Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575
New Fortinet Zero-Day Exploited for Months Before Patch - SecurityWeek
https://www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/
Lazarus APT steals cryptocurrency and user data via a decoy MOBA game | Securelist
https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign - SecurityWeek
https://www.securityweek.com/cisco-patches-vulnerability-exploited-in-large-scale-brute-force-campaign/
Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan.
https://www.seqrite.com/blog/operation-cobalt-whisper-targets-industries-hong-kong-pakistan/
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
GitHub - Maldev-Academy/EmbedPayloadInPng: Embed a payload inside a PNG file
https://github.com/Maldev-Academy/EmbedPayloadInPng
Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s24-and-sonos-era-hacked-on-pwn2own-ireland-day-2/
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html
Misconfigured UN Database Exposes 228GB of Gender Violence Victims' Data
https://hackread.com/misconfigured-un-database-gender-violence-victims-data/
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html
C++ Programming Masterclass Live Training – Pavel Yosifovich
https://scorpiosoftware.net/2024/09/25/c-programming-masterclass-live-training/
Mandiant says new Fortinet flaw has been exploited since June
https://www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/
Concealing payloads in URL credentials | PortSwigger Research
https://portswigger.net/research/concealing-payloads-in-url-credentials
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
https://thehackernews.com/2024/10/fortinet-warns-of-critical.html
A "Gau-Hack" from EuskalHack - gum3t
https://gum3t.xyz/posts/a-gau-hack-from-euskalhack/
Understanding File Type Identifiers & Scanners - Ange Albertini - YouTube
https://youtu.be/PBbld8xB2Bo
LibRaw: Uninitialized memory disclosure via LibRaw_buffer_datastream::read · Advisory · google/security-research · GitHub
https://github.com/google/security-research/security/advisories/GHSA-cmhf-chvw-6c7j
LibRaw: Out of bounds write in LibRaw::pana_data · Advisory · google/security-research · GitHub
https://github.com/google/security-research/security/advisories/GHSA-3m8c-vvxw-r44w
FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024
https://securityaffairs.com/170189/hacking/fortijump-flaw-exploited-since-june-2024.html
2024 Cybersecurity Awareness Month Kit | SANS Institute
https://www.sans.org/u/1ydE
Ireland fines LinkedIn €310 million over targeted advertising
https://www.bleepingcomputer.com/news/legal/ireland-fines-linkedin-310-million-over-targeted-advertising/
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html
Office of Public Affairs | Justice Department Announces Four Cases Brought by Election Threats Task Force | United States Department of Justice
https://www.justice.gov/opa/pr/justice-department-announces-four-cases-brought-election-threats-task-force
Samsung Galaxy S24 Hacked at Pwn2Own Ireland 2024 - SecurityWeek
https://www.securityweek.com/samsung-galaxy-s24-hacked-at-pwn2own-ireland-2024/
GitHub - YungBinary/Lumma-Config-Extractor: C2 extractor for Lumma Stealer
https://github.com/YungBinary/Lumma-Config-Extractor
AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks
https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html
Apple Opens Private Cloud Compute for Public Security Inspection - SecurityWeek
https://www.securityweek.com/apple-opens-private-cloud-compute-for-public-security-inspection/
New Qilin ransomware encryptor features stronger encryption, evasion
https://www.bleepingcomputer.com/news/security/new-qilin-ransomware-encryptor-features-stronger-encryption-evasion/