Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/
Release v0.4.0 · VirusTotal/yara-x · GitHub
https://github.com/VirusTotal/yara-x/releases/tag/v0.4.0
Check Point releases emergency fix for VPN zero-day exploited in attacks
https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/
Okta warns of credential stuffing attacks targeting its CORS feature
https://www.bleepingcomputer.com/news/security/okta-warns-of-credential-stuffing-attacks-targeting-its-cors-feature/
ABN Amro discloses data breach following an attack on a third-party provider
https://securityaffairs.com/163823/data-breach/abn-amro-discloses-data-breach.html
Hexacon24 :: pretalx
https://cfp.hexacon.fr/hexacon-2024/
Check Point VPN zero-day exploited in attacks since April 30
https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/
Ask Me Anything: Exploring Assumed Breach Strategies for Cyber Resilience - YouTube
https://www.youtube.com/watch?v=Qe0HpIFHYzM
U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams
https://thehackernews.com/2024/05/us-sentences-31-year-old-to-10-years.html
Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html
US sanctions operators of “free VPN” that routed crime traffic through user PCs | Ars Technica
https://arstechnica.com/security/2024/05/us-sanctions-operators-of-free-vpn-that-routed-crime-traffic-through-user-pcs/
Cybercriminals pose as "helpful" Stack Overflow users to push malware
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
How the DOJ is using a Civil War-era law to enforce corporate cybersecurity
https://therecord.media/doj-corporate-cybersecurity-false-claims-act-enforcement
AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America - HarfangLab EDR | Block cyber attacks
https://harfanglab.io/en/insidethelab/allasenha-allakore-variant-azure-c2-steal-banking-latin-america/
GitHub - roddux/germy: GERMY is a Linux Kernel n-day in the N_GSM line discipline
https://github.com/roddux/germy
Red Blue Purple AI - May 2024
https://jhaddix.gumroad.com/l/rbpai
CVE-2024-22058 Ivanti Landesk LPE - Mantodea Security
https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/
ManageEngine ADAudit - Reverse engineering Windows RPC to find CVEs - part 1 / RPC | Shelltrail - Swedish offensive security experts
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/
Qlock - A JavaScript Quine Clock
http://aem1k.com/qlock
Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group
https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html
US Sanctions Three Chinese Men for Operating 911 S5 Botnet - SecurityWeek
https://www.securityweek.com/us-sanctions-three-chinese-men-for-operating-911-s5-botnet/
Hack Fes. 2024 - 一般社団法人日本ハッカー協会
https://www.hacker.or.jp/hack-fes-2024/