3681

Protect your business from password sprays with Microsoft DART recommendations
https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/

3682

Trojan Source Attacks
https://trojansource.codes/
https://trojansource.codes/trojan-source.pdf

3683

The November 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/11/9/the-november-2021-security-update-review

3684

Mekotio Banker Returns with Improved Stealth and Ancient Encryption
https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/

3685

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html

3686

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/

3687

Microsoft, Cloudflare, and Google emerge as the most spam-friendly Internet Service Providers
https://atlasvpn.com/blog/microsoft-cloudflare-and-google-emerge-as-the-most-spam-friendly-internet-service-providers

3688

Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html

3689

Who are latest targets of cyber group Lyceum?
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns

3690

Presumably there is an equal and measured action against national threat actors.

3691

Gravity RAT Malware Returns as A Chat Application
https://blog.cyble.com/2021/11/11/gravity-rat-malware-returns-as-a-chat-application/

3692

Microsoft will now snitch on you at work like never before
https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/

3693

Amazing how headlines always attempt ot mislead.
Does anyone really assume that when they work for someone else that the employer
doesn’t have a right to know what you’re doing on behalf of the employer’s company?
How many insider hacks have just been in the news?

3694

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/

3695

Threat Spotlight: Bait attacks
https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/

3696

THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware
https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware

3697

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/

3698

DirtyMoe: Deployment
https://decoded.avast.io/martinchlumecky/dirtymoe-4/

https://decoded.avast.io/martinchlumecky/dirtymoe-3/
https://decoded.avast.io/martinchlumecky/dirtymoe-rootkit-driver/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/

3699

Avast Threat Labs releases Q3 2021 Threat Report
https://blog.avast.com/avast-threat-labs-q3-report-avast
https://decoded.avast.io/threatresearch/avast-q321-threat-report/

3700

The Invisible JavaScript Backdoor
https://certitude.consulting/blog/en/invisible-backdoor/