Secjuice Squeeze 50
Welcome to the Secjuice Squeeze, a curated selection of security articles and news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mike Peterson, Sinwindie, Prasanna, Ross Moore, Tony Kelly, Muhammad Luqman, and Miguel Calles.
Articles
FBI Warn Hackers are Using Hijacked Home Security Devices for 'Swatting'
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
Source & Link: threatpost.com
Curator: Mike Peterson
The Mac Malware of 2020
A comprehensive analysis of the year's new malware.
Source & Link: objective-see.com
Curator: Mike Peterson
Hackers target cryptocurrency users with new ElectroRAT malware
Intezer Labs said it discovered fake cryptocurrency apps laced with ElectroRAT, a new Go-based malware strain.
Source & Link: zdnet.com
Curator: Mike Peterson
Singapore says police will be given access to Covid-19 contact tracing data
Concerns over privacy as TraceTogether scheme is used by almost 80% of the nation’s population.
Source & Link: theguardian.com
Curator: Mike Peterson
Major Gaming Companies Hit with Ransomware Linked to APT27
Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.
Source & Link: threatpost.com
Curator: Sinwindie
Vodafone's ho. Mobile admits data breach, 2.5m users impacted
Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data.
Source & Link: bleepingcomputer.com
Curator: Prasanna
Dark Web Forum Activity Surged 44% in Early COVID Months
Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.
Source & Link: darkreading.com
Curator: Prasanna
WhatsApp: Share your data with Facebook or delete your account
After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users' data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.
Source & Link: bleepingcomputer.com
Curator: Prasanna
SolarWinds Hit With Class-Action Lawsuit Following Orion Breach
SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.
Source & Link: darkreading.com
Curator: Ross Moore
Green watchdog communications wrecked by cyber attack
Computer systems at the Scottish Government’s green watchdog have been crippled for two weeks by a “complex and sophisticated” cyber attack.
Source & Link: theferret.scot
Curator: Prasanna
Italian mobile operator offers to replace SIM cards after massive data breach
Hackers stole the personal data for 2.5 million Ho Mobile subscribers.
Source & Link: zdnet.com
Curator: Prasanna
Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'
Messaging app makes inadvertent oversharing too easy.
Source & Link: theregister.com
Curator: Tony Kelly
Ryuk gang estimated to have made more than $150 million from ransomware attacks
Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.
Source & Link: zdnet.com
Curator: Tony Kelly
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.
Source & Link: zdnet.com
Curator: Muhammad Luqman
Events
Scholarships for Building a Cybersecurity Skillset for College and Career Success
Webinar: January 13 @ 03:30 PM Eastern
$2 million in Cybersecurity Scholarships, Very Cool Hands-On Experiential Learning, and How to Build a Cybersecurity Skillset for College and Career Success
Source & Link: zoom.us
Curator: Miguel Calles
Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training
Summit: February 11-12 | Training: February 8-10 & 15-20
The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.
Source & Link: sans.org
Curator: Sinwindie
OSINT Onboarding Season hosted by Henk Van Ess and Social Links
Webinars: January 12 @ 4 PM UTC | February 16 @ 4 PM UTC | March 16 @ 4 PM UTC
This course will change the way you conduct internet research, regardless of your job title.
Source & Link: mtg-bi.com
Curator: Tony Kelly