Google to Acquire Mandiant | Mandiant
https://www.mandiant.com/company/press-release/mgc
Put an io_uring on it: Exploiting the Linux Kernel - Blog | Grapl
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
https://dirtypipe.cm4all.com/
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments | Mandiant
https://www.mandiant.com/resources/apt41-us-state-governments
https://haxx.in/files/dirtypipez.c
https://haxx.in/files/dirtypipez.c
An update on the threat landscape
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
GitHub - klezVirus/SysWhispers3: SysWhispers on Steroids - AV/EDR evasion via direct system calls.
https://github.com/klezVirus/SysWhisper3
New Linux bug gives root on all major distros, exploit released
https://www.bleepingcomputer.com/news/security/new-linux-bug-gives-root-on-all-major-distros-exploit-released/
Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability
https://thehackernews.com/2022/03/researchers-warn-of-linux-kernel-dirty.html
HHRG-117-IG00-Wstate-HainesA-20220308.pdf
https://docs.house.gov/meetings/IG/IG00/20220308/114469/HHRG-117-IG00-Wstate-HainesA-20220308.pdf
HTTPVoid Research | HTTPVoid is a research oriented team of computer security.
https://httpvoid.com/?p=Circumventing-Browser-Security-Mechanisms-For-SSRF.md
Christo Grozev on Twitter: "In the call, you hear the Ukraine-based FSB officer ask his boss if he can talk via the secure Era system. The boss says Era is not working. Era is a super expensive cryptophone system that @mod_russia introduced in 2021 with great fanfare. It guaranteed work "in all conditions" https://t.co/MlIt8NNwLE" / Twitter
https://twitter.com/christogrozev/status/1500973926436020226
Van on Twitter: "🚨🚨 We’re releasing research on a persistent #APT41 campaign targeting U.S. state governments from May ‘21 – Feb ‘22. Grab a biker jacket, studded belt, hair bleach and read our SUMmary of #APT41’s activities. Highlight 🧵 https://t.co/2G4hnWgrHv" / Twitter
https://twitter.com/Wanna_VanTa/status/1501211244560269312
NB65 on Twitter: "Stay tuned for Kaspersky source code leak. #Ukraine️" / Twitter
https://twitter.com/xxNB65/status/1501265001037795335
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates | Proofpoint US
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
PROPHET SPIDER Exploits Citrix ShareFile | CrowdStrike
https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/
SATCOM terminals under attack in Europe: a plausible analysis.
https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html
Alec Muffett on Twitter: "This is possibly the most important and long-awaited tweet that I've ever composed. On behalf of @Twitter, I am delighted to announce their new @TorProject onion service, at: https://t.co/Un8u0AEXeE https://t.co/AgEV4ZZt3k" / Twitter
https://twitter.com/AlecMuffett/status/1501282223009542151
2021 Year In Review – The DFIR Report
https://thedfirreport.com/2022/03/07/2021-year-in-review/
FBI: Ransomware gang breached 52 US critical infrastructure orgs
https://www.bleepingcomputer.com/news/security/fbi-ransomware-gang-breached-52-us-critical-infrastructure-orgs/
Jacqui Heinrich on Twitter: "Separately, some members of congress are beginning to advocate for a non-kinetic no-fly zone – something to the effect of using electromagnetic pulse, sonar, and cyber to keep Russian jets on the ground so they can never take off. Unclear how much support this will end up getting" / Twitter
https://twitter.com/jacquiheinrich/status/1500961829509636099
grsecurity - The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
How to Remove Telegram Messages from Your Phone
https://www.vice.com/en/article/m7vk9q/advice-on-how-to-use-telegram-safely
Conti Ransomware Group Diaries, Part IV: Cryptocrime – Krebs on Security
https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime/
Christo Grozev on Twitter: "Jesus, Ukraine just killed Gen. Maj. Vitaly Gerassimov, chief of staff of the 41 Army. At Kharkiv. Russia, if you're listening: delete your army." / Twitter
https://twitter.com/christogrozev/status/1500959074653024259
Blue Team Con on Twitter: "🚨 ANNOUNCING 🚨 The @BlueTeamCon 2022 Speakers and Talks! Also: Tickets on sale next Tuesday, March 15th at 9:00am CST. Talk Track 1 (50-mins): https://t.co/sLarbBMpcH Talk Track 2 (30-mins): https://t.co/J3SRy02vwr Speaker Bios: https://t.co/k4jDo8t2sz" / Twitter
https://twitter.com/blueteamcon/status/1501241345754738691
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Erin Reed on Twitter: "Idaho's house just passed HB 675. It passed by a vote of 55-13. It would make providing gender affirming care to trans teens a felony with a life sentence.. Worse... it makes leaving the state with your trans teen to move elsewhere and provide them with care a felony as well. https://t.co/k3jX086h9a" / Twitter
https://twitter.com/ErinInTheMorn/status/1501314842992467975
Listen, Rebecca… 😡🗯 on Twitter: "Nobody wants to see your cat walking across camera in your work video call. It's not cute, it's annoying and unprofessional." / Twitter
https://twitter.com/anon_opin/status/1500772002713542657
Position Independent Code Development & ETW Evasion @Un1k0d3r's Patreon (Charles Hamilton) - YouTube
https://youtu.be/lRXpTAPOK1U
Branch History Injection - VUSec
https://www.vusec.net/projects/bhi-spectre-bhb
Austin Baker on Twitter: "We have a new remote US opening on our team - looking for experienced (5+yrs) infosec pros who intimately understand the attacker lifecycle, have expertise in at least one area (DFIR, RE, Intel, etc.), (1/2) https://t.co/VxROEg1ytG" / Twitter
https://twitter.com/BakedSec/status/1478194390271156224?s=20&t=qFVHcvi8jEfm1n1MXy4tsA
Cobalt Strike Roadmap Update - Cobalt Strike Research and Development
https://www.cobaltstrike.com/blog/cobalt-strike-roadmap-update/
CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
https://blog.cloudflare.com/cve-2022-26143/
chompie on Twitter: "Thrilled to share my new blog post: Put an io_uring on it: Exploiting the Linux kernel. Follow me while I learn a new kernel subsystem + its attack surface, find an 0day, build an exploit, + come up with some new tricks. I go deep and demystify the process https://t.co/bGEHcjWXrP" / Twitter
https://twitter.com/chompie1337/status/1501267770473734146
Expanding the Hound: Introducing Plaintext Field to Compromised Accounts - TrustedSec
https://www.trustedsec.com/blog/expanding-the-hound-introducing-plaintext-field-to-compromised-accounts/
AutoWarp Microsoft Azure Automation Vulnerability - Orca Security
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Expert IT Training for Networking, Cyber Security and Cloud | INE
https://bit.ly/3tCo0wS
Christo Grozev on Twitter: "This is not the worst part. In the phone call in which the FSB officer assigned to the 41st Army reports the death to his boss in Tula, he says they've lost all secure communications. Thus the phone call using a local sim card. Thus the intercept. https://t.co/cgHHo7VaRi" / Twitter
https://twitter.com/christogrozev/status/1500970445889327118
BTC 2022 Speaker Bios - Blue Team Con
https://blueteamcon.com/2022/talks/speaker-bios/