Secjuice Squeeze Volume 23

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles that you may have missed, as well as upcoming infosec events.

Secjuice Squeeze Volume 23

Welcome to the 23rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week's volume compiled by Secjuice writers Mike Peterson, Sinwindie, Hartoyo Wahyu, Guise Bule and Miguel Calles.

Articles

Microsoft Offers $100,000 If You Can Hack This Linux Operating System

Microsoft chose Linux instead of Windows 10 to power an IoT security platform, and now it's offering hackers $100,000 (£81,000) if they can break it.

There are, of course, conditions attached.

Source: forbes.com
Curator: Sinwindie

WebMonitor RAT Bundled with Zoom Installer

In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).

Source: trendmicro.com
Curator: Miguel Calles

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found.

Source: threatpost.com
Curator: Mike Peterson

DEF CON 28 in-person conference is CANCELLED

Why? It is not safe for people to gather in large groups for conferences, sports ball events, or clubbing now or in the foreseeable future this year.

Source: defcon.org
Curator: Mike Peterson

Report: Microsoft’s GitHub Account Gets Hacked

Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports.

Source: threatpost.com
Curator: Mike Peterson

An Undetected Network Of Bots That Infected Over 10,000 Devices Just To Download Anime

A hacker ran a network of bots that compromised more than 10,000 devices for years, seemingly for one purpose: to download anime videos.

Source: businessinsider.com
Curator: Sinwindie

Nation-State Hackers Are Targeting COVID-19 Response Orgs

Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.

Source: bleepingcomputer.com
Curator: Mike Peterson

German Authorities Charge Russian Hacker for 2015 Bundestag Hack

German prosecutors have issued an arrest warrant today for a hacker working for the Russian military on charges of hacking the German Parliament in the spring of 2015.

Source: zdnet.com
Curator: Sinwindie

Zoom Buys Keybase As Part Of A 90-day Plan To Fix Security Flaws

Zoom has acquired security start-up Keybase, the first purchase in the company’s nine-year history. With in-person dealmaking off the table because of social distancing requirements, the negotiations took place over Zoom video calls.

Source: cnbc.com
Curator: Sinwindie

New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms

Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms.

Source: zdnet.com
Curator: Miguel Calles

Trump Issues Executive Order To Protect Power Grid From Attack

The executive order bans the use of equipment for the power grid that was manufactured by a company under the control of a foreign adversary, or the buying of any equipment that poses a national security threat.

Source: thehill.com
Curator: Miguel Calles

Ghost Blogging Platform Servers Hacked and Infected With Crypto-Miner

Earlier today, ZDNet reported that hackers managed to breach the servers of Ghost, a Node.js-based blogging platform, built and advertised as a simpler alternative to WordPress and used by your very own Secjuice!

Source: zdnet.com
Curator: Mike Peterson

The Path That Leads From Gaming To Malware

The rise of online gaming means that the underhand behavior that so often has undermined real-world sporting competitions has been extended into the digital world, too.

Source: zdnet.com
Curator: Guise Bule

Upcoming Events, Webcasts, Conferences, etc.

The Incident Response Challenge

When: Now thru May 14, 2020
Location: Online
Source: incident-response-challenge.com
Curator: Hartoyo Wahyu

Azure Sphere Security Research Challenge

When: Now thru May 14, 2020
Location: Online
Source: microsoft.com
Curator: Hartoyo Wahyu

The State of AI in Healthcare

When: May 12, 2020 @ 01:00 PM in Eastern Time (US and Canada)
Location: Online
Source: zoom.us
Curator: Miguel Calles

AWS Summit Online

When: May 13
Location: Online - US, Canada, Australia, New Zealand, Korea, India, ASEAN
Source: aws.amazon.com
Curator: Miguel Calles

Building the Paved Road to Container & Kubernetes Security

When: May 13, 2020 @ 11:00 PM in Eastern Time (03:00 PM UTC)
Location: Online
Source: snyk.io
Curator: Miguel Calles

The State of AI in Cybersecurity

When: May 14, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles

10 Measures and KPIs for ML Success

When: May 20, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles

How to manage access control with Zero Trust

When: May 20, 2020 @ 12:00 PM in Central Time (05:00 PM UTC)
Location: Online
Source: cybersecurity.att.com
Curator: Miguel Calles

DockerCon LIVE 2020 with theCUBE

When: May 28, 2020 @ 09:00 AM - 05:00 PM Pacific (04:00 PM to 12:00 AM UTC)
Location: Online
Source: cube365.net
Curator: Hartoyo Wahyu

The State of AI in Financial Services

When: Jun 2, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles

CSA EU Summit 2020

When: June 9-12, 2020
Location: Online
Source: cvent.com
Curator: Miguel Calles

DevSecCon24

When: June 15-16, 2020
Location: Online
Source: devseccon.com
Curator: Miguel Calles

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source: osdfcon.org
Curator: Hartoyo Wahyu

The awesome image used in this article is called Unicorn Witch and was created by Ale De La Torre.