Suspected Russian Activity Targeting Government and Business Entities Around the Globe | Mandiant
https://www.mandiant.com/resources/russian-targeting-gov-business
Common Active Directory Attacks: Back to the Basics of Security Practices - YouTube
https://www.youtube.com/watch?v=vga7A2tYejE&t=0s
US military's hacking unit publicly acknowledges taking offensive action to disrupt ransomware operations | CNN Politics
https://www.cnn.com/2021/12/05/politics/us-cyber-command-disrupt-ransomware-operations/index.html
GitHub - hasherezade/mal_unpack_drv: MalUnpack companion driver
https://github.com/hasherezade/mal_unpack_drv
NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog
https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe/
uBlock, I exfiltrate: exploiting ad blockers with CSS | PortSwigger Research
https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css
SSRF vulnerability in AppSheet - Google VRP
https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html
Project Zero: Windows Exploitation Tricks: Relaying DCOM Authentication
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
🇬🇧 Phishing campaigns by the Nobelium intrusion set – CERT-FR
https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-011/
Red Sense- Intelligence Operations
https://www.advintel.io/post/corporate-loader-emotet-history-of-x-project-return-for-ransomware
Max_Malyutin on Twitter: "#Emotet and #Bazarloader DLL payload Similarly 🚨 Next stage #CONTI (?) #DFIR #Threatintel File Version Information, the same pattern: Product [a-z]{10} Description rqdads Original Name [a-z]{10}.dll Internal Name [a-z]{10}.dll File Version [0-9]{1}.[0-9]{1}.[0-9]{1}.[0-9]{1} https://t.co/ptQq68Ye3E" / Twitter
https://twitter.com/Max_Mal_/status/1467603148474834952![Max_Malyutin on Twitter: "#Emotet and #Bazarloader DLL payload Similarly 🚨 Next stage #CONTI (?) #DFIR #Threatintel File Version Information, the same pattern: Product [a-z]{10} Description rqdads Original Name [a-z]{10}.dll Internal Name [a-z]{10}.dll File Version [0-9]{1}.[0-9]{1}.[0-9]{1}.[0-9]{1} https://t.co/ptQq68Ye3E" / Twitter](/image/screenshot/e1263fa9c7b7a9ab0a98989992014f72.webp)
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316) | Shenanigans Labs
https://shenaniganslabs.io/2021/04/13/Airstrike.html
Services - The DFIR Report
http://thedfirreport.com/services
Swiss tech company boss accused of selling mobile network access for spying — The Bureau of Investigative Journalism (en-GB)
https://www.thebureauinvestigates.com/stories/2021-12-06/swiss-tech-company-boss-accused-of-selling-mobile-network-access-for-spying
This Swiss Firm Exec Is Said To Have Operated A Secret Surveillance Operation - Bloomberg
https://www.bloomberg.com/news/articles/2021-12-06/this-swiss-tech-exec-is-said-to-have-operated-a-secret-surveillance-operation
Why Does This $10,000 Gucci Xbox Exist? - YouTube
https://youtu.be/JnGXTk57rOU
14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers
https://thehackernews.com/2021/12/14-new-xs-leaks-cross-site-leaks.html
2241 - runc/libcontainer: insecure handling of bind mount sources - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
PSBits/LookForLsassDumpInJournal.c at master · gtworek/PSBits · GitHub
https://github.com/gtworek/PSBits/blob/master/Misc/LookForLsassDumpInJournal.c
SPAR: Supermarket chain confirms ransomware attack has forced stores to close | Science & Tech News | Sky News
https://news.sky.com/story/supermarket-spar-forced-to-close-stores-due-to-cyber-attack-12488466
John Hultquist🌻 on Twitter: "https://t.co/SrzMigyW5Y" / Twitter
https://twitter.com/JohnHultquist/status/1467873277695692806
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks
https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html
0patch on Twitter: "Micropatch for remote code execution in DNS Service (CVE-2021-40469) is available and already applied on all online Server 2008 R2 and Server 2008 computers with 0patch Agent (Enterprise patching policy permitting) https://t.co/KgMFE5aH4Q https://t.co/QK5CNaHezR" / Twitter
https://twitter.com/0patch/status/1461743530271989760
Malicious Excel XLL add-ins push RedLine password-stealing malware
https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/
Tweet / Twitter
https://twitter.com/jess_asli/status/1467626327297642501
bugbounty/403-bypass at main · aufzayed/bugbounty · GitHub
https://github.com/aufzayed/bugbounty/tree/main/403-bypass
Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange
https://thehackernews.com/2021/12/hackers-steal-200-million-worth-of.html
Zoho warns of new zero-day vulnerability exploited in attacks
https://therecord.media/zoho-warns-of-new-zero-day-vulnerability-exploited-in-attacks/
Analysis PO-12062021.ppam (MD5: D01A3D30181731E2490A6D9E6C871507) Malicious activity - Interactive analysis ANY.RUN
https://app.any.run/tasks/0cced000-e855-4d83-a37a-e2c4987bb0cd