Analysing LastPass, Part 1 - MDSec
https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1/
GitHub - embee-research/Yara
https://github.com/embee-research/Yara
akamai-security-research/rpc_toolkit at main · akamai/akamai-security-research · GitHub
https://github.com/akamai/akamai-security-research/tree/main/rpc_toolkit
GitHub - ORCx41/AtomPePacker: A Highly capable Pe Packer
https://github.com/ORCx41/AtomPePacker
All Windows versions can now block admin brute-force attacks
https://www.bleepingcomputer.com/news/microsoft/all-windows-versions-can-now-block-admin-brute-force-attacks/
IcedID_10_12_2022.txt · GitHub
https://gist.github.com/myrtus0x0/30eeaeb9cd051ba9250600cf69eff36f
(ENG) TTPs #8: Operation GWISIN - Analysis on Fully Customized Ransomware Attack Strategies
https://thorcert.notion.site/ENG-TTPs-8-Operation-GWISIN-Analysis-on-Fully-Customized-Ransomware-Attack-Strategies-d17281d2de6143b18aa070e424122ef5
Signature bypass via multiple root elements · Advisory · node-saml/passport-saml · GitHub
https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7
Pwning ManageEngine — From Endpoint to Exploit | by Erik Wynter | Oct, 2022 | Medium
https://medium.com/@erik.wynter/pwning-manageengine-from-endpoint-to-exploit-bc5793836fd
Android leaks some traffic even when 'Always-on VPN' is enabled
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/
MDSec on Twitter: "In our latest research, @rbmaslen dives in to the LastPass password manager https://t.co/e1xjarQeMW https://t.co/mSjCiM3Q1s" / Twitter
https://twitter.com/MDSecLabs/status/1580128835336445952
Hello World under the microscope - gynvael.coldwind//vx.log
https://gynvael.coldwind.pl/?lang=en&id=754
postMessage Braindump
https://rhynorater.github.io/postMessage-Braindump
Hello World Under the Microscope - New Article Published
https://asawicki.info/news_1762_hello_world_under_the_microscope_-_new_article_published
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/15a77fd313dbdd0982a838fc2359ae6d480b1dc7bc824566818e54e40c1b46fc/
FortiOS, FortiProxy, and FortiProxySwitchManager Authentication Bypass IOCs (CVE-2022-40684) – Horizon3.ai
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
Adam Sawicki on Twitter: ""Hello World under the microscope" - an article we wrote together with @gynvael and @j00ru! Originally published in issue 100 (1/2022) of the Programista magazine, now available online in Polish and English. https://t.co/qGCe36Wigu" / Twitter
https://twitter.com/Reg__/status/1579909820597284865
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
https://thehackernews.com/2022/10/critical-bug-in-siemens-simatic-plcs.html
persistence-info.github.io/rdpwdstartupprograms.md at main · persistence-info/persistence-info.github.io · GitHub
https://github.com/persistence-info/persistence-info.github.io/blob/main/Data/rdpwdstartupprograms.md
Eduard Kovacs on Twitter: "Insurance giant Lloyd’s of London says it is restoring systems after its investigation into a recent cyber incident found no evidence of compromise. https://t.co/CUXTQOuCwP" / Twitter
https://twitter.com/eduardkovacs/status/1580136202711322626
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware
https://thehackernews.com/2022/10/hackers-using-vishing-tactics-to-trick.html
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome
https://thehackernews.com/2022/10/google-rolling-out-passkey-passwordless.html
MalwareBazaar | Browse Checking your browser
https://bit.ly/3MuhOA7
CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34689
Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html
Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) - ASEC BLOG
https://asec.ahnlab.com/en/39828/
White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star - CyberScoop
https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/
GitHub - OPENCYBER-FR/RustHound: Active Directory data collector for BloodHound written in rust. 🦀
https://github.com/OPENCYBER-FR/RustHound
OPENCYBER on Twitter: "@OPENCYBER_FR release #RustHound as open-source. A new AD collector written in #Rust for #BloodHound! It is cross-platform, cross-compiled and generates all JSON files needed. Other modules will be available as under development! https://t.co/GfR4pSq8XN https://t.co/5GunvAQruy" / Twitter
https://twitter.com/OPENCYBER_FR/status/1580205062240210945