DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach | Volexity
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Police Linked to Hacking Campaign to Frame Indian Activists | WIRED
https://www.wired.com/story/modified-elephant-planted-evidence-hacking-police/
AIVD disrupts activities of Russian intelligence officer targeting the International Criminal Court | News item | AIVD
https://english.aivd.nl/latest/news/2022/06/16/aivd-disrupts-activities-of-russian-intelligence-officer-targeting-the-international-criminal-court
NBC News on Twitter: "Anna Sorokin, known for taking hundreds of thousands of dollars from friends and businesses while posing as a German heiress, says she's trying to move away from the "scammer persona" and plans to launch a collection of NFTs. https://t.co/k4XzaoK2qO" / Twitter
https://twitter.com/nbcnews/status/1537426037864386561
Obeleu - Google マップ
https://goo.gl/maps/7oCnRZJDzhLscao49
Shadow Credentials - Red Teaming Experiments
https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/shadow-credentials
Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
fred's notes – Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
https://fredericb.info/2022/06/breaking-secure-boot-on-google-nest-hub-2nd-gen-to-run-ubuntu.html
VirusTotal - File - 2bc598361c057879174a09c0833ef223225124d6745df5615a7a1a9c6d273f4c
https://www.virustotal.com/gui/file/2bc598361c057879174a09c0833ef223225124d6745df5615a7a1a9c6d273f4c/detection
VirusTotal - File - 6ddab79a6d836f9c1ed9ab3bbe28a074c0c93bd87f55144ed62b23c0032715d1
https://www.virustotal.com/gui/file/6ddab79a6d836f9c1ed9ab3bbe28a074c0c93bd87f55144ed62b23c0032715d1/detection
2277 - XNU: Flow Divert Race Condition Use After Free - project-zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=2277
Hang Fire: Challenging our Mental Model of Initial Access | by Matt Hand | Jun, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/hang-fire-challenging-our-mental-model-of-initial-access-513c71878767
Hatching Triage | Behavioral Report
https://tria.ge/220616-npjddseefk/behavioral1
CISA’s Easterly Calls for Closing the Cyber Gender Gap | FedTech Magazine
https://fedtechmagazine.com/article/2022/06/cisas-easterly-calls-closing-cyber-gender-gap
GitHub - ufrisk/MemProcFS: MemProcFS
https://github.com/ufrisk/MemProcFS
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
https://thehackernews.com/2022/06/high-severity-rce-vulnerability.html
The Android kernel mitigations obstacle race | The GitHub Blog
https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/
Kevin Beaumont on Twitter: "Microsoft Azure silently install management agents on your Linux VMs, which now have RCE and LPE vulns. Microsoft don’t have an auto update mechanism, so now you need to manually upgrade the agents you didn’t know existed as you didn’t install them. https://t.co/czavbvt8LT" / Twitter
https://twitter.com/gossithedog/status/1437896101756030982
SANS Ransomware Summit 2022, Can You Detect This?
https://thedfirreport.com/2022/06/16/sans-ransomware-summit-2022-can-you-detect-this/
CVE-2022-29149 - Security Update Guide - Microsoft - Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29149
Eugene Finkel on Twitter: "I had good reasons to hate Russian security services before. Now I am just exploding. I feel angry, I feel stupid, I feel naive, I feel tired. I got played. I had him in class. Twice, in fact. One class was half-Zoom during COVID, several interactions outside classroom" / Twitter
https://twitter.com/eugene_finkel/status/1537501602566787074
SANS-Ransomware-Summit-2022-Can-You-Detect-This.pdf
https://thedfirreport.com/wp-content/uploads/2022/06/SANS-Ransomware-Summit-2022-Can-You-Detect-This.pdf
MaliBot: A New Android Banking Trojan Spotted in the Wild
https://thehackernews.com/2022/06/malibot-new-android-banking-trojan.html
MalwareBazaar | SHA256 2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4 (Matanbuchus)
https://bazaar.abuse.ch/sample/2d8740ea16e9457a358ebea73ad377ff75f7aa9bdf748f0d801f5a261977eda4/
Sean Corbett on Twitter: "Tech is dominated by a culture of build first, ask questions later, and it is absolutely the reason so much shit is broken right now." / Twitter
https://twitter.com/sc_codeUM/status/1536954349791895552
Pjotr Sauer on Twitter: "Dutch intelligence agencies say that they have identified a Russian GRU agent who tried to intern at the ICC under a false Brazilian identity. They have also released his rather touching four-page cover letter https://t.co/qRq8hLU5y6 https://t.co/pkZOTC2Svc" / Twitter
https://twitter.com/pjotrsauer/status/1537425030526672900
New cloud-based Microsoft Defender for home now generally available
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-for-individuals-now-generally-available/
MalwareBazaar | SHA256 cc08642ddbbb8f735a3263180164cda6cf3b73a490fc742d5c3e31130504e97c (Matanbuchus)
https://bazaar.abuse.ch/sample/cc08642ddbbb8f735a3263180164cda6cf3b73a490fc742d5c3e31130504e97c/
PoC/mikrotik_jailbreak.py at master · pedrib/PoC · GitHub
https://github.com/pedrib/PoC/blob/master/tools/mikrotik_jailbreak.py
VirusTotal - File - ea937d8090b79f5cf3cc068ad868bcee54efd94ad35fea28999433868aec1c3e
https://www.virustotal.com/gui/file/ea937d8090b79f5cf3cc068ad868bcee54efd94ad35fea28999433868aec1c3e
Akamai Blog | Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
Pedro Ribeiro on Twitter: "My universal UNPATCHABLE ailbreak for MikroTik: 1. Download Cloud Router VM image, boot it in your favourite hypervisor 2. Suspend / save to disk 3. Replace /nova/bin/login with /bin/sh in the saved memory image 4. Restore the running VM from the memory image ur welcome" / Twitter
https://twitter.com/pedrib1337/status/1535317764612624384