Secjuice Squeeze 52
Welcome to the Secjuice Squeeze, a curated selection of security articles and news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Andy74, Tony Kelly, Ross Moore, Muhammad Luqman, and Sinwindie.
News
Windows 10 bug crashes your PC when you access this location
A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.
Learn more at bleepingcomputer.com
Curated by Prasanna
DuckDuckGo surpasses 100 million daily search queries for the first time
DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users.
Learn more at zdnet.com
Curated by Tony Kelly
Microsoft Teams Maybe Collecting Data That Employers Can Use to Spy on Workers
It appears that the amount of data which the app collects presents privacy infringement for the users and the employers can manipulate and use that data to spy on their workers.
Learn more at ibtimes.sg
Curated by Ross Moore
Malwarebytes said it was hacked by the same group who breached SolarWinds
Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.
Learn more at zdnet.com
Curated by Muhammad Luqman
FireEye Releases New Open Source Tool in Response to SolarWinds Hack
FireEye has released an open source tool that checks Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers.
Learn more at securityweek.com
Curated by Prasanna
Microsoft Files Patent to Create Chatbots That Imitate Dead People
Microsoft has filed a patent that would allow the company to digitally revive deceased loved ones as chatbots, using the individual's personal information.
Learn more at ign.com
Curated by Tony Kelly
Spy companies using Channel Islands to track phones around the world
A security vulnerability in phone technology is being exploited by private intelligence companies via small networks in Jersey and Guernsey.
Learn more at thebureauinvestigates.com
Curated by Tony Kelly
Hacker leaks full database of 77 million Nitro PDF user records
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.
Learn more at bleepingcomputer.com
Curated by Ross Moore
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Researchers details a recently disclosed Windows MSRPC Printer Spooler Relay vulnerability that can be exploited remotely to execute code.
Learn more at thehackernews.com
Curated by Muhammad Luqman
SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
Cybersecurity company SonicWall hacked using zero-day vulnerabilities affecting its own NetExtender VPN product.
Learn more at thehackernews.com
Curated by Muhammad Luqman
New website launched to document vulnerabilities in malware strains
Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.
Learn more at zdnet.com
Curated by Tony Kelly
CISA Launches Campaign to Reduce the Risk of Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
Learn more at cisa.gov
Curated by Tony Kelly
The Takedown of a Dark-Web Marketplace
One of the world’s largest illicit bazaars was shuttered using data seized from a fortified bunker in Germany.
Learn more at newyorker.com
Curated by Sinwindie
Sentences and an Exit Scam: It's Been a Big Week on the Dark Web
The dark web's largest illegal marketplace went offline last Monday. It was the start of a bad week for cybercriminals.
Learn more at vice.com
Curated by Sinwindie
Russian Hacker Pleads Guilty to Administering a Website that Catered to Criminals
Kirill Victorovich Firsov, a Russian citizen, pleaded guilty in federal court today to a cybercrime, admitting that he was the administrator of a website that catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information and services to be used for criminal activity.
Learn more at justice.gov
Curated by Sinwindie
Blogs
Process Herpaderping – Windows Defender Evasion
Windows Defender has improved significantly the security posture of Windows environments since it has better detection capabilities compare to other security products. When a process is created Windows Defender receives a notification since it has a register callback on the kernel. However the actual inspection of the file occurs when the thread is inserted and before the process initiates on the system and not when the process object is created.
Learn more at pentestlaboratories.com
Curated by Andy74
A slew of Cisco bugs, Risks of DoH & DNSpooq (aka new proof that it's always DNS!)
Security Snacks is a weekly digest of the most notable InfoSec news.Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking. This week in cybersecurity news: A bunch of critical vulnerabilities were found in Cisco products that we may soon see exploited in-the-wild.
Learn more at intigriti.com
Curated by Tony Kelly
Learning
Online Incident Response Training with Brian Carrier
Our free, online DFIR training courses focus on helping you improve the speed and comprehensiveness of your intrusion investigations.
Learn more at cybertriage.com
Curated by Ross Moore
Wireshark Tutorial: Examining Emotet Infection Traffic
This Wireshark tutorial reviews recent Emotet activity and provides some tips on identifying this malware based on examining Emotet infection traffic.
Learn more at paloaltonetworks.com
Curated by Tony Kelly
CTF Challenges
Learn more at hackingarticles.in
Curated by Tony Kelly
Events
Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training
Summit: February 11-12 | Training: February 8-10 & 15-20
The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.