Secjuice Squeeze 56
Welcome to the Secjuice Squeeze, a curated selection of security articles and news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Sinwindie, Ross Moore, Prasanna, hatless1der, Alesanco, Muhammad Luqman, and Miguel Calles
In this edition, we have news articles, blog posts, and events.
News
Egregor ransomware operators arrested in Ukraine
Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.
Read more at zdnet.com
Curated by Tony Kelly
Is it time to ban ransomware insurance payments?
The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track?
Read more at computerweekly.com
Curated by Tony Kelly
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
VMware has patched a vulnerability in its vSphere Replication product that can facilitate attacks on enterprises.
Read more at securityweek.com
Curated by Andy74
Palo Alto firewall software vulnerability quartet revealed
Researchers unveil details of security flaws in enterprise firewall technology.
Read more at portswigger.net
Curated by Andy74
France identifies Russia-linked hackers in large cyberattack
Hackers breached software firm that listed Airbus, Orange and the French Ministry of Justice as its clients.
Read more at politico.eu
Curated by Sinwindie
Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack
As FireEye reveals how suspicious second phone signed up for 2FA gave the game away.
Read more at theregister.com
Curated by Ross Moore
A Sticker Sent On Telegram Could Have Exposed Your Secret Chats
A flaw in Telegram messaging app could have exposed users' secret messages, photos, and videos.
Read more at thehackernews.com
Curated by Andy74
Half of phishing attacks cause ransomware infections: report
Not only did bad actors ask for additional ransoms but more companies are also paying them.
Read more at cybersecuritydive.com
Curated by Ross Moore
CISA, FBI, and Treasury Expose Latest Tool in North Korea’s Cryptocurrency Theft Scheme: AppleJeus - Homeland Security Today
In most instances, the malicious application—seen on both Windows and Mac operating systems—appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it.
Read more at hstoday.us and us-cert.cisa.gov
Curated by Prasanna and hatless1der
14 million Amazon and eBay accounts sold online in new leak
The data of 14 million Amazon and eBay accounts are for sale on a popular hacking forum, for accounts active from 2014-2021 in 18 countries.
Read more at cybernews.com
Curated by Andy74
Three New Vulnerabilities Patched in OpenSSL
OpenSSL updates patch three vulnerabilities, including two DoS flaws and one incorrect SSL rollback protection issue.
Read more at securityweek.com
Curated by Andy74
Misconfigured Baby Monitors Allow Unauthorized Viewing
Hundreds of thousands of individuals are potentially affected by this vulnerability.
Read more at threatpost.com
Curated by Andy74
Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping
A vulnerability in a popular video calling software development kit (SDK) could have allowed attackers to spy on video and audio calls.
Read more at thehackernews.com
Curated by Andy74
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites
A malvertising exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites.
Read more at thehackernews.com
Curated by Andy74
The M1 Malware Has Arrived
Now that Apple has officially begun the transition to Apple Silicon, so has malware.
Read more at gizmodo.com
Curated by Sinwindie
Discord: A New Paradise for Cybercrime
In a new report, Zscaler revealed the widespread use of Discord to host multiple payloads, including the Epsilon ransomware, Redline stealer, XMRig miner, and Discord token grabbers.
Read more at cyware.com
Curated by Andy74
Ninja Forms WordPress Plugin Opens Websites to Hacks
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.
Read more at threatpost.com
Curated by Andy74
Tracker pixels in emails are now an ‘endemic’ privacy concern
Critics suggest the practice is marketing gone too far.
Read more at zdnet.com
Curated by Andy74
Jamaica’s immigration website exposed thousands of travelers’ data
Exclusive: Months of immigration documents and COVID-19 lab results were left on an unprotected server.
Read more at techcrunch.com
Curated by Tony Kelly and Prasanna
Hackers target Myanmar government websites in coup protest
Hackers attacked military-run government websites in Myanmar on Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night.
Read more at bangkokpost.com
Curated by Sinwindie
US charges two more members of the 'Lazarus' North Korean hacking group
The US DOJ described the North Korean hackers as "the world's leading bank robbers" and "a criminal syndicate with a flag."
Read more at zdnet.com
Curated by Sinwindie
Malaysia arrests 11 suspects for hacking government sites
A similar government website defacement campaign is also taking place this week in Myanmar, in support of the country's jailed elected leader.
Read more at zdnet.com
Curated by Sinwindie
Dutch police post 'friendly' warnings on hacking forums
Dutch police: "Hosting criminal infrastructure in The Netherlands is a lost cause."
Read more at zdnet.com
Curated by Sinwindie
France Ties Russia's Sandworm to a Multiyear Hacking Spree
A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.
Read more at wired.com
Curated by Sinwindie
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.
Read more at thehackernews.com
Curated by Andy74
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
A new hack lets criminals bypass PIN for a Mastercard contactless card by tricking terminals into believing it to be a Visa card.
Read more at thehackernews.com
Curated by Andy74
White House now says 100 companies hit by SolarWinds hack, but more may be impacted
The attack is ‘likely of Russian origin.’
Read more at theverge.com
Curated by Muhammad Luqman
US announces charges against North Korean hackers for sweeping hacking scheme
DOJ expands its Sony Pictures hacking case.
Read more at theverge.com
Curated by Muhammad Luqman
Blogs
Let’s Encrypt completes huge upgrade, can now rip and replace 200 million security certs in ‘worst case scenario’
In brief Internet Security Research Group nonprofit Let’s Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours.
Read more at threatshub.org
Curated by Ross Moore
A warning to users of NurseryCam
This blog post is intended for a less technical audience – specifically parents and nurseries using the NurseryCam system.
Read more at cybergibbons.com
Curated by Tony Kelly
Endpoint Detection and Response: How Hackers Have Evolved
This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.
Read more at optiv.com
Curated by Tony Kelly
Here’s Why Quantum Computing Will Not Break Cryptocurrencies
Quantum computing isn't going to suddenly end the security of cryptocurrencies and bitcoin. Here's why.
Read more at forbes.com
Curated by Alesanco
Shining some light on Solarwinds and ICS
This blog discusses the Solarwinds breach and its impact on industrial control systems (ICS).
Read more at sans.org
Curated by Miguel Calles
Events
Cyber42 Game Day: Vulnerability Management Simulation
Tuesday, February 23, 2021 at 10:30 AM EST (2021-02-23 15:30:00 UTC)
In this special session you will play to win the Cyber42 Vulnerability Management Simulation! In this 90-minute Game Day you will play as part of a team to improve the state of a fictional organization and more effectively handle the vulnerability management.
Register at sans.org
Curated by Miguel Calles
Think Red, Act Blue - Hacking Proprietary Protocols
Tuesday, February 23, 2021 at 10:30 AM EST (2021-02-23 15:30:00 UTC)
In this webinar, Douglas McKee and Ismael Valenzuela, using their combined 30 years of experience in cybersecurity, will walk through how an adversary can dissect and understand proprietary protocols on your network to find vulnerabilities or leak sensitive information.
Register at sans.org
Curated by Miguel Calles