09/22

0-days exploited by commercial surveillance vendor in Egypt

https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
0-days exploited by commercial surveillance vendor in Egypt

The WebP 0day

https://blog.isosceles.com/the-webp-0day/
The WebP 0day

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

https://thehackernews.com/2023/09/new-variant-of-banking-trojan-bbtok.html
New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes/
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

Lord Of The Ring0 - Part 1 | Introduction - Ido Veltzman - Security Blog

https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Lord Of The Ring0 - Part 1 | Introduction - Ido Veltzman - Security Blog

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Government of Bermuda links cyberattack to Russian hackers

https://www.bleepingcomputer.com/news/security/government-of-bermuda-links-cyberattack-to-russian-hackers/
Government of Bermuda links cyberattack to Russian hackers

Nigerian man pleads guilty to attempted $6 million BEC email heist

https://www.bleepingcomputer.com/news/security/nigerian-man-pleads-guilty-to-attempted-6-million-bec-email-heist/
Nigerian man pleads guilty to attempted $6 million BEC email heist

APT_REPORT/International Strategic/China/TAG-74.pdf at master · blackorbird/APT_REPORT · GitHub

https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/China/TAG-74.pdf
APT_REPORT/International Strategic/China/TAG-74.pdf at master · blackorbird/APT_REPORT · GitHub

GitHub - mistymntncop/CVE-2023-4863

https://github.com/mistymntncop/CVE-2023-4863/
GitHub - mistymntncop/CVE-2023-4863

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit - SentinelOne

https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit - SentinelOne

Crypto firm Nansen asks users to reset passwords after vendor breach

https://www.bleepingcomputer.com/news/security/crypto-firm-nansen-asks-users-to-reset-passwords-after-vendor-breach/
Crypto firm Nansen asks users to reset passwords after vendor breach

Iranian Nation-State Actor OilRig Targets Israeli Organizations

https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Iranian Nation-State Actor OilRig Targets Israeli Organizations

How to break SAML if I have paws? - Speaker Deck

https://speakerdeck.com/greendog/how-to-break-saml-if-i-have-paws
How to break SAML if I have paws? - Speaker Deck

GitHub - Maldev-Academy/MaldevAcademyLdr.1

https://github.com/Maldev-Academy/MaldevAcademyLdr.1
GitHub - Maldev-Academy/MaldevAcademyLdr.1

MalwareBazaar | 172-200-176-88

https://bazaar.abuse.ch/browse/tag/172-200-176-88/
MalwareBazaar | 172-200-176-88

URLhaus | 172-200-176-88

https://urlhaus.abuse.ch/browse/tag/172-200-176-88/
URLhaus | 172-200-176-88

Dallas says Royal ransomware breached its network using stolen account

https://www.bleepingcomputer.com/news/security/dallas-says-royal-ransomware-breached-its-network-using-stolen-account/
Dallas says Royal ransomware breached its network using stolen account

Air Canada Says Employee Information Accessed in Cyberattack - SecurityWeek

https://www.securityweek.com/air-canada-says-employee-information-accessed-in-cyberattack/
Air Canada Says Employee Information Accessed in Cyberattack - SecurityWeek

MalwareBazaar | marcelotatuape-ddns-net

https://bazaar.abuse.ch/browse/tag/marcelotatuape-ddns-net/
MalwareBazaar | marcelotatuape-ddns-net

#mWISE: Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine

https://www.infosecurity-magazine.com/news/mwise-zero-days-highest-year-record/
#mWISE: Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine

Information of Air Canada employees exposed in recent cyberattack

https://securityaffairs.com/151202/data-breach/air-canada-data-breach-2.html
Information of Air Canada employees exposed in recent cyberattack

Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones - SecurityWeek

https://www.securityweek.com/apple-patches-3-zero-days-likely-exploited-by-spyware-vendor-to-hack-iphones/
Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones - SecurityWeek

Hotel hackers redirect guests to fake Booking.com to steal cards

https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guests-to-fake-bookingcom-to-steal-cards/
Hotel hackers redirect guests to fake Booking.com to steal cards

Hotel hackers redirect guests to fake Booking.com to steal cards

https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guest-to-fake-bookingcom-to-steal-cards/
Hotel hackers redirect guests to fake Booking.com to steal cards

When I'm Scanning Websites 🎵 - YouTube

https://youtu.be/V6hxrkMiYu0
When I'm Scanning Websites 🎵 - YouTube

Recently patched Apple, Chrome zero-days exploited in spyware attacks

https://www.bleepingcomputer.com/news/security/recently-patched-apple-chrome-zero-days-exploited-in-spyware-attacks/
Recently patched Apple, Chrome zero-days exploited in spyware attacks

Read memory dumps without a cat. | Powerseb

https://powerseb.github.io/posts/LSASS-parsing-without-a-cat/
Read memory dumps without a cat. | Powerseb

China's Offensive Cyber Operations in Africa Support Soft Power Efforts - SecurityWeek

https://www.securityweek.com/chinas-offensive-cyber-operations-in-africa-support-soft-power-efforts/
China's Offensive Cyber Operations in Africa Support Soft Power Efforts - SecurityWeek