■■□□□ Novastar-VNNOX-iCare(Novaicare) V7.16.0 [Multiple Privilege Escalation flaws]

https://github.com/viperbluff/Novastar-VNNOX-iCare-Privilege-Escalation

■■■□□ FaPro: A Fake Protocol Server tool, Can easily start or stop multiple network services.
The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.

https://github.com/fofapro/fapro

■□□□□ United States 🇺🇸: The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money.

■■■□□ Data-Leak / Cyber-Attack: #teamHDP – #Venezuelan #hacker group exposes #DCGIM and #SEBIN

https://cybershafarat.com/2021/09/17/teamhdp-venezuelan-hacker-group-exposes-dcgim-and-sebin/

■■■■■ Interesting thread!

https://twitter.com/hacker_/status/1439243212288405505

■■□□□ Edward Snowden urges users to stop using ExpressVPN.

The statement comes amid Israel 🇮🇱 based company took over the VPN giant.

Postscript: Like companies in China 🇨🇳 have to share data with government on demand. Similarly in Israel, it is more ubiquitous as data of private companies is almost always shared with the government. The state literally owns the data of the organisations.

■■□□□ Epik hack exposes lax security practices at controversial web host.

https://portswigger.net/daily-swig/epik-hack-exposes-lax-security-practices-at-controversial-web-host

■■■■■ RoboPhish

https://github.com/gasayminajj/robophish

■□□□□ United States 🇺🇸: AT&T Free Msg: You know you shouldn’t click … so we did it for you!

https://securityboulevard.com/2021/09/att-free-msg-you-know-you-shouldnt-click-so-we-did-it-for-you/

■■■□□ Anonymous Hacktivists Leak 180 GB of Data from Web Host Epik.

https://www.ehackingnews.com/2021/09/anonymous-hacktivists-leak-180-gb-of.html

● ICYMI: The vulnerabilities in this (t.me/cKure/9386) post have not been fixed by the vendor. So technically they are zero-day issues.

■□□□□ Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in Microsoft Office products. At least one attack targeted government agencies. Using the vulnerability, attackers can not only spy on users of the infected system, but also download malicious programs like ransomware viruses into it. Experts expect that hackers will actively exploit the system's flaw, as users are slow to install updates.

https://www.ehackingnews.com/2021/09/hackers-attack-russian-organizations.html

■□□□□ ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files.

https://github.com/Greenwolf/ntlm_theft

■■■□□ Hunting for OMI Vulnerability Exploitation with Azure Sentinel.

https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-omi-vulnerability-exploitation-with-azure-sentinel/ba-p/2764093

■□□□□ QLOG - Windows Security Logging.

https://github.com/threathunters-io/QLOG

■■■■□ Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise

https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise

■■■■■ A (v3.5 compatible) .NET tool for stealing and importing certificates in the Windows certificate store without touching disk. Useful for red team operations where you need to poach a certificate for pivoting purposes and want to do so with an in-memory post-ex payload.

This is similar to Benjamin Delpy's Mimikatz.

https://github.com/TheWover/CertStealer

■■■■■ Zero-Day: PoC CVE-2021-30632 - Out of bounds write in V8.

Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google's patch.

https://github.com/Phuong39/PoC-CVE-2021-30632

■■□□□ Interesting thread: 🌐 BlackMatter Ransomware group just ransomed another food critical infrastructure in the US, The ransom demand is 5,900,000$ for now 🚨

The victim is playing by the rules: "@CISAgov is going to be demanding answers from us within the next 12 hours" 🧐

#BlackMatter

https://twitter.com/ido_cohen2/status/1439863554606305286

■□□□□ VoIP.ms phone services disrupted by DDoS extortion attack.