Secjuice Squeeze 61
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Sinwindie, Andy74, Prasanna, Devesh Chande, Guise Bule and Gurkirat Singh.
In this edition, we have news articles, blog posts, and learning.
News
Spy Operations Target Vietnam with Sophisticated RAT
Researchers said the FoundCore malware represents a big step forward when it comes to evasion.
Read more at threatpost.com
Curated by Tony Kelly
Nearly 500 million LinkedIn users' details posted for sale online
The hacker included 2 million records as proof that they have what they claim.
Read more at computing.co.uk
Curated by Ross Moore
Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France
Tracking ID placed on mobile device without informed consent, says campaign group.
Read more at theregister.com
Curated by Ross Moore
Dark web hitman identified through crypto-analysis
Europol supported the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) in arresting an Italian national suspected of hiring a hitman on the dark web. The hitman, hired through an internet assassination website hosted on the TOR network, was payed about €10 000 worth in Bitcoins to kill the ex-girlfriend of the suspect.
Read more at europol.europa.eu
Curated by Sinwindie
There's Another Facebook Phone Number Database Online
Analysis by Motherboard and a security researcher indicate the database is separate from the recently reported cache of 500 million accounts.
Read more at vice.com
Curated by Tony Kelly
WEBGAP Announces A Sweet New Logo
Everyone's favorite remote browser isolation startup WEBGAP recently unveiled a new logo based on the scientific neutral gap sign, check it out!
Read more on Twitter.
Curated by Guise Bule
Mozilla flooded with requests after Apple privacy changes hit Facebook
Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL) due to recent privacy changes brought forth by Apple's iOS 14.5.
Read more at bleepingcomputer.com
Curated by Tony Kelly
Attackers deliver legal threats, IcedID malware via contact forms
Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.
Read more at bleepingcomputer.com and thehackernews.com
Curated by Tony Kelly and Andy74
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Exploit Released For Unpatched RCE Bug Affecting Chrome, Opera, and Brave Browsers.
Read more at thehackernews.com
Curated by Andy74
New DNS vulnerabilities have the potential to impact millions of devices
Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK.
Read more at helpnetsecurity.com
Curated by Andy74
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors.
Read more at securelist.com
Curated by Tony Kelly
FBI nuked web shells from hacked Exchange Servers without telling owners
A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners.
Learn more at bleepingcomputer.com
Curated by Prasanna
100,000 Google Sites Used to Install SolarMarket RAT
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
Learn more at threatpost.com
Curated by Prasanna
Capcom: Ransomware gang used old VPN device to breach the network
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.
Learn more at bleepingcomputer.com
Curated by Andy74
New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely
This new WhatsApp bug could have allowed attackers to hack into your phone remotely.
Learn more at thehackernews.com and welivesecurity.com
Curated by Andy74
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Hackers can now use a JavaScript exploit to trigger Rowhammer attacks remotely on modern DDR4 RAM cards.
Learn more at thehackernews.com
Curated by Andy74
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Hackers Flood the Internet With 100,000 Malicious PDF Documents.
Learn more at thehackernews.com
Curated by Andy74
LinkedIn Data Leak: Hundreds of Thousands of Spam Emails Flood...
Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads.
Learn more at hotforsecurity.bitdefender.com
Curated by Andy74
Security Bug Allows Attackers to Brick Kubernetes Clusters
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Learn more at threatpost.com
Curated by Andy74
1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications.
Learn more at thehackernews.com
Curated by Andy74
Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever
A gang nicknamed Cl0p, FIN11, and TA505 has been hacking and extorting hundreds of companies for years.
Learn more at vice.com
Curated by Tony Kelly
High-Level Organizer of Notorious Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards
A Ukrainian national was sentenced today in the Western District of Washington to 10 years in prison for his high-level role in the criminal work of the hacking group FIN7.
Learn more at justice.gov
Curated by Devesh Chande
Blogs
Clop Ransomware operators plunder US universities
Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California.
Read more at securityaffairs.co
Curated by Tony Kelly
How ransomware gangs are connected, sharing resources and tactics
New research by Analyst1 sheds light on the cooperation between some of the ransomware gangs dominating the cybersecurity news.
Read more at blog.malwarebytes.com
Curated by Tony Kelly
Why some jobseekers have turned to cyber crime during the pandemic
Research shows that many people have been seeking cyber crime-related work on the dark web, but why?
Read more at computerweekly.com
Curated by Tony Kelly
The Power of Being a Misfit: Speaking with Fredrik Alexandersson STÖK
Candid interview with STÖK about expressing creativity through different outlets, power of being a misfit and about what is behind his success as one of the biggest cybersecurity influencers.
Read more at securitytrails.com
Curated by Tony Kelly
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)
CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry.
Learn more at unit42.paloaltonetworks.com
Curated by Andy74
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.
Learn more at shenaniganslabs.io
Curated by Tony Kelly
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard).
Learn more at census-labs.com
Curated by Gurkirat Singh
Learning
Wireshark Tutorial: Identifying Hancitor, Followup Malware
Learn how to examine activity from Hancitor infections with Wireshark and get tips on identifying Hancitor and its followup malware.
Learn more at unit42.paloaltonetworks.com
Curated by Tony Kelly
Free DFIR Related Training
Digital Forensics, Incident Response, OSINT, Malware Analysis, Reverse Engineering, Cybersecurity, Linux, Networking, Programming, Cloud, CTFs.
Learn more at freetraining.dfirdiva.com
Curated by Tony Kelly
List of Vulnerable Apps
Learn more at cloudsecwiki.com
Curated by Tony Kelly
Welcome to the Blue Teaming Free Training
Learn more at blueteamsacademy.com
Curated by Tony Kelly
List of Metasploit Linux Exploits (Detailed Spreadsheet)
List of all 570+ Metasploit Linux exploits in an interactive spreadsheet allowing you to search by affected product, CVEs or do pattern filtering.
Learn more at infosecmatter.com
Curated by Tony Kelly
Reverse Shell Generator
Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.
Learn more at revshells.com
Curated by Tony Kelly