■■■□□ CVE-2022-32276 Grafana PoC and detailed information.

https://github.com/BrotherOfJhonny/grafana/blob/main/README.md

■■■■■ Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat.

https://blogs.blackberry.com/en/author/the-blackberry-research-and-intelligence-team

■■■■■ Cyber-War / Cyber-Attack: China 🇨🇳 has breached telcos and network service providers.

https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html

■■■■■ CVE-2022-26937: Microsoft Windows Network File System Nlm Portmap Stack Buffer Overflow.

https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow

■■■■■ Russia 🇷🇺: Cyber-Attacks Could Escalate Military Conflict.

■■■■□ Apple M1 chip contains hardware vulnerability that bypasses memory defense.

https://go.theregister.com/feed/www.theregister.com/2022/06/10/apple_m1_pacman_flaw/

■■■■■ Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier.

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities.

https://thehackernews.com/2022/06/researchers-disclose-critical-flaws-in.html

■■■■□ Iran 🇮🇷: The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors.

https://www.bleepingcomputer.com/news/security/iranian-hackers-target-energy-sector-with-new-dns-backdoor/

■■■■■ ​Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021.

Metasploit 6.2.0 improves credential theft, SMB support features, more.

https://www.rapid7.com/blog/post/2022/06/09/announcing-metasploit-6-2/

https://www.bleepingcomputer.com/news/security/metasploit-620-improves-credential-theft-smb-support-features-more/

■■■■□ Follina patch CVE-2022-30190. (msdt.exe) is out.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190

■□□□□ Funny beaver 🦫 incident in British Colombia, Canada 🇨🇦

https://twitter.com/netblocks/status/1536416663385546756

■■■■■ Interesting thread! #modifiedElephant

https://twitter.com/blackorbird/status/1537689017705111553

■■■■■ Cyber-Crime by police in India 🇮🇳 as Police Linked to Hacking Campaign to Frame Indian Activists #ModifiedElephant.

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

https://twitter.com/blackorbird/status/1537687091705835521

■■■■■ modifiedElephant campaign report by the researchers showing marks documents targeting human rights activists by government of India 🇮🇳 using primarily spyware created by Israel 🇮🇱

Original: https://mp.weixin.qq.com/s/mC5D8kFaQI'mA-cIcw2rlTgeA

Translated: https://mp-weixin-qq-com.translate.goog/s/mC5D8kFaQA-cIcw2rlTgeA?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en

■■■■□ Sophos Firewall zero-day bug exploited weeks before fix.

https://www.bleepingcomputer.com/news/security/sophos-firewall-zero-day-bug-exploited-weeks-before-fix/

■■□□□ iCloud cyber-criminal gets 9 years in prison for stealing nude photos.

https://www.bleepingcomputer.com/news/security/icloud-hacker-gets-9-years-in-prison-for-stealing-nude-photos/

■■□□□ Interpol anti-fraud operation busts call centers behind business email scams.

■■■□□ Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure.

https://securityaffairs.co/wordpress/132353/hacking/microsoft-365-feature-ransomware.html