Secjuice Squeeze Volume 27

Welcome to the 27th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. We have been away for a few weeks and this edition will be longer than usual. This week's volume compiled by Secjuice writers Sinwindie, Mike Peterson, Prasanna, Hartoyo Wahyu, and Miguel Calles.

Articles

How Hackers Use An Ordinary Light Bulb To Spy On Conversations 80 Feet Away

What if a hacker could use an ordinary, dumb, old-fashioned light bulb to spy on your conversations from afar?

Source: forbes.com
Curator: Sinwindie

A survey of recent iOS kernel exploits

I recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.

Source: googleprojectzero.blogspot.com
Curator: Prasanna

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the director.

Source: washingtonpost.com
Curator: Mike Peterson

'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices

Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.

Source: darkreading.com
Curator: Prasanna

Masked arsonist might’ve gotten away with it if she hadn’t left Etsy review

Woman who burned two police cars IDed by tattoo and Etsy review of her T-shirt.

Source: arstechnica.com
Curator: Sinwindie

Structured analysis techniques and OSINT, with Dr. Martha Whitesmith

Terry Pattar, head of the Janes Intelligence Unit, and Dr. Martha Whitesmith, research fellow at The Department of War Studies, King’s College London discuss whether or not structured analysis techniques provide any clear benefits to intelligence analysts.

Source: janes.com
Curator: Sinwindie

Upcoming Events, Webcasts, Conferences, etc.

LASCON 20/20 - Call for Papers and Training

When: Now thru June 30, 2020
Source: lascon.org
Curator: Miguel Calles

The Best Virtual Cybersecurity Conferences And Events In 2020

The best online cybersecurity events taking place in 2020 are the educational ones in my opinion. With the collapse of physical events and conferences, we’ve seen an absolute surge towards hosting online events; but from what we’ve seen the events that generate the highest attendance are the ones with actionable skills you can actually use in your cyber niche.

Source: infosec-conferences.com
Curator: Hartoyo Wahyu

SANS@MIC - The 14 Absolute Truths of Security

When: July 06, 2020 at 8:30 PM EDT (2020-07-07 00:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

OWASP Virtual AppSec Days Summer of Security

When: July 28-29, 2020 (12:00pm to 4:00pm EDT/1800pm to 2200pm CET)
Location: Online
Source: appsecdays.org
Curator: Hartoyo Wahyu

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source: osdfcon.org
Curator: Hartoyo Wahyu

LASCON 20/20

When: October 29-30, 2020
Location: Austin, TX
Cost: $199 (early registration)
Source: lascon.org
Curator: Miguel Calles