Secjuice Squeeze Volume 26

Welcome to the Secjuice Squeeze, a curated selection of interesting infosec articles and news that you may have missed, with upcoming events.

Secjuice Squeeze Volume 26

Welcome to the 26th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. We have been away for a few weeks and this edition will be longer than usual. This week's volume compiled by Secjuice writers Sinwindie, Mike Peterson, Prasanna, Devesh Chande, Hartoyo Wahyu, Thunder-Son, and Miguel Calles.

Articles

Honda cyberattack halts plants in India, Brazil

Honda Motor Co plants in Brazil and India have halted operations as the Japanese automaker battles to recover from a cyberattack that affected several factories worldwide.

Source: taipeitimes.com
Curator: Sinwindie

Nintendo confirms 300,000 accounts breached since April

The company recommends users change their passwords and enable two-factor authentication. Hackers had access to personal information including users' birthdays and email addresses, but did not have access to credit card information.

Source: independent.co.uk
Curator: Sinwindie

Sleuths uncover a particularly brazen case of cyber-mischief

Companies suffer hacking attacks on a daily basis. The most recent known victim was Honda, which announced that its computers had been locked down by ransomware on June 9th. Stories about the firms suspected of doing the hacking, though, are rarer. Also on June 9th CitizenLab, part of the Munk School of Government at the University of Toronto, said that it had unearthed one of the biggest-known groups of such workaday, mercenary hackers, which it has dubbed “Dark Basin”.

Source: economist.com
Curator: Sinwindie

GovTech Singapore Resolved 33 Security Weaknesses and Awarded Global Hacker Community Over $30,800 for Contributing to a More Secure and Resilient Smart Nation

HackerOne, the number one hacker-powered security platform, and Singapore's Government Technology Agency (GovTech), supported by the Cyber Security Agency of Singapore (CSA) today announced the results of its third Government Bug Bounty Programme (GBBP), part of the Singapore Government's ongoing initiative to build a secure and resilient Smart Nation, a government-wide initiative to improve the lives of citizens and increase business opportunities through the adoption of digital and smart technologies throughout Singapore.

Source: yahoo.com
Curator: Sinwindie

The 'new normal' as cyber-spies navigate pandemic

The Covid crisis has reshaped the cyber-threat landscape around the globe.

There may not have been a significant increase in the volume of cyber-attacks, but countries have pursued new targets, pushed boundaries and taken advantage of their adversaries working from home, according to cyber-security experts.

Source: bbc.com
Curator: Mike Peterson

Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal Data

Threat actors are distributing fake Android applications themed around official government COVID-19 contact tracing apps. Anomali Threat Research (ATR) identified multiple applications that contain malware, primarily Anubis and SpyNote, and other generic malware families. These apps, once installed on a device, are designed to download and install malware to monitor infected devices, and to steal banking credentials and personal data. The wider security community continues to monitor ongoing malicious activity themed around COVID-19.[1] ATR believes that the fake apps are likely being distributed through other apps, third-party stores, and websites, among others. As of the publication of this research, the fake apps had not been identified as being present in the Google Play Store.

Source: anomali.com
Curator: Prasanna

Facebook Helped the FBI Hack a Child Predator

Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.

Source: vice.com
Curator: Sinwindie

More than 13,500 Vivo phones running on same IMEI, Meerut police files case

A five-month-long investigation by the cybercrime cell unit of Meerut Police uncovered a security breach where more than 13,500 phones manufactured by Vivo were found to be running on the same International Mobile Equipment Identity (IMEI) number.

Source: indianexpress.com
Curator: Devesh Chande

Maze Promotes Other Gang's Stolen Data On Its Darknet Site

The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its "Maze News" website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.

Source: bankinfosecurity.com
Curator: Devesh Chande

US aerospace services provider breached by Maze Ransomware

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company's compromised devices in April 2020.

Source: bleepingcomputer.com
Curator: Devesh Chande

Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones.

Source: trendmicro.com
Curator: Prasanna

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

Academics say they discovered 26 new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOs, Windows, and FreeBSD.

Source: zdnet.com
Curator: Prasanna

Fuckunicorn ransomware targets Italy in COVID-19 lures

A new ransomware dubbed FuckUnicorn has been targeting computers in Italy by tricking victims into downloading a fake contact tracing app, named Immuni, that promises to provide real-time updates for the COVID-19 outbreak.

Source: securityaffairs.co
Curator: Devesh Chande

Ransomware Gangs' Ruthlessness Leads to Bigger Profits

Criminals continue to tap ransomware, backed by more advanced network penetration techniques, hitting larger targets and leaking data in an attempt to maximize their illicit paydays.

Source: bankinfosecurity.com
Curator: Devesh Chande

Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million

Serious security vulnerabilities in Qatar’s mandatory contact tracing app, uncovered by Amnesty International, must act as a wake-up call for governments rolling-out COVID-19 apps to ensure privacy safeguards are central to the technology.

Source: amnesty.org
Curator: Thunder-Son

Thai Database Leaks 8.3 Billion Internet Records

I recently discovered an exposed ElasticSearch database when browsing BinaryEdge and Shodan. This database appears to be controlled by a subsidiary of a major Thailand-based mobile network operator named Advanced Info Service (AIS).  According to Wikipedia, AIS is "Thailand's largest GSM mobile phone operator with 39.87 million customers" as of 2016. The database was likely controlled by AIS subsidiary Advanced Wireless Network (AWN). It contained a combination of DNS query logs and NetFlow logs for what appears to be AWN customers. Using this data it is quite simple to paint a picture of what a person does on the Internet. I made multiple attempts to contact AIS to get the database secured without success. At that point I  contacted Zack Whittaker – a journalist from TechCrunch – for assistance. We were still unable to make contact with AIS. I then contacted the Thailand National CERT team (ThaiCERT).  ThaiCERT was able to make contact with AIS, and we were successful in getting the database secured.

Source: rainbowtabl.es
Curator: Prasanna

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.

Source: threatpost.com
Curator: Prasanna

Thousands of enterprise systems infected by new Blue Mockingbird malware gang

Thousands of enterprise systems are believed to have been infected with a cryptocurrency-mining malware operated by a group tracked under the codename of Blue Mockingbird.

Source: zdnet.com
Curator: Mike Peterson

Hackers Serve Up Stolen Credentials from Home Chef

Roughly 8 million users of meal-delivery company Home Chef found themselves served a side of compromised data along with their food. The personal information, which includes email address, encrypted password, last four credit card digits, gender, age, and subscription information, was offered for sale on the Dark Web for approximately $2,500.

Source: darkreading.com
Curator: Mike Peterson

NSO Group Impersonates Facebook Security Team to Spread Spyware — Report

According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.

Source: threatpost.com
Curator: Mike Peterson


Upcoming Events, Webcasts, Conferences, etc.

LASCON 20/20 - Call for Papers and Training

When: Now thru June 30, 2020
Source: lascon.org

DevSecCon24

When: June 15-16, 2020
Location: Online
Source: devseccon.com
Curator: Miguel Calles

You Can Write an Infosec Book!

When: June 15, 2020 at 1:00 PM EDT (2020-06-15 17:00:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

The Best Virtual Cybersecurity Conferences And Events In 2020

The best online cybersecurity events taking place in 2020 are the educational ones in my opinion. With the collapse of physical events and conferences, we’ve seen an absolute surge towards hosting online events; but from what we’ve seen the events that generate the highest attendance are the ones with actionable skills you can actually use in your cyber niche.

Source: infosec-conferences.com
Curator: Hartoyo Wahyu

SANS@MIC - The 14 Absolute Truths of Security

When: July 06, 2020 at 8:30 PM EDT (2020-07-07 00:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

OWASP Virtual AppSec Days Summer of Security

When: July 28-29, 2020 (12:00pm to 4:00pm EDT/1800pm to 2200pm CET)
Location: Online
Source: appsecdays.org
Curator: Hartoyo Wahyu

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source: osdfcon.org
Curator: Hartoyo Wahyu

LASCON 20/20

When: October 29-30, 2020
Location: Austin, TX
Cost: $199 (early registration)
Source: lascon.org
Curator: Miguel Calles

The awesome image used in this article is called Creative Wizard and it was created by Tyler Pate.