Watering hole incident | United Kingdom 🇬🇧 | Cyber-War: Advanced cyber warfare group hacked a popular UK new site 'Middle East Eye' that often posts content disapproved by GCC / Middle East countries. The site is blocked in many Middle Eastern nations.

The hacked site served malicious JavaScript that ran in systems of the visitors of the compromised site. The attack vector was based from a known criminal group; 'Candiru' which is declared 📜 criminal by the United States 🇺🇸 and is under sanctions. Candiru is another Cyber-Crime syndicate from Israel 🇮🇱 that operates under Israeli weapons control laws.

This attack apparently stems out from one of the customers of this state-sponsored criminal organisation.

https://www.vice.com/en/article/pkpbdm/hackers-compromised-middle-east-eye-news-website-to-hack-visitors-researchers-say

Details about Candiru sanctions: https://www.vice.com/en/article/dypzjq/us-sanctions-could-cut-off-nso-from-tech-it-relies-on

Revelation of Cyber-Attack by Iran 🇮🇷 at United States 🇺🇸 as FBI charges Iranian nationals with interfering in the 2020 U.S. presidential election.

https://www.fbi.gov/wanted/cyber/iranian-interference-in-2020-us-elections

🔧 Tool: fileless-xec enables a remote binary execution on a local machine directly from memory without dropping them on disk.

https://github.com/ariary/fileless-xec

https://securityonline.info/fileless-xec-a-stealth-dropper/

Data-Leak of Conti ransomware operator as the group sufferes breach that exposed its attack infrastructure and allowed researcher (at Prodaft) to access it.

Interesting thread: https://twitter.com/malwrhunterteam/status/1461450607311605766

Details: https://securityaffairs.co/wordpress/124837/cyber-crime/payment-portal-conti-gang-compromised.html

CVE-2021-42321: Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398

Another Microsoft Zero-Day exploit pertaining to bad fix of CVE-2021-41379.

https://github.com/klinix5/InstallerFileTakeOver

Details: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

■■■□□ Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge.

Browser goes further to protect against bugs by disabling JIT.

https://portswigger.net/daily-swig/microsoft-unveils-super-duper-secure-mode-in-latest-version-of-edge

● IMHO; disabling JavaScript on any browser for all sites by default prevents 99% of the known attack vectors. For site like Facebook and other social media, white-listing can be done.

Latest Edge is significantly secure as it prevents most trackers from running by default unlike chrome.

Data Exfiltration via CSS + SVG Font by Masato Kinugawa.

https://youtu.be/iUzNA2St3Bc

Thread: https://twitter.com/kinugawamasato/status/1464884299195322371

Jumping the air gap: 15 years of nation-state effort.

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs.

https://www.eset.com/us/about/newsroom/press-releases/eset-research-analyzes-malicious-frameworks-targeting-air-gapped-networks-dissects-15-years-of-nati-1/

https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/

Decompile directly in VS code.

https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler

Interesting thread!

https://twitter.com/SonarSource/status/1468973725072564225

🔧 s3n (Search-Scan-Save-Notify)

A tool to scrape online web-content (APIs, RSS Feeds, or Websites) and notify if search term was hit. It is based on PHP.

https://github.com/AamerShah/s3n

Credits: twitter.com/Aamer_Sha

Voice Cloning (RTVC)

https://github.com/CorentinJ/Real-Time-Voice-Cloning

Interesting thread on RCE in Ghidra via log4j (CVE-2021-44228)

https://twitter.com/zhuowei/status/1469511822411767811

Python Log4RCE PoC | Log4Shell | CVE-2021-44228

https://github.com/alexandre-lavoie/python-log4rce

Rodan Telecom Exploitation Framework

https://github.com/Etisalat-Egypt/Rodan

Zero-Day: A deep dive into the Israeli 🇮🇱 state sponsored cyber-crime spyware via zero-click iMessage exploit: Remote Code Execution.

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Chrome: Site Isolation bypass via NavigationPreloadRequest.

https://bugs.chromium.org/p/project-zero/issues/detail?id=2239