Secjuice Squeeze 60
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Andy74, Tony Kelly, Prasanna, Ross Moore.
In this edition, we have news articles, blog posts, and learning.
News
Critical code execution vulnerability fixed in Adobe ColdFusion
Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.
Read more at bleepingcomputer.com
Curated by Andy74
Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
Critical RCE Vulnerability Found in Apache OFBiz Enterprise Resource Planning (ERP) system.
Read more at thehackernews.com
Curated by Andy74
Popular Netop Remote Learning Software Found Vulnerable to Hacking
Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers.
Read more at thehackernews.com
Curated by Andy74
Multiple Bugs In TikTok Android App Could Allow 1-Click RCE Attacks
An attacker could chain the bugs while exploiting to achieve 1-click RCE in TikTok Android app. TikTok deployed the fixes for it.
Read more at latesthackingnews.com
Curated by Andy74
Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts
Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts.
Read more at theregister.com
Curated by Tony Kelly
Ransomwared Bank Tells Customers It Lost Their SSNs
A data breach that already hit bank employees just got much worse.
Read more at www.vice.com
Curated by Andy74
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks.
Read more at thehackernews.com
Curated by Andy74
CNA insurance firm hit by a cyberattack, operations impacted
CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.
Read more at bleepingcomputer.com
Curated by Prasanna
Microsoft Exchange servers now targeted by Black Kingdom ransomware
Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
Read more at bleepingcomputer.com
Curated by Tony Kelly
Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail
A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.
Read more at threatpost.com
Curated by Tony Kelly
Purple Fox malware worms its way into exposed Windows systems
Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks.
Read more at bleepingcomputer.com and itpro.co.uk
Curated by Andy74 and Tony Kelly
Hobby Lobby exposes of 138GB of customer and payment data
American arts and crafts giant Hobby Lobby has exposed a large amount of customer data, including names, phone numbers, physical and email addresses, and the last four digits of payment cards, and the source code for the company's app, according to a security researcher known as boogeyman, who discovered the leak.
Read more at securitymagazine.com
Curated by Andy74
Hackers Target Russian Cybercrime Forums
Maza becomes latest Russian cybercrime forum to be hacked.
Read more at infosecurity-magazine.com
Curated by Tony Kelly
CNA insurance firm hit by a cyberattack, operations impacted
CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.
Read more at bleepingcomputer.com
Curated by Tony Kelly
Microsoft fixes Windows PSExec privilege elevation vulnerability
Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices.
Read more at bleepingcomputer.com
Curated by Andy74
REvil Ransomware Can Now Reboot Infected Devices
The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.
Read more at govinfosecurity.com
Curated by Andy74
Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers
More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.
Read more at thehackernews.com
Curated by Andy74
Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems
Cisco released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS.
Read more at thehackernews.com
Curated by Andy74
Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days
Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.
Read more at bleepingcomputer.com
Curated by Tony Kelly
Critical netmask networking bug impacts thousands of applications
Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads.
Read more at bleepingcomputer.com
Curated by Ross Moore
Suez Canal: Satellite Clues on a Stricken Cargo Ship
At 400m, the Ever Given is hard to miss. That makes satellite imagery ideal in understanding more about the cargo ship's predicament.
Read more at bellingcat.com
Curated by Tony Kelly
Misconfiguration Resulted in Exposure of the PHI of 65,000 Mobile Anesthesiologists Patients
Mobile Anesthesiologists, Haven Behavioral Healthcare, and Heart of Texas Community Health Center have announced breaches of patient data.
Read more at hipaajournal.com
Curated by Ross Moore
MobiKwik investigating data breach after 100M user records found online
TechCrunch has learned that MobiKwik asked Amazon for logs last month after it found user data had been exfiltrated.
Read more at techcrunch.com
Curated by Tony Kelly
Open Threat Exchange
Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's latest threats.
Read more at otx.alienvault.com
Curated by Ross Moore
US DOJ: Phishing attacks use vaccine surveys to steal personal info
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.
Read more at bleepingcomputer.com
Curated by Prasanna
533 million Facebook users’ phone numbers leaked on hacker forum
The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.
Read more at bleepingcomputer.com
Curated by Tony Kelly
Blogs
Resident Evil 8 just the latest game plagued by fake demos and early access scams
There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts?
Read more at blog.malwarebytes.com
Curated by Andy74
A passport to freedom? Fake COVID-19 test results and vaccination certificates offered on Darknet and hacking forums
Check Point Research highlights new trend of forged negative COVID-19 test results and fake vaccine certificates offered on the Darknet and various hacking forums for people seeking to board flights, cross borders, attend events or start new jobs.
Read more at blog.checkpoint.com
Curated by Andy74
We're open sourcing Protocol Fuzzer Community Edition!
GitLab is releasing an open source protocol fuzz testing repository.
Read more at about.gitlab.com
Curated by Ross Moore
Second independent audit of SecureDrop Workstation completed
We are pleased to announce that Trail of Bits has completed the second independent audit of the SecureDrop Workstation, directly funded by The New York Times.
Read more at securedrop.org
Curated by Tony Kelly
SAML Raider Release 1.4.0
SAML Raider [0] is a Burp Suite [1] extension for testing SAML infrastructures. The last two releases contain several new features. This blog post describes the most important changes.
Read more at blog.compass-security.com
Curated by Tony Kelly
Hidden OAuth attack vectors
The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, and more. In this post, however, we're going to present three brand new OAuth2 and OpenID Connect vulnerabilities: "Dynamic Client Registration: SSRF by design", "redirect_uri Session Poisoning", and "WebFinger User Enumeration". We'll go over the key concepts, demonstrate these attacks on two open-source OAuth servers (ForgeRock OpenAM and MITREid Connect), and provide some tips on how you can detect these vulnerabilities yourself.
Read more at portswigger.net
Curated by Tony Kelly
How I Found My First Ever ZeroDay (In RDP)
Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS.
Read more at malwaretech.com
Curated by Tony Kelly
Update on campaign targeting security researchers
An update on a hacking campaign targeting security researchers.
Read more at blog.google
Curated by Tony Kelly
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
How attackers use the Background Intelligent Transfer Service (BITS), techniques for detecting attacker activity, and the public release of our BitParser tool.
Read more at fireeye.com
Curated by Tony Kelly
Hunting for Lateral Movement using Event Query Language
In this blog, we explore some examples of techniques and leverage the capabilities of Elastic’s Event Query Language (EQL) to design behavioral hunts and detections.
Learn more at elastic.co
Curated by Tony Kelly
39% of businesses suffered cyber attacks in the past year
Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the Cyber Security Breaches Survey 2021.
Learn more at itgovernance.co.uk
Curated by Tony Kelly
Learning
What is Footprinting and Website Reconnaissance
Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.
Learn more at neoslab.com
Curated by Tony Kelly
Microsoft Portals Site
An aggregation of all of the Microsoft Portals we could find.
Learn more at msportals.io
Curated by Tony Kelly
Getting Into Cyber Cheatsheet
This cheat sheet is designed to augment the aspiring cybersecurity professional and provide them with the tips, resources ,and advice needed to help improve their chances of finding a role in cybersecurity.
Learn more at noxcyber.co.uk
Curated by Tony Kelly
EZ Tools | Digital Forensics Tools from SANS
Learn to quickly identify and mitigate cyber threats with our open source "EZ Tools" an easy to use set of digital forensics tools provided by SANS and Eric Zimmerman. Our command line tools include an amcache.hve parser, jump list parser and registry viewer.
Learn more at digital-forensics.sans.org
Curated by Tony Kelly
