☆ Breaking: Phrack 72 has been released.

http://phrack.org/issues/70/1.html

Twitch Data-Leak original post copy and link.

Archived at https://sizeof.cat/

Zero-Day Exploit code: Cisco RV110W UPnP 0day 分析.

https://github.com/badmonkey7/CVE-2021-34730

Breaking: India 🇮🇳: Activists in Togo 🇹🇬 attacked by Indian made spyware.

OSINT report by Amnesty International of a Cyber-Crime apparently by an Indian company that has been linked to the infrastructure used by Donot Group and an Indian cybersecurity company Innefu Labs.

Report: https://github.com/blackorbird/APT_REPORT/blob/master/Donot/Donot%20Group%20%26%20Innefu%20Labs.pdf

Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless.

https://github.com/deepfence/ThreatMapper

Old but Gold: Bypassing the Air-Gap system for sensitive info.

Your body reveals your password by interfering with Wi-Fi

https://dl.acm.org/doi/10.1145/2976749.2978397

http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/

CVE-2021-35052: WinRar remote code execution.

WinRAR’s vulnerable trialware: when free software isn’t free.

https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/

https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

CVE-2021-30573 PoC for Google Chrome

Google Chrome Use After Free vulnerability reported by S4E Team.

https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome

Breaking from Iran 🇮🇷 as Nationwide Cyber-Attack shuts down "smart fuel network," gas stations across the country rendering them dysfunctional as per state media.

Data-Leak of ~20K personnel of Israel 🇮🇱 defence forces (regular army) leaked by a Cyber-Crime group called Moses-Staff including names, ID, phone number, personal photographs, address and similar.

Refer: https://t.me/cKure/9860

Data-Leak from Israel 🇮🇱 as threat actor from unknown origin has posted tens of GBs of leaked data from the ministry of defense, Israel.

All Windows versions impacted by new LPE zero-day vulnerability.

A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.

https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/

CVE-2021-42574

Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project.

https://www.trojansource.codes/

Details: https://securityaffairs.co/wordpress/124081/hacking/trojan-source-attack.html

CVE-2021-42574 - Code generator.

https://github.com/js-on/CVE-2021-42574

Signal Unveils How Far US Law Enforcement Will Go To Get Information About People.

https://signal.org/bigbrother/santaclara/

Pwn2own Austin, United States 🇺🇸 with ~750K USD 💵 rewarded in 2 days.

Day 1 results (21 Zero-Day bugs):
https://youtu.be/jAckZAL5Dos

Day 2 results (14 Zero-Day bugs):
https://youtu.be/V3Xoo8IK0-I

Russia 🇷🇺: Ukraine 🇺🇦 has doxed today five members of the Gamaredon APT, which it says it linked to the Sevastopol branch of the FSB in the Crimean Peninsula.

https://therecord.media/ukraine-discloses-identity-of-gamaredon-members-links-it-to-russias-fsb/

Apparently a zero-day exploit being circulated online that can takeover Instagram accounts.

The phishing link contains ig.me (a lookalike which is not owned by Instagram). The hack allows the attacker to takeover the victims account.

More details as they arrive.