Defeating Javascript Obfuscation.

https://www.perimeterx.com/tech-blog/2022/defeating-javascript-obfuscation/

Cyber-Attack amid Cyber-War by Russia 🇷🇺 as apparently for about 12 hours Rostelecom hijacked part of the traffic destinated to Apple 🍎

https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/

Data-Leak: 4TB of proprietary data from Israel 🇮🇱 based Cellebrite (Cellebrite Mobilogy & Cellebrite TFS backup) leaked by anonymous source.

Notably, Cellebrite Mobilogy shares code with Cellebrite Universal Forensics Extraction Device or Cellebrite UFED, used by law enforcement agencies. Source: Soufiane.

Zero-Day: Paracosme (CVE-2022-33318) is the zero-click remote code execution memory corruption exploit to compromise ICONICS Genesis64 on stage at Pwn2Own2022 Miami.

https://www.zerodayinitiative.com/advisories/ZDI-22-1041/

Zero-Day used to access 5.4M user data from Twitter (confirmed by company).

https://hackerone.com/reports/1439026

https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html

https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/

Unblob: A fast, accurate and easy-to-use firmware extraction suite.

https://unblob.org/

Zero-Day: 3 in-the-wild 0-days patched in the last two days:
* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen & twitter.com/0xbadcafe1 of Google TAG
* CVE-2022-32893 in Safari
* CVE-2022-32894 in iOS/macOS kernel

https://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764

DPRK state-sponsored actors are using cryptographically signed MacOS (Apple 🍎) executables to impersonate coinbase and lure potential jobseekers in installing their spyware.

FBI claims responsibility for taking down rf.ws (RaidForums darknet marketplace).

On 31st Jan, the owner of RF, a citizen of Portugal 🇵🇹 was detained in United Kingdom 🇬🇧

https://youtu.be/Sl9S0XZJgw0

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling.

https://portswigger.net/research/browser-powered-desync-attacks

Learning eBPF exploitation.

https://stdnoerr.github.io/writeup/2022/08/21/eBPF-exploitation-(ft.-D-3CTF-d3bpf).html

State sponsored and supported Cyber-Crime: Documents appear to show that Israeli 🇮🇱 spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

https://twitter.com/vxunderground/status/1562550443712352256

https://www.darkreading.com/vulnerabilities-threats/receipt-8m-ios-zero-day-sale-dark-web

Excellent piece of work by investigative journalist Raphael from Rueters on India 🇮🇳 based mercenary hackers used to target lawyers, firms to gain competitive advantage.

https://www.reuters.com/investigates/special-report/usa-hackers-litigation/

Zero-Day: Microsoft found and shared a critical one-click exploit in the Android TikTok app.

https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/

https://alternativeto.net/news/2022/9/microsoft-found-and-shared-a-critical-one-click-exploit-in-the-android-tiktok-app/