Welcome to the Off-Shore Club

The #1 Social Engineering Project in the world since 2004 !

Important Notice:

✅UPGRADE YOUR ACCOUNT TODAY TO ACCESS ALL OFF-SHORE FORUMS✅

[New]Telegram Channel

In case our domain name changes, we advise you to subscribe to our new TG channel to always be aware of all events and updates -
https://t.me/rtmsechannel

OFF-SHORE Staff Announcement: 30% Bonus on ALL Wallet Deposit this week


For example, if you deposit $1000, your RTM Advertising Balance will be $1300 that can be used to purchase eligible products and service on forums or request withdrawal. The limit deposit to get the 30% bonus is $10,000 for a $3000 Marketplace wallet balance Bonus.

Deposit Now and claim 30% more balance ! - BTC/LTC/XMR


Always use a Mixer to keep Maximum anonimity ! - BTC to BTC or BTC to XMR

🗂️Keep in Mind VirusTotal Breached, Cybersecurity workers exposed !

⚠️Always Remember to keep your identity safe by using a Zero-KYC Zero-AML like https://coinshift.money⚠️

Gold

Agent47

Admin
Staff member
Instructor
USDT(TRC-20)
$11.0
The web service virustotal.com (founded by the Spanish company Hispasec Sistemas, taken over by Google), which has been operated by Google since 2012, is popular among security researchers and companies for checking suspicious files for malware. However, there are warnings about how critical automated documents uploaded to Virustotal are with regard to data protection and data leaks, because the data can be viewed by third parties. And even registering with virustotal.com is not a good idea, as a data leak shows. The Austrian media STANDARD has received a list of registered customers of virustotal.com, which disclose names of employees including e-mail addresses. Some of those affected, from secret services or companies, would rather not see their data in public.


The platform virustotal.com points out in its terms and conditions that the uploaded files are viewed by third parties. If the documents contain internal company information or explosive material, this becomes public when uploaded. Therefore, the service is helpful, but latently bears the risk that something can go tremendously wrong when using it. In addition to a BSI warning from 2022, a new case shows what can go wrong.

In March 2022, German Federal Office for Information Security (BSI) had published a security warning (PDF document in German) dealing with automatic file uploads.

In the document, a screenshot was published where the BSI suspects that leaked BSI alerts from recipients of the BSI distribution list are automatically uploaded to virustotal.com. If a list with the BSI distribution list is then also uploaded to virustotal.com, the recipients would be quasi-public – something that should/will be avoided. This is because many of the people do not want to be publicly identified with their work.

New leak exposes virustotal customer list​

The Austrian STANDARD has received a file of only 313 kilobytes that would have been better never to become public. At the end of July 2023, this file probably reached the Internet via a data leak. The file is explosive: It contains a list of 5,600 names of customers of the virustotal.com platform who were registered there. This includes employees of the US intelligence agency NSA and German intelligence agencies.

How the file exactly became public (e.g. as an upload to Virustotal) is not revealed. However, based on the characteristics of the data, the file must have originated from the inner environment of virustotal.com.
The STANDARD, which has the file with the list, writes that in each case it contains the name of the organization and the e-mail address of the employees who registered the account on virustotal.com.


  • 20 accounts belong to the U.S. "Cyber Command"; also represented are users of the U.S. Department of Justice, the U.S. Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).
  • According to STANDARD, other accounts belong to official bodies from the Netherlands, Taiwan and Great Britain.
  • From Austria, addresses from the Federal Ministry of Defense and the Interior Ministry are on the list.
  • Three employees of the German BSI are also listed – site Golem write that employees of the Federal Criminal Police Office (BKA), the Military Counter-Intelligence Service (MAD) and the Federal Office for Telecommunications Statistics (BFSt) are also included in the list.
  • The list also includes employees of German companies: around 30 employees of Deutsche Bahn, as well as other employees of the Bundesbank and various Dax giants such as Allianz, BMW, Daimler and Deutsche Telekom are represented, it says.
According to the STANDARD, it has checked the data together with German news magazine Der Spiegel, and the data is probably genuine. The incident shows how critical online activities are when data gets into the hands of unauthorized third parties via a leak. In the above case, there is a risk that the captured data will be misused for cyber attacks by means of social engineering.

Some more details​

Addendum: Recorded Future News reported within this article, that emails for ministries in Germany, Japan, the United Arab Emirates, Qatar, Lithuania, Israel, Turkey, France, Estonia, Poland, Saudi Arabia, Colombia, the Czech Republic, Egypt, Slovakia and Ukraine has been found in the leaked file. The media cites a Google spokesman as:

We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform.
We removed the list from the platform within an hour of its posting and are looking at our internal processes and technical controls to improve our operations in the future.
UK Ministry of Defence (accounts for almost half of the emails associated with the gov[.uk] domain) getting cited, that:

We are aware of a data breach from a third party involving the details of MoD employees. None of the data was sensitive and all details have now been removed.
The National Cyber Security Centre is understood to be aware of the leak and unconcerned about its potential impact. A spokesperson for the Nuclear Decommissioning Authority (NDA) said to Recorded Future News: "Employee email addresses may be available in the public domain for a variety of reasons, which is why we provide ongoing training and awareness for staff of the risks associated with phishing emails."

The Pensions Regulator told Recorded Future News: "We take cyber security extremely seriously and have controls in place to prevent malicious emails from infiltrating our systems."

BTW, the leaked list reveals, that some military personnel are using personal accounts with email providers like Gmail, Hotmail, and Yahoo. So impacted organizations considers it a low-risk incident.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Friendly Disclaimer We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
🚨 Do not get Ripped Off ! ⚖️ Deal with approved sellers or use RTM Escrow on Telegram
Gold
Mitalk.lat official Off Shore Club Chat


Gold

Panel Title #1

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Panel Title #2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Top