■■■□□ Anonymous Hacktivists Leak 180 GB of Data from Web Host Epik.

https://www.ehackingnews.com/2021/09/anonymous-hacktivists-leak-180-gb-of.html

● ICYMI: The vulnerabilities in this (t.me/cKure/9386) post have not been fixed by the vendor. So technically they are zero-day issues.

■□□□□ Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in Microsoft Office products. At least one attack targeted government agencies. Using the vulnerability, attackers can not only spy on users of the infected system, but also download malicious programs like ransomware viruses into it. Experts expect that hackers will actively exploit the system's flaw, as users are slow to install updates.

https://www.ehackingnews.com/2021/09/hackers-attack-russian-organizations.html

■□□□□ ntlm_theft: A tool for generating multiple types of NTLMv2 hash theft files.

https://github.com/Greenwolf/ntlm_theft

■■■□□ Hunting for OMI Vulnerability Exploitation with Azure Sentinel.

https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-for-omi-vulnerability-exploitation-with-azure-sentinel/ba-p/2764093

■□□□□ QLOG - Windows Security Logging.

https://github.com/threathunters-io/QLOG

■■■■□ Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise

https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise

■■■■■ A (v3.5 compatible) .NET tool for stealing and importing certificates in the Windows certificate store without touching disk. Useful for red team operations where you need to poach a certificate for pivoting purposes and want to do so with an in-memory post-ex payload.

This is similar to Benjamin Delpy's Mimikatz.

https://github.com/TheWover/CertStealer

■■■■■ Zero-Day: PoC CVE-2021-30632 - Out of bounds write in V8.

Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google's patch.

https://github.com/Phuong39/PoC-CVE-2021-30632

■■□□□ Interesting thread: 🌐 BlackMatter Ransomware group just ransomed another food critical infrastructure in the US, The ransom demand is 5,900,000$ for now 🚨

The victim is playing by the rules: "@CISAgov is going to be demanding answers from us within the next 12 hours" 🧐

#BlackMatter

https://twitter.com/ido_cohen2/status/1439863554606305286

■□□□□ VoIP.ms phone services disrupted by DDoS extortion attack.

■■■■□ Privacy / Zero-Day: VPN users unmasked by zero-day vulnerability in Virgin Media routers.

https://portswigger.net/daily-swig/vpn-users-unmasked-by-zero-day-vulnerability-in-virgin-media-routers

■■■□□ Payment API Vulnerabilities Exposed "Millions" of Users.

https://www.infosecurity-magazine.com/news/payment-api-vulnerabilities/

■□□□□ Data-Leak from Russia 🇷🇺: Pyrus.com Leak - Loan Applications from Clients of Banks, 150K (Russia, 2019-2020).

■□□□□ Data-Leak as 322 records of minekraftstore.com

■■■□□ Interesting thread: CVE-2021-41073 (Linux LPE Kernel bug - 5.1 to 5.14.6)

https://twitter.com/chompie1337/status/1439743758447398918

■■■□□ Data-Leak from United States 🇺🇸 as US farmer cooperative hit by $5.9M BlackMatter ransomware attack.

https://www.bleepingcomputer.com/news/security/us-farmer-cooperative-hit-by-59m-blackmatter-ransomware-attack/

■□□□□ 🇨🇳: TikTok China just limited kids to 40 minutes' use each day.

https://go.theregister.com/feed/www.theregister.com/2021/09/20/douyin_youth_mode_time_limits/

■□□□□ Two XOR-encryption, one structure reordering and one ROT shifting bypassed.

https://katyscode.wordpress.com/2021/01/15/reverse-engineering-adventures-league-of-legends-wild-rift-il2cpp

■■□□□ Geo-Location OSINT tips.

India used our software to spy on Pakistan, China, says US Intel company | Free Press Kashmir https://freepresskashmir.news/2021/09/19/india-used-our-software-to-spy-on-pakistan-china-says-us-intel-company/