SCOOP - And a wild one… Fraudsters used “deep voice” tech - as in deep fake for speech - to clone a company director’s voice. They then convinced a bank manager to send $35 million to various accounts across the world. AI-powered cybercrime is big. forbes.com/sites/thomasbr…

A study from Randori has tracked the most sought-after assets attackers are looking to exploit. pst.cr/q9uvJ

We are looking for two of you here too, so tell your friends! #infosec #HIRINGNOW #redteam

Scoop —> Cybersecurity researchers, with the help of the NSA, are exposing a suspected foreign hacking campaign that has targeted multiple US defense contractors. cnn.com/2021/11/07/pol…

Follow Randori Attack Team & @RandoriSecurity to keep up with publishing of this advisory. The work Randori Attack Team does is what makes the Randori platform & capabilities so effective. They take apart and build some very interesting things. Join us! randori.bamboohr.com/jobs/ #infosec

Never one to shy away from a tough discussion, @HexadeciMoose details why we use #zerodays at Randori and why we feel they must become a more integral part of security testing: randori.com/blog/why-zero-… #infosec

This is the kind of work the team at @RandoriSecurity does that only make the product, platform and the security community and other products better. Join us to help do more! randori.bamboohr.com/jobs/

The Randori Attack Team has developed a working exploit and has been able to successfully leverage this vulnerability. Check out our analysis here: randori.com/blog/cve-2021-…

The Randori Attack Team can confirm exploitability of VMWare products in live environments (VMSA-2021-0028) via Log4j (CVE-2021-44228) aka "Log4Shell". This is a critical vulnerability. Follow Randori Attack Team for updates: randori.com/blog/cve-2021-… 1/3

FYI: Join Andrew Morris (afk) Aaron Portnoy @HexadeciMoose and remy🐀 at 3pm EST for a live #log4j discussion hosted by @RandoriSecurity and @GreynoiseIO info.randori.com/log4j-log4shel…

Getting into the #haxmas spirit, I have three copies of the awesome No Starch Press Humble Bundle I'm going to give to followers. RT to help get the word out. Like to enter. I'll DM the download link to the winners Monday. #Hacks #Holiday #Redteam #Blueteam humblebundle.com/books/hacking-…

Hey Everybody, join MG, Greg Linares (Laughing Mantis) and me for an open discussion around #log4j #long4shell and beyond x.com/i/spaces/1lPJq…

We’ve just posted a vulnerability researcher role: randori.bamboohr.com/jobs/view.php?… Come join us writing exploits and doing zero day research for use in our automated red teaming platform!

New high severity DoS in OpenSSL just released: openssl.org/news/secadv/20… CVE-2022-0778 was reported by Tavis Ormandy and appears to affect systems that parse user-supplied certificates.

The following non-malicious request can be used to test susceptibility to the Spring Framework 0day RCE. An HTTP 400 return code indicates vulnerability. $ curl host:port/path?class.module.classLoader.URLs%5B0%5D=0 #SpringShell #Spring4Shell #infosec

Another awesome season with National CCDC has come to an end. It has been an honor working with David Cowen and the rest of the CCDC Red Team crew over the years. randori.com/blog/nccdc-tra…

Starting at 1030 EDT, I'll be emceeing the attack surface management forum with @RandoriSecurity. We'll be joined by thaddeus e. grugq for a *fantastic* presentation on cyber warfare, specifically discussing Ukraine and Russia today. Join us! sans.org/webcasts/attac…

Does your org have an understanding of its External Attack Surface? If the answer is yes, how often are you validating that? The data from @RandoriSecurity suggests most organizations don't know or validate often due to the cost of the validation activity sans.org/webcasts/attac…

The Randori Attack Team developed a working exploit for #f5 BIG-IP CVE-2022-1388. To help the #infosec community assess their risk, we published our technical analysis and a bash one-liner that organizations can run to test exploitability. Details here: randori.com/blog/vulnerabi…