How North Korea stole $625M from Axie Infinity. It's a wild story involving hacking rings, Ponzi schemes, fake LinkedIn job posts, and blockchain 👇

CVE-2023-30845 JWT authentication bypass via `X-HTTP-Method-Override` header github.com/GoogleCloudPla…

RooCon Call for Papers is open! We are now accepting papers for RooCon 2023, Cyber Threat Intelligence and Attribution conference. This year's conference will focus on practical applications of these topics. Submit your abstract by 14th of August rsvp.withgoogle.com/events/roocon2…

Baphomet, one of the admin of the "Breached" hackers forum claims to have opened up a new forum named "BreachForums". #BreachForums #cti #threatintel #infosec #cybersecurity #breached

New blog: Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust I teased this a bit during my Windows Hello talks, now found some time to write about this interesting technique. Also contains defenses and detection opportunities. dirkjanm.io/obtaining-doma…

Massive phishing campaign uses 6,000 sites to impersonate 100 brands - Bill Toulas bleepingcomputer.com/news/security/…

Finding process killer drivers and exploiting them is really really not that hard My next blog post will be on how to find some, reverse them and making a PoC to exploit them In the meantime, the drivers and PoC that will be used as examples! github.com/xalicex/Killers

🚨 Here is the #Exploit and technical detail for the CVE-2023-20887 Pre-Authenticated Remote Code Execution in #VMWare vRealize Network Insight. summoning.team/blog/vmware-vr…

This was an excellent find: summoning.team/blog/vmware-vr… I love the logic flaw found within the nginx rules leadigng to the auth bypass needed to get to the RCE.

Today the United States Senate Committee of the Judiciary are speaking with Directors from the NSA, CIA, and FBI regarding warrantless searches and unauthorized access of resources of United States civilians including phone calls, text messages, and more. judiciary.senate.gov/oversight-of-s…

Ransomware tracker: The latest figures [June 2023] therecord.media/ransomware-tra… The Record From Recorded Future News & Adam Janofsky

Bulletproof hoster gets 3 years for pushing Urfsnif, Zeus malware - Bill Toulas bleepingcomputer.com/news/security/…

We are about $800 away from hitting our goal! Sharing some more artwork from one of our artists, Marc Oliver, who is really bringing “Yours Truly, Johnny Dollar” to life! Thanks to everyone who has backed us so far, there is still time if you haven’t. kickstarter.com/projects/21193…

Just two short weeks left before the ATT&CKcon 4.0 CFP closes on Tue June 27, at 5pm ET/2100 UTC! Thank you to all who have submitted. We'd love to hear more about the wild/great/best things you've done with ATT&CK or related to it. CFP/submission @ openconf.org/ATTACKCON2023/….

Security Consultant Edwin David will be presenting his talk "Securing your Azure Cloud: Secrets from a cloud penetration tester" on June 24 at 10am EST CircleCityCon 10.0: WHODUNIT?. You can join the virtual conference for free on Discord. hubs.la/Q01Th1tF0

24×7 threat protection that amplifies Apple’s native security? Now we’re talking. Join Red Canary's Brandon Kirklen and Jamf's Matt Woodruff as they share tips for enhancing your security while keeping your team lean. redcanary.com/resources/webi…

Patchy patch patch patch.. patching processes... are fun.. patching processes are cool having a test environment makes most IT departments drool

Red Canary delivers customer-validated 99% accuracy by applying thousands of battle-tested analytics to the highest fidelity telemetry across every critical security domain. redcanary.com/solutions/clou…

SYS-DAT Group #innovationcompany #maifermi #vadovetlportailsoftware

sys-datgroup.com/eventi/lezioni… partecipa all'evento! Lezioni di AI: come sfruttare l’AI per far crescere il proprio business #sapevatelo