ambassador of sometype, who was a very smooth talker. The following is the closest we could bring to your eyes about what happened during that phone call…

Me: “Hi, I am calling to tell the UN has been hacked.”

UN:” Well then action will be taken against the person who hacked us and you will be detained”

“Me: I didn’t hack you”

UN:” Well, who did?”

Me: “I don’t know!”

UN:” Then what do you want from me!!!”

Me:” I want to talk to your cyber security department”

UN: “We have an IT guy”

transfers to the IT guy

“Hi, the UN has been hacked”

At this point I was able to use my tech skills and explain how new pages were added to the united nations site and how their old version of Joomla was exploited. The dude was still freaking out, but in an appreciative way by the end of the call.

There is plenty of documentation about their compromises from 2008-2018 and also our other reports in 2018

www.un.org hacked. Notified by Agd_Scorp (zone-h.org)

www.un.org hacked. Notified by Turkz.org (zone-h.org)

www.un.org hacked. Notified by eno7 (zone-h.org)

We hope you enjoy these honest and transparent articles, on what we do and how things actually go, so you can get a glimpse behind the scenes.

Since we strongly believe in good journalism, we are noting that GuardianCosmos refutes what happened claiming he was employed at the United Nations and that is public information. After reviewing his employment status for over the last decade, and not finding any mention of him with the United nations, we have no reason to believe his claims are factual. If they were factual, it would not change what we noted above or what any of our witnesses can attest too.

We find it important due to the refuting of our experience with the U.N that the United Nations has a public record of trying to keep hacks underwraps .

Persistent XSS VS Sql Injections

wefightforsecurityJanuary 20, 2021January 20, 2021Uncategorizedpersistent xss, sql injection, sqli, what is sql injection, what is xss, xss

What Is Persistent XSS?

Persistent XSS, also known as persistent cross site scripting is a way to inject code into a sites database. The way this occurs is due to areas in the code, called parameters that don’t do proper security checks that communicate with the database.

You might be thinking that this sounds a lot like sql injection, and while there are similarites, there are also differences. We have one awesome example of persistent XSS art by a grey hat hacker we interviewed. He demonstrated how he put pages onto a site allowing file uploads among other things, that wasn’t his. XSS can be a method to deliver malicious code into a site, or for non-malicious purposes creating harmless pop ups.

What is the difference between sql injection and Persistent XSS?

Sql injections use the SQL language and XSS generally uses javascript. That’s one main difference. Persistent XSS can get saved to a database or stored in a file, the effects of these two differ slightly. SQL injections target the data stored in the database, usually in an attempt to steal, alter or modify that data.

Persistent XSS can end up stored in a database adding code, but the use cases are different. XSS can add malware onto your device or trick you into submitting data through a form, among other things. SQL injections as detailed above are more focused on stealing straight from the database.

Roblox Malware Bypasses Parental Controls

wefightforsecurityJanuary 13, 2021January 25, 2021Uncategorizedbad kid games, hacked games, hacked kids games, kids games, kids malware, parental controls roblox, roblox, roblox hacked, roblox malware

Roblox is a game platform where anyone can make a game and interact with others. Roblox simplifies this process in their game creation software called Roblox Studio. Once you load Roblox Studio you go to view and choose toolbox to get to the models. These model creations in the toolbox can be shared and re-used in as many games as possible. This makes the issue wide-spread effecting countless games.

Roblox toolbox holiday models some infected with malware — Some of these models have malware

These models can be anything from Santa’s house to a zombie running around. Unfortunately, malware thrives on the roblox platform. We were made aware of the issue by Audrey Ortiz-Parrott, a 10 year old, who was trying to make safe games. We looked into the issue, we dived into a world of beautiful, fun malware you can play with as a character in Roblox games.

Is It Roblox malware that disabled safe chat?

Most are unaware of what we call Roblox malware, but they do know some games let them do actions they aren’t supposed to do. One feature is built by Roblox for parents who have children under 13 so they don’t talk to people in chat. A semi-popular piece of Roblox malware put in models bypasses that by disabling the parental safe chat, it then puts the player into guest chat mode. This occurs without them or their parents permission. This means strangers can talk to your kids in infected games. The name of that malware is Guest free chat script, Guest Talking Script, and Guest_Talking_Script.

We try to make things as easy to understand for people who aren’t security researchers. We settled on the word malware for this issue. Is this malware? Technically this would be called a logic bug in Roblox, but the design was prime for malicious uses.

Malware turns off parental safe chat, let's minors to talk to anyone, including adults. — One of the popular variants that bypasses roblox parental controls

Roblox could easily take care of this issue by writing a few lines of code and wiping out the majority of malware on their platform. This is possible due to the majority of the malware has the same name and same exact code in every model. This occurs, because It is shared with others who rarely modify it.

Sexual messages Malware

We are concerned about malware that injects sexual messages into chat. It says a roblox user called AmazingOmegaJames is the best person to contact for a good sexual time. His username AmazingOmegaJames is also the same name you will find his malicious script under. Unfortunately, it is in so many infected roblox models games, deleting one script won’t stop it. Deleting all the malicious scripts at once is simple to do for Roblox. It’s also worth noting that there are variants of this malware as well. This is disturbing to say the least.

After a request for comment from a reporter, all the malware we originally listed was purged. Unfortunately, the sexual messages have returned under a new name. Roblox could setup a program to automatically delete this code even when the file name changes. This is not hard to do.

Sexual messages in roblox — Roblox sexual messages added into chat by the games script.

There is a lot of other malware on Roblox, which is why we contacted them. we told them we’d like a comment, which we’ve yet to receive.

If you are a parent and this makes you concerned, you have a right to be. The good news is that this malicious code only impacts the player while they are in the current game. Once they leave the infected game, the malware stops, until they go to another game with malware.

Is this actually malware? Technically it is code unknowingly and unwittingly put into games by the game creators that abuses the chat platform, again that could be used in a malicious way. We don’t like to split hairs over names, as we want people to know about the problem in an easy to digest format. We’ve been made aware that some may like to know the technical specifics.

Chat messages from non-existent Roblox Player

The H4XX :3 malware also known as I’m getting TIRR3D sends chat messages that you frequently see in many Roblox games. These messages range from mean to violating the terms of service. The reasons you see these mean comments a lot is because of the script h4xx :3.

The malware will cause chat messages to pop up saying among other things “Hiyas! I’m a proud member of an awesome game called roblox! Wanna join it? Haha.” It has a myriad of other responses, including one that bypasses the swearing filter, to others that are just annoying. The reason we consider this malware is because it antagonizes users from a non-existent user, so they can’t be banned. Technically it is just code that abuses the platform.

Roblox malware H4XX :3 also known as I'm getting TIRR3D — More Roblox chat malware

List Of Roblox Malware

Other roblox malware that while disturbing, we have yet to write up about are listed below.

ROFL, 4D Being, Anti-Lag, Infected, Snap Reducer, Spreadify, Kill tem!, join teh moovment!”, Wormed, Trashed, asdf, J0HNSCRIPT, ROLF,kill tem, Anti-Lag2, Antivirus, Lolzorz,soz i herd u lik mudkipz,Nice little scripty, flamespread, spread, spreader. and Harmless little scripty. Some have attempted anti-viruses for roblox but none work.

We hope Roblox takes notice of this issue and starts doing something about their rampant malware issue impacting the safety of children. A few days after we wrote this there was a big purge onfmalware from the roblox site. All the malware we listed has been removed from known infected models when added to a new game. This doesn’t mean everything is malware free, some scripts like vaccine a variant of spreadify still exist.

Cyber Security Awareness Month

wefightforsecurityOctober 11, 2020January 20, 2021Uncategorizedcyber security awareness, cyber security awareness month, cyber security month, information security awareness, information security month, infosec awareness, infosec month

What is Cyber Security Awareness Month?

For most people, October is the month of ghosts and goblins, but for the last 17 years, October is also Cyber Security Awareness Month in the USA.

Now in its 17th year, Cyber Security Month builds on the momentum initiated jointly by National Security Agency (NCSA) and the Cyber Security Infrastructure Agency (CISA), and now cyber security month reaches more than 1.5 million members and over 1,000 organizations across the country.

Cyber Security Awareness Month is extremely useful to try and educate people world-wide about how to protect themselves online.

NCSA helps to promote understanding and awareness during Cyber Security Month through brochures, websites, seminars and programming. . ^{Sources: 9, 14, 15}

Throughout October, you will have the opportunity to obtain a variety of resources that will help you better understand the importance of cybersecurity and the simple steps you can take to protect your own business, your family and your business.

Is Cybersecurity awareness month Only for Government Agencies?

There are many successful public-private partnerships that are so important for cybersecurity. GGA provides free educational resources and services to raise awareness of the importance of cybersecurity and ensure that the public has the opportunity to be safer and safer online. The overall aim of these events is to demonstrate the value of building a smart cyber workforce and to help people strengthen their own security awareness by making them enjoy themselves. ^{Sources: 4, 10, 13}

Canada joined the United States in celebrating Cyber Security Awareness Month in October. The aim is to raise awareness of cyber security threats, promote cybersecurity among citizens and organizations and provide resources to protect the Internet through education and exchange of best practices.

In October, participating groups launched a campaign to raise awareness of online security as part of their ongoing efforts to promote identity protection and combat cyber threats. ^{Sources: 16}

National Cybersecurity Awareness Month aims to raise awareness and accountability for information security. Led by the US Department of Homeland Security and the National Cyber Security Alliance (NCSA), Cyber Security Awareness Month provides an opportunity to ensure that everyone has the resources they need to stay safe online. The initiative will be implemented from 1 October to 31 October 2017 in partnership with the US Government Accountability Office (GAO). In October, the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), and other organizations launched a campaign to provide information, tips, and tools to educate the public about the importance of cybersecurity and combat cyber threats. ^{Sources: 2, 5, 7, 14}