On the footsteps of the Daemon Tools supply chain compromise, it appears the popular JDownloader file downloader has been victim of a similar attack as well: https://www.reddit.com/r/jdownloader/comments/1t6goqe/is_the_website_hacked/. Post contains a link to samples for further analysis.

Unsure if related to the former attack at the current time. Could just be another actor decided to move up their timetable.

Website at jdownloader[.]org is currently down as well.

I don't normally have a lot to say about my Congressperson, @jeffcrank, good or bad, but in this case I have to give him and his staff kudos for this mailing I received from his office.

The holiday season is a prime time for fraudsters and scammers to take advantage of and prey on people, and this flyer is an excellent reminder of some of the most common dangers from these criminals.

About the only thing I'd add is a link to @cisagov, because so many crimes take place online these days, and those brave men and women are often at the point of the spear when it comes to dealing with that.

They also have a lot of good advice and reminders about securing devices, which is super important this time of year as many people purchase new computers and smartphones without realizing their software needs to be updated and default settings may need to be changed for privacy and security.

Tip for phishers: When sending fake #McAfee invoices in attempt to get someone to call ☎️ + give you their bank card details💳, you should capitalize the "A" in McAfee.

Grammar matters, especially when conducting credit card fraud.

I keep an archive of all of the device drivers for all of the hardware I use for a number of reasons:

• It is an easy and convenient way to roll back to an earlier version of something if the latest driver isn't working, especially if you don't have network access or limited network access.

• It lets you install drivers for older hardware that the manufacturer may not offer for download any more, without having to rely on third-party websites (some of dubious quality). That's even more important when the manufacturer is no longer in business.

• It can even be handy for security research, like trying to find out when a vulnerability was introduced (or fixed), validating a BYOVD attack, or as a clean set for fixing false positive detections.

I have seen that the installers for the desktop and notebook versions of #NVIDIA's drivers were the same size, but did not pay too much attention to this, because I know from previous employers that such things can be attributed to very small changes between product SKUs, like strings for product or operating system names, etc.

Going through some upgrades of my backup process, I decided to take a look at Nvidia's drivers, since over time they have been taking up more and more space, and as much as I like having a library of drivers, I don't need duplicates in it.

So, I was not altogether surprised to see that the installers for desktop and notebook versions of the installation packages generated identical CRC-32's and 32-bit checksums (I skipped MD5's, SHA-1's or other hashes for brevity).

It seems like I can save myself some disk space by deleting the duplicate files. I haven't checked to see if NVidia performs any logic checks against the filename, but those are easy enough to check against should I need to reinstall a particular package.

Oh, the screen shot is from Funduc Software's Duplicate File Finder, just in case you're wondering. There are plenty of similar utilities out there, and it is definitely something you can script yourself, but I have used a few of their utilities in the past so it was already installed on this PC.

My latest podcast for @ESETresearch is now live!

Listen in as ESET's experts discuss Sandworm’s🪱new data wiper, UnsolicitedBooker’s relentless campaigns, attribution challenges amid tool-sharing, + other key findings from the latest APT Activity Report at https://www.welivesecurity.com/en/podcasts/eset-apt-activity-report-q4-2024q1-2025-malware-sharing-wipers-exploits/

Does anyone have any recommendations for handles that could be attached to these small Wi-Fi antenna tools? They are about 40mm × 5mm × 1mm in size.

I thought lock pick handles might work but those all seem to need longer hardware.

So, there I was, minding my own business, and this delivery truck rolls up.

I wonder what could be inside?

#LenovoIN #ThinkPadThursday

A few folks have reached out to me asking about Mr. McAfee's Twitter account. I would suggest not reading too much into it: Mr. McAfee is deceased and friends, family or business partners are running the account now.

I guess there's a kind of symmetry to use the account to promote memecoins after John's death.

Interesting use of Messenger icons in Facebook ads to trick people into clicking on them.

Domains are:

lightssplash[.]shop
wildwestshine[.]com

in case you would like to block accidental click-throughs.