Unrar Path Traversal Vulnerability affects Zimbra Mail
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
Code White GmbH on Twitter: "Bypassing .NET Serialization Binders: case studies for DevExpress (CVE-2022-28684) and Microsoft Exchange (CVE-2022-23277) by @mwulftange https://t.co/G90Qg7gQ9m" / Twitter
https://twitter.com/codewhitesec/status/1541784345119260674
odbcconf | LOLBAS
https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus – Horizon3.ai
https://www.horizon3.ai/red-team-blog-cve-2022-28219
Exploiting Intel Graphics Kernel Extensions on macOS | RET2 Systems Blog
https://blog.ret2.io/2022/06/29/pwn2own-2021-safari-sandbox-intel-graphics-exploit/
Canada’s national police force admits use of spyware to hack phones - POLITICO
https://www.politico.com/news/2022/06/29/canada-national-police-spyware-phones-00043092
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web
https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
Mez0: Vulpes: Obfuscating Memory Regions with Timers
https://mez0.cc/posts/vulpes-obfuscating-memory-regions/
Brendan Carr on Twitter: "TikTok is not just another video app. That’s the sheep’s clothing. It harvests swaths of sensitive data that new reports show are being accessed in Beijing. I’ve called on @Apple & @Google to remove TikTok from their app stores for its pattern of surreptitious data practices. https://t.co/Le01fBpNjn" / Twitter
https://twitter.com/brendancarrfcc/status/1541823585957707776
Red Canary on Twitter: "The #BumbleBee dropper/downloader continues to change. We’re now seeing odbcconf.exe load the malicious DLL (rather than Rundll32). While odbcconf.exe can execute DLL files, we don’t commonly observe it doing so in the wild, so this is an interesting change! #RCIntel https://t.co/oXtXAu77V8" / Twitter
https://twitter.com/redcanary/status/1541838407894171650
Katie Nickels on Twitter: "Here's a #BumbleBee loader behavior we've seen lately that we briefly wanted to share with the community. odbcconf.exe is a lesser-known LOLBIN...learn more about it here: https://t.co/VgneshDbJW Some good peeps to follow for more on 🐝 are @k3dg3 and @pr0xylife" / Twitter
https://twitter.com/likethecoins/status/1541894401684914177
Hatching Triage | Behavioral Report
https://tria.ge/220629-k5qwmagdbj/behavioral1
VirusTotal - File - a6fdd0629ed927d7b38a7309bcfcadd08e6a7368b3f18ca49a7d40c755193312
https://www.virustotal.com/gui/file/a6fdd0629ed927d7b38a7309bcfcadd08e6a7368b3f18ca49a7d40c755193312
Super Easy Memory Forensics
https://www.slideshare.net/IIJ_PR/super-easy-memory-forensics
sample20220629-01.xls (MD5: 18625572BFA5C43E880823C53BED502C) - Interactive analysis - ANY.RUN
https://app.any.run/tasks/1ab6d06e-a244-4a75-a626-4a4c0ea087fb
GitHub - ufrisk/MemProcFS: MemProcFS
https://github.com/ufrisk/MemProcFS
Kostas Kryptos on Twitter: "List of 26 EdDSA libraries whose public api misuse can result to private key exposure. https://t.co/3k2IibIqfN" / Twitter
https://twitter.com/kostascrypto/status/1535579208960790528
The Phantom Credentials of SCCM: Why the NAA Won’t Die | by Duane Michael | Jun, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9
Abusing Cloudflare Workers - Christophe Tafani-Dereeper
https://blog.christophetd.fr/abusing-cloudflare-workers
How security leaders can help their teams avoid burnout - Microsoft Security Blog
http://www.microsoft.com/security/blog/2022/06/28/how-security-leaders-can-help-their-teams-avoid-burnout/
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS) - GoSecure
https://www.gosecure.net/blog/2022/06/29/did-you-know-your-browsers-autofill-credentials-could-be-stolen-via-cross-site-scripting-xss/
New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads
https://thehackernews.com/2022/06/new-fabricscape-bug-in-microsoft-azure.html
Attack on Titan M: Vulnerability Research on a Modern Security Chip
https://troopers.de/troopers22/agenda/tr22-1081-attack-on-titan-m-vulnerability-research-on-a-modern-security-chip/
Bypassing Firefox's HTML Sanitizer API | PortSwigger Research
https://portswigger.net/research/bypassing-firefoxs-html-sanitizer-api
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks - Lumen
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
CISA's Cybersecurity Hiring Event
https://app.brazenconnect.com/events/A3nJDHw
Kim Zetter on Twitter: "Crypto that N Korea stole from 2017-2021 to bypass sanctions has decreased in value from $170 million to $65 million this yr, and a 2021 heist, which had been worth tens of millions, has lost 80% of its value and is now worth less than $10 million https://t.co/GCtqkRdtKk" / Twitter
https://twitter.com/KimZetter/status/1542168076866621442
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
https://thehackernews.com/2022/06/cisa-warns-of-active-exploitation-of.html
code white | Blog: Bypassing .NET Serialization Binders
https://codewhitesec.blogspot.com/2022/06/bypassing-dotnet-serialization-binders.html
Gabriel Pogrund on Twitter: "BREAK: Prince of Wales will not accept suitcases of cash in future, royal source says Palace briefing comes days after the Sunday Times revealed the heir to the throne accepted millions in cash from former Qatari prime minister HBJ https://t.co/1muM4r2dDA" / Twitter
https://twitter.com/gabriel_pogrund/status/1542170162304106498