Arnold on Twitter: "I love the Russian people. That is why I have to tell you the truth. Please watch and share. https://t.co/6gyVRhgpFV" / Twitter
https://twitter.com/schwarzenegger/status/1504426844199669762
CVE-2022-26500 Veeam Backup & Replication RCE - 先知社区
https://xz.aliyun.com/t/11041
PT SWARM on Twitter: "🔥 Veeam fixed an Unauth RCE (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication and a Local Privilege Escalation (CVE-2022-26503) in Veeam Agent for Microsoft Windows found by our researcher @ultrayoba. Advisory: https://t.co/tRYsKBn3HD https://t.co/0zMluR7Zki" / Twitter
https://twitter.com/ptswarm/status/1503360681978077185
Embedding standards and pathways across the cyber profession by 2025 - GOV.UK
https://www.gov.uk/government/consultations/embedding-standards-and-pathways-across-the-cyber-profession-by-2025/embedding-standards-and-pathways-across-the-cyber-profession-by-2025
BIG sabotage: Famous npm package deletes files to protest Ukraine war
https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/
From XSS to RCE (dompdf 0day) | Positive Security
https://positive.security/blog/dompdf-rce
Browser In The Browser (BITB) Attack | mr.d0x
https://mrd0x.com/browser-in-the-browser-phishing-attack/
Have Your Cake and Eat it Too? An Overview of UNC2891 | Mandiant
https://www.mandiant.com/resources/unc2891-overview
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure - Microsoft Security Blog
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/
Exposing initial access broker with ties to Conti
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
Emotet EPOCH5 3/16/2022 – 3/17/2022 - Pastebin.com
https://pastebin.com/1X0tWnsY
TryHackMe | One Million People Use TryHackMe!
https://tryhackme.com/resources/blog/one-million-users
mr.d0x on Twitter: "I published a blog article detailing a phishing technique I called Browser in the Browser (BITB) Attack. It's very simple but can be very effective. I also published templates on my Github feel free to test them out. https://t.co/EKArJoaMp7 https://t.co/Z0weuhKCmW" / Twitter
https://twitter.com/mrd0x/status/1503801717414105089
Exposing initial access broker with ties to Conti
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti
SOC Core Skills w/ John Strand - Antisyphon
https://www.antisyphontraining.com/soc-core-skills-w-john-strand/
Tweet / Twitter
https://twitter.com/Bing_Chris/status/1504185317338845184
Abusing Azure Hybrid Workers for Privilege Escalation | Azure Penetration Testing
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation/
GitHub - microsoft/routeros-scanner: Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.
https://github.com/microsoft/routeros-scanner
Purchase Inquiry_pdf.pub (MD5: 3AEECE5CFCBF529D0F5427A7E72740E0) - Interactive analysis - ANY.RUN
https://app.any.run/tasks/b11bd085-b42f-48ca-823b-0ea5bdcd8521
New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware
Ben Lewis on Twitter: "At the Ukraine/Poland border. Tired women and children leaving their country. They’re being pestered by American preachers telling them they all need to accept Jesus as their saviour and their lives will be better. Receiving a lot of eye rolls in response. https://t.co/Fjyc8ppKVe" / Twitter
https://twitter.com/benlewismedia/status/1504048686766211073
Strengthening Cybersecurity of SATCOM Network Providers and Customers | CISA
http://go.usa.gov/xzEXS
cr8escape: New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/
Snyk on Twitter: "🚨 Vue.js applications with the dependency "node-ipc" are experiencing a critical supply chain vulnerability as part of a protest against the invasion of Ukraine. It also includes a new transitive dependency package named "peacenotwar". (1/2) https://t.co/hTf47SKgdP" / Twitter
https://twitter.com/snyksec/status/1504202271529201665
Kleptocracy Asset Recovery Rewards Program | U.S. Department of the Treasury
https://home.treasury.gov/about/offices/terrorism-and-financial-intelligence/terrorist-financing-and-financial-crimes/kleptocracy-asset-recovery-rewards-program
New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html
Ukraine Secret Service Arrests Hacker Helping Russian Invaders
https://thehackernews.com/2022/03/ukraine-secret-service-arrests-hacker.html
conti leaks on Twitter: "emotet ФИНАЛЬНАЯ СХЕМА СЕРВЕРА 82.202.192.66 https:\nssh -> front-1:443 -> frontB:443 -> backend:443 ssh->185.9.18.154:443 ->91.193.180.23:443->82.202.192.66\n http:\nnginx -> front-2:80 -> frontB:443 -> backend:443 ssh->188.241.120.42:80->91.193.180.23:443->82.202.192.66"" / Twitter
https://twitter.com/ContiLeaks/status/1498614197202079745
SMB Authentication Rate Limiter in Insider builds - Microsoft Tech Community
https://aka.ms/smbauthratelimiter
Microsoft Defender tags Office updates as ransomware activity
https://www.bleepingcomputer.com/news/security/microsoft-defender-tags-office-updates-as-ransomware-activity/
John Åkerblom on Twitter: "iOS 15.4 fixes a kernel vulnerability introduced in iOS 15.0 beta that causes corruption of ipc_kmsgs leading to powerful primitives that can be used for local privilege escalation from WebContent and app sandbox" / Twitter
https://twitter.com/jaakerblom/status/1504103474757533699
GitHub - kleiton0x00/Advanced-SQL-Injection-Cheatsheet: A cheat sheet that contains advanced queries for SQL Injection of all types.
https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet