Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
How the CIA failed Iranian spies in its secret war with Tehran
https://www.reuters.com/investigates/special-report/usa-spies-iran/
Cảnh báo chiến dịch tấn công sử dụng lỗ hổng ZERO DAY trên Microsoft Exchange Server | Blog | GTSC - Cung cấp các dịch vụ bảo mật toàn diện
https://www.gteltsc.vn/blog/canh-bao-chien-dich-tan-cong-su-dung-lo-hong-zero-day-tren-microsoft-exchange-server-12714.html
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | Blog | GTSC - Cung cấp các dịch vụ bảo mật toàn diện
https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
On Detection: Tactical to Functional | by Jared Atkinson | Sep, 2022 | Posts By SpecterOps Team Members
https://posts.specterops.io/on-detection-tactical-to-functional-ceb3ad0e3809
Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors | Mandiant
https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening
blackorbird on Twitter: "Exchange 0day exploit in wild. #APT https://t.co/2UuA8DlrVh https://t.co/xqO0uP6QYO" / Twitter
https://twitter.com/blackorbird/status/1575521156966535168
ZINC weaponizing open-source software - Microsoft Security Blog
https://msft.it/6018d8lvr
Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware
https://thehackernews.com/2022/09/brazilian-prilex-hackers-resurfaced.html
briankrebs on Twitter: "Someone's been creating a ton of fake CISO profiles on LinkedIn for major corporations. What's more, a lot of this info is getting ingested by various sources that then make it even harder to tell the truth in search results. Victor Sites CISO of Chevron? No. Real CISO on left. https://t.co/baORcFLSmd" / Twitter
https://twitter.com/briankrebs/status/1575528459077656576
Kevin Beaumont on Twitter: "🚨 There’s reports emerging that a new zero day exists in Microsoft Exchange, and is being actively exploited in the wild 🚨 I can confirm significant numbers of Exchange servers have been backdoored - including a honeypot. Thread to track issue follows:" / Twitter
https://twitter.com/GossiTheDog/status/1575580072961982464
Prilex: Brazilian PoS malware evolution | Securelist
https://securelist.com/prilex-atm-pos-malware-evolution/107551/
Pre-Conference Training - Wild West Hackin' Fest in Deadwood
https://wildwesthackinfest.com/deadwood/training-2022/
Hackers now sharing cracked Brute Ratel post-exploitation kit online
https://www.bleepingcomputer.com/news/security/hackers-now-sharing-cracked-brute-ratel-post-exploitation-kit-online/
GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
https://github.com/punk-security/dnsReaper
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East | Broadcom Software Blogs
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage
Nord Stream pipelines: European security officials observed Russian Navy ships in vicinity of leaks | CNN Politics
https://www.cnn.com/2022/09/28/politics/nord-stream-pipeline-leak-russian-navy-ships/index.html
A technical analysis of Pegasus for Android – Part 2 – CYBER GEEKS
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
Joel Schectman on Twitter: "We interviewed six Iranians who had worked with the CIA as spies and informants and got caught. A Reuters investigation found CIA negligence likely led to their capture. https://t.co/r7FdkkxSF4" / Twitter
https://twitter.com/joel_schectman/status/1575454772961886209
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
https://thehackernews.com/2022/09/researchers-uncover-covert-attack.html
GitHub - D1rkMtr/DumpThatLSASS: Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
https://github.com/D1rkMtr/DumpThatLSASS
Webinar Registration - Zoom
https://zoom.us/webinar/register/WN_pWaFS2A2T3uaLW_ALraTdA
Chaos is a Go-based Swiss army knife of malware - Lumen
https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/
Former NSA Employee Arrested on Espionage-Related Charges | OPA | Department of Justice
https://www.justice.gov/opa/pr/former-nsa-employee-arrested-espionage-related-charges
Statement on the fatal flaws found in a defunct CIA covert communications system - The Citizen Lab
https://citizenlab.ca/2022/09/statement-on-the-fatal-flaws-found-in-a-defunct-cia-covert-communications-system/