Secjuice Squeeze Volume 23
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles that you may have missed, as well as upcoming infosec events.
Welcome to the 23rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week's volume compiled by Secjuice writers Mike Peterson, Sinwindie, Hartoyo Wahyu, Guise Bule and Miguel Calles.
Articles
Microsoft Offers $100,000 If You Can Hack This Linux Operating System
Microsoft chose Linux instead of Windows 10 to power an IoT security platform, and now it's offering hackers $100,000 (£81,000) if they can break it.
There are, of course, conditions attached.
Source: forbes.com
Curator: Sinwindie
WebMonitor RAT Bundled with Zoom Installer
In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).
Source: trendmicro.com
Curator: Miguel Calles
Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found.
Source: threatpost.com
Curator: Mike Peterson
DEF CON 28 in-person conference is CANCELLED
Why? It is not safe for people to gather in large groups for conferences, sports ball events, or clubbing now or in the foreseeable future this year.
Source: defcon.org
Curator: Mike Peterson
Report: Microsoft’s GitHub Account Gets Hacked
Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports.
Source: threatpost.com
Curator: Mike Peterson
An Undetected Network Of Bots That Infected Over 10,000 Devices Just To Download Anime
A hacker ran a network of bots that compromised more than 10,000 devices for years, seemingly for one purpose: to download anime videos.
Source: businessinsider.com
Curator: Sinwindie
Nation-State Hackers Are Targeting COVID-19 Response Orgs
Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.
Source: bleepingcomputer.com
Curator: Mike Peterson
German Authorities Charge Russian Hacker for 2015 Bundestag Hack
German prosecutors have issued an arrest warrant today for a hacker working for the Russian military on charges of hacking the German Parliament in the spring of 2015.
Source: zdnet.com
Curator: Sinwindie
Zoom Buys Keybase As Part Of A 90-day Plan To Fix Security Flaws
Zoom has acquired security start-up Keybase, the first purchase in the company’s nine-year history. With in-person dealmaking off the table because of social distancing requirements, the negotiations took place over Zoom video calls.
Source: cnbc.com
Curator: Sinwindie
New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms
Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms.
Source: zdnet.com
Curator: Miguel Calles
Trump Issues Executive Order To Protect Power Grid From Attack
The executive order bans the use of equipment for the power grid that was manufactured by a company under the control of a foreign adversary, or the buying of any equipment that poses a national security threat.
Source: thehill.com
Curator: Miguel Calles
Ghost Blogging Platform Servers Hacked and Infected With Crypto-Miner
Earlier today, ZDNet reported that hackers managed to breach the servers of Ghost, a Node.js-based blogging platform, built and advertised as a simpler alternative to WordPress and used by your very own Secjuice!
Source: zdnet.com
Curator: Mike Peterson
The Path That Leads From Gaming To Malware
The rise of online gaming means that the underhand behavior that so often has undermined real-world sporting competitions has been extended into the digital world, too.
Source: zdnet.com
Curator: Guise Bule
Upcoming Events, Webcasts, Conferences, etc.
The Incident Response Challenge
When: Now thru May 14, 2020
Location: Online
Source: incident-response-challenge.com
Curator: Hartoyo Wahyu
Azure Sphere Security Research Challenge
When: Now thru May 14, 2020
Location: Online
Source: microsoft.com
Curator: Hartoyo Wahyu
The State of AI in Healthcare
When: May 12, 2020 @ 01:00 PM in Eastern Time (US and Canada)
Location: Online
Source: zoom.us
Curator: Miguel Calles
AWS Summit Online
When: May 13
Location: Online - US, Canada, Australia, New Zealand, Korea, India, ASEAN
Source: aws.amazon.com
Curator: Miguel Calles
Building the Paved Road to Container & Kubernetes Security
When: May 13, 2020 @ 11:00 PM in Eastern Time (03:00 PM UTC)
Location: Online
Source: snyk.io
Curator: Miguel Calles
The State of AI in Cybersecurity
When: May 14, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles
10 Measures and KPIs for ML Success
When: May 20, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles
How to manage access control with Zero Trust
When: May 20, 2020 @ 12:00 PM in Central Time (05:00 PM UTC)
Location: Online
Source: cybersecurity.att.com
Curator: Miguel Calles
DockerCon LIVE 2020 with theCUBE
When: May 28, 2020 @ 09:00 AM - 05:00 PM Pacific (04:00 PM to 12:00 AM UTC)
Location: Online
Source: cube365.net
Curator: Hartoyo Wahyu
The State of AI in Financial Services
When: Jun 2, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles
CSA EU Summit 2020
When: June 9-12, 2020
Location: Online
Source: cvent.com
Curator: Miguel Calles
DevSecCon24
When: June 15-16, 2020
Location: Online
Source: devseccon.com
Curator: Miguel Calles
Ai4 2020
When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source: ai4.io
Curator: Miguel Calles
Open Source Digital Forensics Conference
When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source: osdfcon.org
Curator: Hartoyo Wahyu