Data Exfiltration via CSS + SVG Font by Masato Kinugawa.

https://youtu.be/iUzNA2St3Bc

Thread: https://twitter.com/kinugawamasato/status/1464884299195322371

Jumping the air gap: 15 years of nation-state effort.

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs.

https://www.eset.com/us/about/newsroom/press-releases/eset-research-analyzes-malicious-frameworks-targeting-air-gapped-networks-dissects-15-years-of-nati-1/

https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/

Decompile directly in VS code.

https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler

Interesting thread!

https://twitter.com/SonarSource/status/1468973725072564225

🔧 s3n (Search-Scan-Save-Notify)

A tool to scrape online web-content (APIs, RSS Feeds, or Websites) and notify if search term was hit. It is based on PHP.

https://github.com/AamerShah/s3n

Credits: twitter.com/Aamer_Sha

Voice Cloning (RTVC)

https://github.com/CorentinJ/Real-Time-Voice-Cloning

Interesting thread on RCE in Ghidra via log4j (CVE-2021-44228)

https://twitter.com/zhuowei/status/1469511822411767811

Python Log4RCE PoC | Log4Shell | CVE-2021-44228

https://github.com/alexandre-lavoie/python-log4rce

Rodan Telecom Exploitation Framework

https://github.com/Etisalat-Egypt/Rodan

Zero-Day: A deep dive into the Israeli 🇮🇱 state sponsored cyber-crime spyware via zero-click iMessage exploit: Remote Code Execution.

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Chrome: Site Isolation bypass via NavigationPreloadRequest.

https://bugs.chromium.org/p/project-zero/issues/detail?id=2239

Trend Micro's Web Based scanner for CVE-2021-44228 aka Log4Shell.

log4j-tester.trendmicro.com

Pegasus vs. Predator as Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware from a startup in Macedonia 🇲🇰 an apparent competition with the state sponsored crimeware (lets call it so) of Israel 🇮🇱

A citizen-lab report.

https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/

CVE-2021-44228 aka Log4shell summarized.

https://m.youtube.com/watch?v=w2F67LbEtnk

🔧 Tool: Mariana Trench; a security focused static analysis platform targeting Android.

https://github.com/facebook/mariana-trench

Data-Leak: State sponsored Cyber-Crime syndicate from India 🇮🇳 using Tek Fog: An App With BJP (the ruling party); Footprints for Cyber Troops to Automate Hate, Manipulate Trends.

https://thewire.in/tekfog/en/1.html

An interesting thread on SquirrelWaffle, Qakbot and Emotet using the same C2 servers linked to hundreds of websites from India 🇮🇳

https://twitter.com/1ZRR4H/status/1485413045975330822

Zero-Day: A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/

CVE-2021-39675, is present in the mobile OS's System component, and can be abused to achieve remote escalation of privilege without the user needing to do anything at all, and "with no additional execution privileges needed," as Google puts it.

https://source.android.com/security/bulletin/2022-02-01

Change management: https://android.googlesource.com/platform/system/nfc/+/fef77a189022aa7ac53136e582a1444b1d2ef5f0%5E%21/#F0

Reference: https://www.theregister.com/2022/02/09/android_security_bulletin/