X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe | Symantec Enterprise Blogs
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Windows secrets extraction: a summary
https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
JAMESWT on Twitter: "#Spy #Mekotio #Italy #UniCredit https://lkdyglkd-emf5vs6xwq-uc.a.[run.[app http://90.4.154.34.bc.googleusercontent.[com/EMKT_CURSO_775-5693/47940.024663/ Zip https://t.co/0kXpgP7f7t Msi https://t.co/HANtXBbXjN https://t.co/iGsyWYTZ20" / Twitter
https://twitter.com/JAMESWT_MHT/status/1648238717067198465
AppLocker Bypass – CreateRestrictedToken – Penetration Testing Lab
https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
https://thehackernews.com/2023/04/kubernetes-rbac-exploited-in-large.html
girlshackvillage on Twitter: "Wanted to provide an update on GHV at @defcon https://t.co/dDC7RRG7jo TLDR: We were left with no seat at the table. GHV mission continues. #foldingchairs #ghv #defcon #defcon31 #girls #pressrelease #breakingnews @misstennisha @blackgirlshack https://t.co/SS83PxSVx4" / Twitter
https://twitter.com/girlshackvllg/status/1649458045049602066
Exposed Web Panel Reveals Gamaredon Group's Automated Spear Phishing Campaigns
https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
Circumventing SRP and AppLocker to Create a New Process, By Design | Didier Stevens
https://blog.didierstevens.com/2011/01/25/circumventing-srp-and-applocker-to-create-a-new-process-by-design/
GitHub - IntelLabs/kAFL: A fuzzer for full VM kernel/driver targets
https://github.com/IntelLabs/kAFL
American Bar Association data breach hits 1.4 million members
https://www.bleepingcomputer.com/news/security/american-bar-association-data-breach-hits-14-million-members/
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX
https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/5013cf8a7cf2e0e230f8c7149d2c9eb99c681cda6d754f58e2409d6f3db98c56/
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html
GitHub - blasty/sonos
https://github.com/blasty/sonos
Oddvar Moe on Twitter: "This blog by @DidierStevens can be interesting to read if you are interested in this (2011): https://t.co/pJGqLqf2Wc This post by @netbiosX also covers it really well with a link to an example script https://t.co/xSbawYay8O Also as stated by @tiraniddo this was patched so that…" / Twitter
https://twitter.com/i/web/status/1649323611977572352
MalwareBazaar | Browse Checking your browser
https://bazaar.abuse.ch/sample/2bb49909ef6d4200d177dbaaa400ab01b185201c8e21b418c5bef53ce09e6cd5/
Needles Without The Thread: Threadless Process Injection - Ceri Coburn - YouTube
https://www.youtube.com/watch?v=z8GIjk0rfbI
GhostToken GCP flaw let attackers backdoor Google accounts
https://www.bleepingcomputer.com/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google-accounts/
billy leonard on Twitter: "TAGs favorite 🤖 @wxs has been finding new FROZENLAKE (APT2⃣8⃣) daily, including XSS on 🇺🇦 gov websites they are using for cred phishing. For the past few months, FL has been shipping phished creds to compromised Ubiquiti devices .. 6/🧵" / Twitter
https://twitter.com/billyleonard/status/1648699008263520257
Chetan Nayak (Brute Ratel C4 Author) on Twitter: "So here goes my journey of Brute Ratel...I usually never talk about it because it wasn't pleasant but over the past two years I was finally able to make peace with it. Here goes my roller coaster ride... I completed my graduation in accounting in 2013 but could not clear my CFA…" / Twitter
https://twitter.com/i/web/status/1649135466258759680
3CX Breach Was a Double Supply Chain Compromise – Krebs on Security
https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/
YaraDBG v0.0.2
https://yaradbg.dev/
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
https://www.bleepingcomputer.com/news/security/university-websites-using-mediawiki-twiki-hacked-to-serve-fortnite-spam/
Attackers use abandoned WordPress plugin to backdoor websites
https://www.bleepingcomputer.com/news/security/attackers-use-abandoned-wordpress-plugin-to-backdoor-websites/
Threat Advisory: Undetected North Korean Malware: A Looming Threat to Financial Institutions
https://www.bridewell.com/insights/news/detail/cti-advisory-undetected-nk-malware
Speak – BSides Belfast
https://bsidesbelfast.org/speak
Randori Attack Team on Twitter: "We've been able to trigger CVE-2023-21554 AKA #QueueJumper, a recently patched RCE in Microsoft’s Message Queueing Service reported by @_CPResearch_. We can confirm it appears exploitable. IOCs and more: https://t.co/NxMiZIAb9P" / Twitter
https://twitter.com/RandoriAttack/status/1649170230797541378
GitHub - Orange-Cyberdefense/GOAD: game of active directory
https://github.com/Orange-Cyberdefense/GOAD
Mullvad VPN was subject to a search warrant. Customer data not compromised - Blog | Mullvad VPN
https://mullvad.net/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/
FortiMailを侵入経路としたインシデントについての事例紹介, Yuki Suzuki
https://insight-jp.nttsecurity.com/post/102i448/fortimail
GitHub - BC-SECURITY/Empire: Empire is a PowerShell and Python 3.x post-exploitation framework.
https://github.com/BC-SECURITY/Empire
Compromising Garmin's Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine - Anvil Secure
https://www.anvilsecure.com/blog/compromising-garmins-sport-watches-a-deep-dive-into-garminos-and-its-monkeyc-virtual-machine.html
Ricerca Security on Twitter: "🚩Ricerca CTF 2023 registration is open🚩 We’ve just opened the registration for #RicercaCTF 2023 which starts tomorrow, Apr 22 (Sat) 01:00 UTC. Visit https://t.co/y78HU6jNSm to play the CTF. Challenges with a wide range of difficulty from rev, pwn, crypto, web, etc." / Twitter
https://twitter.com/RicercaSec/status/1649322080264163331
Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan | Recorded Future
https://www.recordedfuture.com/xiaoqiying-genesis-day-threat-actor-group-targets-south-korea-taiwan
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html
BlueHat IL 2023 - Benny Zeltser & Jonathan Lusky - RingHopper – Hopping from User-space to God Mode - YouTube
https://www.youtube.com/watch?v=CJDv_bcIQx0
Chris Duggan on Twitter: "🚨🔥TA444 #C2 IP Alert!🔥🚨 Our Feb report on 104.255.172.56 now shows intriguing activity! 🔍Hash: 8a7ba38d597e8230609df4153039d1bb898479d486e653a6d92d206dd4848c80 🌐💥 "Fast Changes in the StableCoin" ⚡💱🔄 ☠️💻 #Lazarus on the move!👣🌏 🔗https://t.co/ignzZ2L5D4… https://t.co/P9GdDK1nRP" / Twitter
https://twitter.com/i/web/status/1649139722059411507
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html
Trimarc on Twitter: "New Trimarc webinar on deck! Saving The Marriage: Easy Wins So vSphere and Active Directory Can Live Happily Ever After. Thursday June 15th 2pm ET / 11am PT / 1900 UTC https://t.co/NyZVe6GVR0" / Twitter
https://twitter.com/TrimarcSecurity/status/1647054186926710784
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
https://www.wired.com/story/3cx-supply-chain-attack-times-two/
Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction - USNI News
https://news.usni.org/2023/04/20/ransomware-attack-hits-marinette-marine-shipyard-results-in-short-term-delay-of-frigate-freedom-lcs-construction
Michael Koczwara on Twitter: "Hunting C2 redirections 🎯 Just with a few clicks, you can catch all of them nicely 🤝 Threat Actor infra⚡️ /weatherth.com [namcheap register fresh one 7 days old] /www.weatherjps.com 119.42.149.2 119.42.149.3 119.42.149.4 119.42.149.5 119.42.149.6 All of them are… https://t.co/eg83KZcvBF" / Twitter
https://twitter.com/i/web/status/1649376010788298758![Michael Koczwara on Twitter: "Hunting C2 redirections 🎯 Just with a few clicks, you can catch all of them nicely 🤝 Threat Actor infra⚡️ /weatherth.com [namcheap register fresh one 7 days old] /www.weatherjps.com 119.42.149.2 119.42.149.3 119.42.149.4 119.42.149.5 119.42.149.6 All of them are… https://t.co/eg83KZcvBF" / Twitter](/image/screenshot/a28b4e34ed6f92aeaa8419a1f0180b54.webp)
proxmox | Mayfly
https://mayfly277.github.io/categories/proxmox/
Dropbox - Empire Wiki
https://bc-security.gitbook.io/empire-wiki/listeners/dropbox
'RustBucket' malware targets macOS
https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
Release YARA v4.3.1 · VirusTotal/yara · GitHub
https://github.com/VirusTotal/yara/releases/tag/v4.3.1
GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
https://github.com/Hackplayers/evil-winrm
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
CYBERWARCON - YouTube
https://youtube.com/@cyberwarcon
Sebastien Larinier on Twitter: "After a year to work on this version, with @tomchop_ we are proud to annonce a new version of Yeti 🤩🤩🤩 the changes are explained here: https://t.co/y3k2ptgUqo and to test this new version it's here ! https://t.co/kwYSoVNo9F #CTI #python #threatintel" / Twitter
https://twitter.com/Sebdraven/status/1649405214477152265