Secjuice Squeeze 66
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mars Groves, Ross Moore, Andy74, Nishith K, Tony Kelly, and Prasanna.
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Even when you pay for a decryption key, your files may still be locked up by another strain of malware.
Read more at wired.com
Here's how we got persistent shell access on a Boeing 747
In-flight entertainment system ran Windows NT4 – and almost defied access attempts.
Read more at theregister.com
The Full Story of the Stunning RSA Hack Can Finally Be Told
In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.
Read more at wired.com
Microsoft: This new open source tool helps you test your defences again hacker attacks
Microsoft has released an open source tool that helps defenders simulate attacks used in real world attacks.
Read more at zdnet.com
Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software
Details have been revealed about security vulnerabilities affecting Nagios IT monitoring software.
Read more at thehackernews.com
Wormable Windows HTTP vulnerability also affects WinRM servers
A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.
Read more at bleepingcomputer.com
The OSI Model and You Part 1: Stopping Threats on the OSI Physical Layer
Check out how to secure the physical layer in OSI model standards. We'll examine the seven different layers in the OSI model.
Read more at https://securityintelligence.com/articles/osi-model-physical-layer/
New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices
Hackers can impersonate legitimate Bluetooth devices with new Bluetooth flaws.
Read more at thehackernews.com
Evolution of JSWorm ransomware
There are times when a single ransomware family has evolved from a mass-scale operation to a highly targeted threat – all in the span of two years. In this post we want to talk about one of those families, named JSWorm.
Read more at securelist.com
TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
We have found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters.
Read more at trendmicro.com
Report: how cybercriminals abuse API keys to steal millions
Our researchers found that criminals are able to abuse API keys and steal crypto from their victims without being granted withdrawal rights.
Read more at cybernews.com
Apple fixes three zero-days, one abused by XCSSET macOS malware
Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections.
Read more at bleepingcomputer.com
Patch me if you can: Microsoft, Samsung, and Google win appeal over patent on remote updating
Iron Oak fails to convince the Feds that Patent Board misinterpreted key phrase in the patent.
Read more at theregister.com
Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
A critical vulnerability has been found in VMware vCenter Server that could let attackers execute arbitrary code on the targeted servers.
Read more at thehackernews.com
Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find
24 out of 26 tools vulnerable – with bonus JavaScript attack for Adobe.
Read more at theregister.com
M1RACLES bug impacts Apple M1 chips, but no need to panic
A security researcher has discovered the first-ever vulnerability in Apple M1 chips that cannot be fixed without a silicon redesign.
Read more at therecord.media
CERT/CC Vulnerability Note VU#667933
Pulse Connect Secure Samba buffer overflow.
Read more at kb.cert.org
Code Execution Flaw in Checkbox Survey Exploited in the Wild
A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild.
Read more at securityweek.com
BazaLoader Masquerades as Movie-Streaming Service
The website for “BravoMovies” features fake movie posters and a FAQ with a rigged Excel spreadsheet for “cancelling” the service, but all it downloads is malware.
Read more at threatpost.com
Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks
Researchers Uncover Bugs in VSCode Extensions That Could Lead to Supply Chain Attacks.
Read more at thehackernews.com
Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
Trojanized AnyDesk installers were distributed through Google advertisements.
Read more at thehackernews.com
SolarWinds hackers are back with a new mass campaign, Microsoft says
Kremlin-backed group uses hacked account to impersonate US aid agency.
Read more at arstechnica.com
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
We provide an update on our investigation into compromised Pulse Secure devices by suspected Chinese espionage operators.
Read more at fireeye.com
The FBI will feed hacked passwords directly into Have I Been Pwned
Australian security researcher Troy Hunt announced today that he granted the US Federal Bureau of Investigation a direct line to upload new content into Have I Been Pwned, a website that indexes data from security breaches.
Read more at therecord.media
Fuzzing iOS code on macOS at native speed
Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS.
Read more at googleprojectzero.blogspot.com
The Full Story of the Stunning RSA Hack Can Finally Be Told
In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.
Read more at wired.com
If you follow me, I’ll OSINT you
I tend to have a look at the profiles following me on Twitter or trying to connect on LinkedIn. On LinkedIn I’ve become a little picky on whom to connect with and they have to match my career interests. On Twitter I just look for reds flags in general. If your profile promotes racism and hate speech, deliberately spreads disinformation or supports Borussia Dortmund, I will block you (just kidding on the last one). Of course, I can’t do a deep dive into each and every follower on Twitter. But today I would like to show you what kind of red flags I look for and how these can lead to further investigations.
Read more at keyfindings.blog
Beware: Walmart phishing attack says your package was not delivered
A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks.
Read more at bleepingcomputer.com
How Ransomware Adversaries Reacted to the DarkSide Attack
Learn how the notorious ransomware operators have responded to the DarkSide pipeline attack and the effect it's had on the ransomware-as-a-service landscape.
Read more at crowdstrike.com
PoC published for new Microsoft PatchGuard (KPP) bypass
A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel.
Read more at therecord.media
A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely
Siemens PLCs have a memory protection bypass bug that gives attackers the ability to run malicious code.
Read more at thehackernews.com
Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia
Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time.
Read more at threatpost.com
EPUB vulnerabilities: Electronic reading systems riddled with browser-like flaws
Read on for page-turning pwnage.
Read more at portswigger.net
XSS Vulnerability In ReDi Restaurant Reservation WordPress Plugin
Exploiting the XSS vulnerability in the ReDi Restaurant Reservation plugin could let an attacker steal customers' data making reservations.
Read more at latesthackingnews.com
Asian cybercrime takedown leads to intercept of $83 million in financial theft
Police intercepted funds that were on their way to the accounts of financial fraudsters.
Read more at zdnet.com
DOJ Seizes 2 Domains Linked to USAID Phishing Campaign
The Department of Justice announced Tuesday that it has seized two domains that were used during a recent phishing campaign that targeted a marketing firm.
Read more at databreachtoday.com
Mass. Steamship Authority Hit by Ransomware Attack; Ferries Delayed
A ransomware attack on the Steamship Authority of Massachusetts hampered operations Wednesday morning. The largest ferry service to the islands of Martha’s Vineyard and Nantucket, the Steamship Authority issued a statement warning that traveling customers may be delayed as a result.
Read more at necn.com
Backdoor malware found on the Myanmar president's website, again
A cyber-espionage hacking group is believed to have hacked the website of the Myanmar president's office and planted a backdoor trojan inside a localized Myanmar font package available for download on the site's front page.
Read more at therecord.media
Amazon Rolls Out Massive Data-Sharing Program—Users Have One Week to Opt Out
Amazon smart home system users have until June 8 to opt out.
Read more at observer.com
Protect your children and homes from cybersecurity threats this Internet Safety Month
In June, businesses and companies across the U.S. recognize and address the possible dangers of internet use during Internet Safety Month.
Read more at cleburnetimesreview.com
Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.
Read more at blog.talosintelligence.com
Vulnerability Spotlight: Use-after-free vulnerability in WebKit
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.
Read more at blog.talosintelligence.com
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.
Read more at blog.talosintelligence.com
Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.
Read more at reuters.com
Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
Read more at thehackernews.com
