Secjuice Squeeze 64
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Gurkirat Singh, Prasanna, Tony Kelly, Andy74, Nishith K, Ross Moore, Mars Groves.
In this edition, we have news articles, blog posts, and learning.
News
Russian state hackers switch targets after US joint advisories
Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.
Read more at bleepingcomputer.com
Criminal group originating from Russia believed to be behind pipeline cyberattack
A criminal group originating from Russia named "DarkSide" is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official.
Read more at cnn.com
AirTag hacked for the first time by security researcher [Video]
A German security researcher was able to hack the AirTag, modifying its NFC URL for Lost Mode. Here's the video of the modified item tracker.
Learn more at 9to5mac.com
Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability
Flawed password reset system opened the door to full account takeover.
Read more at portswigger.net
Google Patches 19 Vulnerabilities With Chrome 90 Update
Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.
Read more at securityweek.com
GitHub shifts away from passwords with security key support for SSH Git operations
Support has been added to bolster defense against account compromise.
Read more at zdnet.com
Experts warn of a new Android banking trojan stealing users' credentials
Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Read more at thehackernews.com
SQL Injection Vulnerability In CleanTalk AntiSpam WordPress Plugin
Exploiting the time-based blind SQL injection vulnerability in CleanTalk AntiSpam plugin could allow stealing data from website's database.
Read more at latesthackingnews.com
Finance Giant Plaid Paid People $500 for Their Employer Payroll Logins
The offer was part of an internal test at Plaid. If people’s employers didn't provide permission, Plaid may run afoul of U.S. hacking laws.
Read more at vice.com
Fake Android and iOS apps disguise as trading and cryptocurrency apps
Recently, we were tipped off to a fraudulent mobile trading application that masqueraded as one tied to a well-known Asia-based trading company. As we investigated, we uncovered several other count…
Read more at news.sophos.com
SAP Patches High-Severity Flaws in Business One, NetWeaver Products
SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.
Read more at securityweek.com
Latest Microsoft Windows Updates Patch Dozens of Security Flaws
Microsoft has released several updates to its Windows operating system that fix dozens of security flaws.
Read more at thehackernews.com
AWS configuration issues lead to exposure of 5 million records
Misconfigurations led to potential exposure of 5 million documents with PII and credit card transactions on more than 3,000 documents.
Read more at scmagazine.com
Insurance giant CNA fully restores systems after ransomware attack
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations.
Read more at bleepingcomputer.com
Apple's Find My network can be abused to leak secrets to the outside world via passing devices
You gotta work hard for those three-bytes-a-second transfers.
Read more at theregister.com
Microsoft: Threat actors target aviation orgs with new malware
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.
Read more at bleepingcomputer.com
Microsoft fixes four critical vulnerabilities, none exploited in the wild
Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.
Read more at scmagazine.com
Hackers Using Microsoft Build Engine to Deliver Malware Filelessly
Hackers Using Microsoft Build Engine to Deliver Malware Filelessly | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.
Read more at thehackernews.com
Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons
Cybercriminals are distributing malicious web shells disguised as favicons in online shopping platforms.
Read more at thehackernews.com
FBI, CISA publish alert on DarkSide ransomware
The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.
Read more at zdnet.com
Irish Healthcare Service Shuts Down IT Systems After Ransomware Attack
Hospitals canceled appointments and turned to paper and pen after the attack, which used Conti ransomware, shut down IT systems.
Read more at wsj.com
Trailer maker Utility targeted in ransomware attack
An apparent ransomware attack has targeted Utility Trailer Manufacturing, one of the largest U.S. manufacturers of trailers for commercial trucks.
Read more at freightwaves.com
Ransomware attack targets City of Tulsa, causing technical difficulties
The Communications Director for the City of Tulsa says the city is experiencing technical difficulties due to a ransomware attack.
Read more at fox23.com
Blogs
Rclone Wars: Transferring leverage in a ransomware attack
Defenders can sabotage double extortion ransomware schemes by detecting unusual file transfer utilities such as Mega and Rclone.
Read more at redcanary.com
Foxit Patches Vulnerability Allowing Attackers to Execute Malware Via PDF Files
The Foxit Reader high-severity vulnerability allowed threat actors to execute arbitrary code via precise memory control.
Read more at heimdalsecurity.com
The Need to Protect Public AWS SSM Documents - What the Research Shows
AWS Systems Manager automates operational tasks across AWS resources by creating SSM documents. The SSM documents, created in JSON or YAML, contain the operations that an AWS Systems Manager will perform on the cloud assets. By default, SSM documents are private, but can be configured to be shared with other AWS accounts or publicly.
Read more at research.checkpoint.com
CVE-2021-27075: Microsoft Azure Vulnerability
Vulnerability in Microsoft Azure VM Extension would allow privilege escalation and leak of private data.
Read more at intezer.com
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users.
Read more at mcafee.com
WiFi devices going back to 1997 vulnerable to new Frag Attacks
A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.
Read more at therecord.media
10 years of '10 Steps to Cyber Security'
The NCSC's landmark cyber security guidance refreshed ahead of its 10th anniversary.
Read more at ncsc.gov.uk
Simple Data Exfiltration Through XSS
TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.
Read more at trustedsec.com
CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
Update your Dell devices now! SentinelLabs discover five high severity flaws in Dell firmware update driver impacting desktops, laptops, notebooks and more.
Read more at labs.sentinelone.com
FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator
FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc.
Read more at fortinet.com
Learning
LTR101: Writing or Receiving Your First Pentest Report
ZeroSec Blog: Featuring Write-Ups, Projects & Andy Gill's Security Adventures.
Learn more at blog.zsec.uk