Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
https://www.bleepingcomputer.com/news/security/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack/
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind | WIRED
https://www.wired.com/story/jia-tan-xz-backdoor/
‘Lavender’: The AI machine directing Israel’s bombing spree in Gaza
https://www.972mag.com/lavender-ai-israeli-army-gaza/
Hoya’s optics production and orders disrupted by cyberattack
https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/
Vietnam-Based Hackers Steal Financial Data Across Asia with Malware
https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html
Chrome Vulnerability Reward Program Rules - Rules - About - Google Bug Hunters
http://g.co/chrome/vrp/#v8-sandbox-bypass-rewards
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure
https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
New HTTP/2 DoS attack can crash web servers with a single connection
https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/
Cyber Security Decoded: Sherrod DeGrippo on Threat Models - YouTube
https://www.youtube.com/watch?v=Vkj7TgEc5c4
PortSwigger Web Security | Report #2424815 - [portswigger.net] Path Traversal al /cms/audioitems | HackerOne
https://hackerone.com/reports/2424815![PortSwigger Web Security | Report #2424815 - [portswigger.net] Path Traversal al /cms/audioitems | HackerOne](/image/screenshot/da6636bb55055b9d63293358633201a3.png)
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies
https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html
The Amazingly Scary XZ SSHD Backdoor - YouTube
https://www.youtube.com/live/HTNKS3tw3xk?si=GGCSWqIvjQjdop0Z
VolWeb - A Centralized And Enhanced Memory Analysis Platform
https://www.kitploit.com/2024/04/volweb-centralized-and-enhanced-memory.html
🔴 Executive Offense Issue #12 -The Training Landscape Pt. 1
https://executiveoffense.beehiiv.com/p/cybersecurity-training-landscape-pt-1
Pixel Phone Zero-Days Exploited by Forensic Firms - SecurityWeek
https://www.securityweek.com/pixel-phone-zero-days-exploited-by-forensic-firms/
Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz - SecurityWeek
https://www.securityweek.com/ivanti-ceo-vows-cybersecurity-makeover-after-zero-day-blitz/
Binarly XZ backdoor detector
https://xz.fail/
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware
https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html
Malware-IOCs/2024-04-02 XWorm IOCs at main · executemalware/Malware-IOCs · GitHub
https://github.com/executemalware/Malware-IOCs/blob/main/2024-04-02%20XWorm%20IOCs
Persistence – DLL Proxy Loading – Penetration Testing Lab
https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/
SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
US cancer center data breach exposes info of 827,000 patients
https://www.bleepingcomputer.com/news/security/us-cancer-center-data-breach-exposes-info-of-827-000-patients/
Coding a trojan in Python - YouTube
https://www.youtube.com/watch?v=nLLeXRIOWLM