Secjuice Squeeze 62
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Andy74, Tony Kelly, Ross Moore, Gurkirat Singh, Mars Groves, and Sinwindie.
In this edition, we have news articles, blog posts, and learning.
News
Discord Nitro gift codes now demanded as ransomware payments
In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files.
Read more at bleepingcomputer.com
WhatsApp Pink is malware spreading through group chats
If installed; the fake and malicious WhatsApp pink app takes full control of a targeted device.
Read more at hackread.com
120 Compromised Ad Servers Target Millions of Internet Users
More than 120 compromised ad servers are running a malvertising campaign that targets millions of users.
Read more at thehackernews.com
Vulnerability In Juniper Networks Junos OS Could Allow RCE Attacks
Juniper Networks has patched the vulnerability with the latest releases of Junos OS. Exploiting the bug could lead to DoS and RCE attacks.
Read more at latesthackingnews.com
Mozilla Plans To Remove FTP Implementation With Firefox 90
Mozilla will first disable FTP with Firefox 88, and will ultimately remove the buit-in FTP implementation with Firefox 90.
Read more at latesthackingnews.com
Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store
Researchers have discovered a new set of fraudulent Android apps in the Google Play store that hijack SMS notifications for billing scams.
Read more at thehackernews.com
Signal CEO gives mobile-hacking firm a taste of being hacked
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.
Read more at bleepingcomputer.com
Cybercriminals Using Telegram Messenger to Control ToxicEye Malware
Telegram Messenger being used by cybercriminals to control ToxicEye Malware.
Read more at thehackernews.com
Oracle Delivers 390 Security Fixes With April 2021 CPU
More than 200 of the vulnerabilities patched by Oracle could be exploited remotely without authentication.
Read more at securityweek.com
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
Read more at bleepingcomputer.com
WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts
WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent.
Read more at bleepingcomputer.com
A Casino Gets Hacked Through a Fish-Tank Thermometer
Are your fish tanks secure?
Read more at entrepreneur.com
Hackers exploit Pulse Secure VPN flaws in sophisticated global campaign
Chinese-backed groups have been spying on US and European organisations including those in the defence industry.
Read more at itpro.co.uk
The Incredible Rise of North Korea’s Hacking Army
The country’s cyber forces have raked in billions of dollars for the regime by pulling off schemes ranging from A.T.M. heists to cryptocurrency thefts. Can they be stopped?
Read more at newyorker.com
Mount Locker Ransomware Aggressively Changes Up Tactics
The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker."
Read more at threatpost.com
Attackers can hide 'external sender' email warnings with HTML and CSS
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code.
Read more at bleepingcomputer.com
Linux bans University of Minnesota for committing malicious code
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project.
Read more at bleepingcomputer.com
University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired
'Our community does not appreciate being experimented on' says Kroah-Hartman.
Read more at theregister.com
MI5 warns of spies using LinkedIn to steal secrets
The security agency says thousands of UK workers have been approached by spies using fake profiles.
Read more at bbc.co.uk
Blogs
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
Ryuk ransomware infections have been observed since late 2018. Ryuk actors are constantly evolving the TTPs used in Ryuk attributed campaigns. Some of the most notable targets of these campaigns have been hospitals, government entities, and large corporations. The Ryuk adversary group is widely considered to be one of the most successful and impactful targeting corporations and governments worldwide.
Read more at advanced-intel.com
Finding Buried Treasure in Server Message Block (SMB)
Service Message Block (SMB) shares can represent a significant risk to an organization. Companies often lack a realistic understanding of the exposure that SMB shares represent. Effective management typically requires a sound information management program focused on identifying where critical information resides, actively controlling access to that information, and routinely auditing permissions and access patterns.
Read more at blackhillsinfosec.com
Exploit Kit still sharpens a sword
It’s 2021 now. Moreover, the quarter has already passed. I thought Drive-by Download attack was dead four years ago. Angler Exploit Kit has disappeared, pseudo-Darkleech and EITest campaign have disappeared, and RIG Exploit Kit has also declined. At that time, Drive-by Download attack was definitely supposed to die. However, even if in 2021, it will not disappear fire still slightly.
Read more at nao-sec.org
What is OSINT in 2021?
OSINT is set to become a game-changer in the intelligence and data gathering space in the next decade.
Read more at blog.sociallinks.io
Training apps. Have their privacy settings improved in 5 years? | Pen Test Partners
TL;DR Run and bike tracking apps still have a pretty poor approach to password security & default privacy settings From being one of the more secure apps 5 years ago.
Read more at pentestpartners.com
Offensive Security Guide to SSH Tunnels and Proxies
This post aims to be a one-stop shop for all the things that an offensive security practitioner might want to know about using Secure Shell (SSH) tunnels and SOCKS proxies. The information provided here is not new, but it does aim to be a reference document that can be used during operations.
Read more at posts.specterops.io
Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
The multi-stage cryptocurrency botnet has been observed exploiting the Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate networks.
Read more at cybereason.com
Learning
JSCU-NL/logging-essentials
A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention.
Learn more at github.com
Leaky John Deere API’s: Serious Food Supply Chain Vulnerabilities
Discovering who owns John Deere tractors, harvesters, and implements. What farm they are at. How old they are. And how long they are “subscribed” for.
Learn more at sick.codes