Thousands of Cisco IOS XE devices hacked in widespread attacks
https://www.bleepingcomputer.com/news/security/thousands-of-cisco-ios-xe-devices-hacked-in-widespread-attacks/
CVE-2023-26369: Adobe Acrobat PDF Reader RCE when processing TTF fonts | 0-days In-the-Wild
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html
Russian Sandworm hackers breached 11 Ukrainian telcos since May
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/
APT_REPORT/group123/2023_Group123_threat_inteligence_report_BitB.pdf at master · blackorbird/APT_REPORT · GitHub
https://github.com/blackorbird/APT_REPORT/blob/master/group123/2023_Group123_threat_inteligence_report_BitB.pdf
Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html
Keynote Session: "A Journey to Mastery" - Louis Nyffenegger, BSides Canberra 2023 - YouTube
https://youtu.be/Ys66llx4PvA
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
https://thehackernews.com/2023/10/discord-playground-for-nation-state.html
CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html
D-Link confirms data breach after employee phishing attack
https://www.bleepingcomputer.com/news/security/d-link-confirms-data-breach-after-employee-phishing-attack/
request-encoding-to-bypass-web-application-firewalls.pdf
https://soroush.me/downloadable/request-encoding-to-bypass-web-application-firewalls.pdf
GitHub - LaurieWired/ObjectiveByTheSea2023: This contains notes and slides for my Objective by the Sea talk
https://github.com/LaurieWired/ObjectiveByTheSea2023/
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
The forgotten malvertising campaign
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
特殊なエンコーディングには気をつけよう Apache Tapestryにおける“注意すべき仕様” - ログミーTech
https://logmi.jp/tech/articles/329486
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics - SecurityWeek
https://www.securityweek.com/nsa-publishes-ics-ot-intrusion-detection-signatures-and-analytics/
October Windows Server updates cause Hyper-V VM boot issues
https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/
📅 Recent Ransomware's Victims
https://ransomware.live/#/recentvictims
SpyNote Android malware spreads via fake volcano eruption alerts
https://www.bleepingcomputer.com/news/security/spynote-android-malware-spreads-via-fake-volcano-eruption-alerts/
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day | Ars Technica
https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
1462951 - Security: Type Confusion in V8 WebAssembly, leading to RCE - chromium
https://crbug.com/1462951
Tech CEO Sentenced to 5 Years in IP Address Scheme – Krebs on Security
https://krebsonsecurity.com/2023/10/tech-ceo-sentenced-to-5-years-in-ip-address-scheme/
Beginners Guide to Self-Learning Windows and Active Directory: Part 1 | by EricaZelic | Medium
https://ericazelic.medium.com/beginners-guide-to-self-learning-windows-and-active-directory-part-1-b665399d252f
Windows Native API… by Pavel Yosifovich [Leanpub PDF/iPad/Kindle]
https://leanpub.com/windowsnativeapiprogramming![Windows Native API… by Pavel Yosifovich [Leanpub PDF/iPad/Kindle]](/image/screenshot/903ef36d0af9f803835f6836158c7749.webp)
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability - SecurityWeek
https://www.securityweek.com/us-gov-expects-widespread-exploitation-of-atlassian-confluence-vulnerability/
Persistent cross-site scripting vulnerabilities in Liferay Portal | Pentagrid AG
https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/
Active Directory | HideAndSec
https://hideandsec.sh/books/cheatsheets-82c/page/active-directory
Microsoft fixes known issue causing Outlook freezes, slow starts
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-known-issue-causing-outlook-freezes-slow-starts/
Discord still a hotbed of malware activity — Now APTs join the fun
https://www.bleepingcomputer.com/news/security/discord-still-a-hotbed-of-malware-activity-now-apts-join-the-fun/
Hackers exploit critical flaw in WordPress Royal Elementor plugin
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-wordpress-royal-elementor-plugin/