Revelation of Cyber-Attack by Iran 🇮🇷 at United States 🇺🇸 as FBI charges Iranian nationals with interfering in the 2020 U.S. presidential election.

https://www.fbi.gov/wanted/cyber/iranian-interference-in-2020-us-elections

🔧 Tool: fileless-xec enables a remote binary execution on a local machine directly from memory without dropping them on disk.

https://github.com/ariary/fileless-xec

https://securityonline.info/fileless-xec-a-stealth-dropper/

Data-Leak of Conti ransomware operator as the group sufferes breach that exposed its attack infrastructure and allowed researcher (at Prodaft) to access it.

Interesting thread: https://twitter.com/malwrhunterteam/status/1461450607311605766

Details: https://securityaffairs.co/wordpress/124837/cyber-crime/payment-portal-conti-gang-compromised.html

CVE-2021-42321: Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398

Another Microsoft Zero-Day exploit pertaining to bad fix of CVE-2021-41379.

https://github.com/klinix5/InstallerFileTakeOver

Details: https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

■■■□□ Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge.

Browser goes further to protect against bugs by disabling JIT.

https://portswigger.net/daily-swig/microsoft-unveils-super-duper-secure-mode-in-latest-version-of-edge

● IMHO; disabling JavaScript on any browser for all sites by default prevents 99% of the known attack vectors. For site like Facebook and other social media, white-listing can be done.

Latest Edge is significantly secure as it prevents most trackers from running by default unlike chrome.

Data Exfiltration via CSS + SVG Font by Masato Kinugawa.

https://youtu.be/iUzNA2St3Bc

Thread: https://twitter.com/kinugawamasato/status/1464884299195322371

Jumping the air gap: 15 years of nation-state effort.

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs.

https://www.eset.com/us/about/newsroom/press-releases/eset-research-analyzes-malicious-frameworks-targeting-air-gapped-networks-dissects-15-years-of-nati-1/

https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/

Decompile directly in VS code.

https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler

Interesting thread!

https://twitter.com/SonarSource/status/1468973725072564225

🔧 s3n (Search-Scan-Save-Notify)

A tool to scrape online web-content (APIs, RSS Feeds, or Websites) and notify if search term was hit. It is based on PHP.

https://github.com/AamerShah/s3n

Credits: twitter.com/Aamer_Sha

Voice Cloning (RTVC)

https://github.com/CorentinJ/Real-Time-Voice-Cloning

Interesting thread on RCE in Ghidra via log4j (CVE-2021-44228)

https://twitter.com/zhuowei/status/1469511822411767811

Python Log4RCE PoC | Log4Shell | CVE-2021-44228

https://github.com/alexandre-lavoie/python-log4rce

Rodan Telecom Exploitation Framework

https://github.com/Etisalat-Egypt/Rodan

Zero-Day: A deep dive into the Israeli 🇮🇱 state sponsored cyber-crime spyware via zero-click iMessage exploit: Remote Code Execution.

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Chrome: Site Isolation bypass via NavigationPreloadRequest.

https://bugs.chromium.org/p/project-zero/issues/detail?id=2239

Trend Micro's Web Based scanner for CVE-2021-44228 aka Log4Shell.

log4j-tester.trendmicro.com