Windows XP Source Code Got Leaked All Over the Internet (and other news from Wired)

Windows XP's refusal to die has caused a multitude of security problems; Microsoft stopped officially providing updates to the operating system in 2014, meaning any vulnerabilities largely don't get fixed on the millions of computers that still run it. The situation managed to get even worse this week, as Windows XP source code leaked on the file-sharing site Mega, troll forum 4Chan, and beyond. By combing through source code, hackers can identify potential weak points, making it easier to craft malware that Microsoft likely won't bother defending its zombie OS against. Some reports indicate that the source code has circulated privately for some time now, which may blunt the impact of this wider release. Still, it's not an encouraging development for anyone who hasn't updated their PC in half a decade.
-------------------------------------------------------------------------------------------
Tribune Phishes Newspaper Employees With (Cruel) Fake Bonus Offer
The Tribune Publishing Company has weathered a rough few months and beyond, cutting budgets and jobs as the pandemic has ravaged an already at-risk newspaper industry. So employees were surprised to find an email in their inbox celebrating their new bonus of as much as $10,000. The problem? There was no bonus. It was a phishing test to see who would click. Tribune staff broadly decried the move; dangling a false promise of ready cash to people who have seen colleagues let go and may have been anxious about their own futures with the company is certainly one way to trial a phishing scam, but surely there were less cruel options. (Or maybe just give everyone a Yubikey next time?)
-------------------------------------------------------------------------------------------
Ransomware Group Targets Russia For a Change
Speaking of which! Russian-speaking ransomware gangs typically don't target Russian businesses, in part because the the lines between state-sponsored and for-profit hacking are so blurred. But a group that researchers call OldGremlin has been targeting big businesses there. In fact, it's hitting banks, manufacturing, and other firms exclusively in Russia, according to security firm Group-IB. OldGremlin's methods aren't especially novel; they use spear-phishing attacks to plant a custom backdoor, which they in turn use to download malware to steal an administrator's credentials, and then deploy tailored ransomware. Nothing too crazy! But going after Russia so aggressively is certainly one way to stand out.
-------------------------------------------------------------------------------------------
article:
https://www.wired.com/story/windows-xp-source-code-leak-ransomware-phishing/

 

Thanks for this!