Secjuice Squeeze 67
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mars Groves, Ross Moore, Andy74, Nishith K, Tony Kelly, Gurkirat Singh and Prasanna.
Military infosec SNAFUs: What WhatsApp and bears in the woods can teach us
One can’t spell shit without IT, but for Pete's sake it doesn't need to be in your endpoints.
Read more at theregister.com
Malware family naming hell is our own fault
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
Read more at gdatasoftware.com
WordPress force installs Jetpack security update on 5 million sites
Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in.
Read more at bleepingcomputer.com
Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software
Users urged to migrate to alternative application, with open source project long since abandoned.
Read more at portswigger.net
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
GitHub updates its policy to remove malware and exploit code used in active attacks.
Read more at thehackernews.com
New Kubernetes malware backdoors clusters via Windows containers
New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.
Read more at bleepingcomputer.com
US recovers most of Colonial Pipeline's $4.4M ransomware payment
The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.
Read more at bleepingcomputer.com
FBI and Australian police ran an encrypted chat platform to catch criminal gangs | The Record by Recorded Future
The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years.
Read more at therecord.media
Inside The ‘World’s Largest’ Video Game Cheating Empire
The cheat-making group known as "Chicken Drumstick" made more than $70 million selling cheats for PUBG Mobile. This is the story of its rise and fall.
Read more at vice.com
OSINT: how to find anything on the internet
"The best place to hide a dead body is page two of Google." You’ve probably seen this meme floating around the internet a while ago. An ironic nod to a rather surprising fact: 90 percent of the clicks on search engines are concentrated on the first page of results.
Read more at substack.com
RockYou2021: largest password compilation of all time leaked online – 8.4 billion entries | Black Hat Ethical Hacking
What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.
Read more at blackhatethicalhacking.com
Modify HTTP request headers with Transform Rules
HTTP request headers can now be modified with Cloudflare Transform Rules.
Read more at cloudflare.com
Four Security Vulnerabilities were Found in Microsoft Office - Check Point Software
Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft
Read more at checkpoint.com
STEM & Twitter: Verified Bias
Over the past few years, people have gotten louder and louder about Twitter's apparent bias in who they verify.
Read more at dev.to
BloodHound versus Ransomware: A Defender’s Guide
You don’t need me to tell you how dangerous and destructive ransomware is. It seems like every week there is a new headline, with the same story: an organization was hit by ransomware, disrupting their operations, and causing plenty of monetary and personal loss through downtime, damage to the company brand, and individuals losing their jobs.
Read more at specterops.io
Gootkit: the cautious Trojan
Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms.
Read more at securelist.com
Picture this: Hiding Malware in Images
A previously unreported method of hosting malware abuses the popular gaming platform Steam to hide malware in an unusual place: Profile pictures.
Read more at gdatasoftware.com
Fujifilm refuses to pay ransomware demand, relies on backups
Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan and is using backups to restore operations.
Read more at verdict.co.uk
Google Patches Critical Android RCE Bug
Google's June security bulletin addresses 90+ bugs in Android and Pixel devices.
Read more at threatpost.com
Dual vulnerability combo in popular CMS Joomla could lead to full system compromise
Security researchers have revealed the details of two vulnerabilities in Joomla – the popular content management system – which, if chained together, they said could be used to achieve full system compromise.
Read more at portswigger.net
Microsoft patches six Windows zero-days, including a commercial exploit | The Record by Recorded Future
Microsoft has released today its monthly batch of security updates, known in the industry as Patch Tuesday.
Read more at therecord.media
Intel fixes 73 vulnerabilities in June 2021 Platform Update
Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors.
Read more at bleepingcomputer.com
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
Read more at thehackernews.com
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances
Microsoft warns of a large-scale cryptocurrency mining malware campaign that targets Kubernetes clusters through Kubeflow machine learning instances.
Read more at thehackernews.com
Hackers Steal Wealth of Data from Game Giant EA
Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned.
Read more at vice.com
Malware disguised as Minecraft mods on Google Play, continued
We found more malicious apps in Google Play disguised as Minecraft mods, social media ad-management apps, and a file recovery utility.
Read more at kaspersky.co.uk
Microsoft Office MSGraph vulnerability could lead to code execution
Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.
Read more at bleepingcomputer.com
WSJ News Exclusive | McDonald’s Hit by Data Breach
The hack exposed some U.S. business information and customer data in South Korea and Taiwan, the company said.
Read more at wsj.com
Hackers can exploit bugs in Samsung pre-installed apps to spy on users
Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.
Read more at bleepingcomputer.com
Google fixes actively exploited Chrome zero‑day | WeLiveSecurity
Google has updated its Chrome web browser to fix several security flaws, including a zero-day that is known to be actively exploited by threat actors.
Read more at welivesecurity.com
Linux system service bug lets you get root on most modern distros
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.
Read more at bleepingcomputer.com
Microsoft Announce Powerful New Threat Detection Solution in Azure - Latest Hacking News
Microsoft has announced new ‘seamless’ integration between their two services: Azure Firewall and Azure Sentinel.
Read more at latesthackingnews.com
Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass
In my first personal blog post in 2018 I wrote about Active Directory forest trusts and how they work under the hood. Part two of the series was since then promised but never delivered. I researched this topic again in 2019 and ended up finding a logic flaw which allowed the bypassing of the SID filtering mechanism and compromise hosts in a trusted forest. This flaw was patched in February 2020 and given CVE-2020-0665. Because of a global pandemic that cancelled most in-person conferences in 2020 I didn’t really get around to talk about this much even though it is one of my favorite finds to date. Under the motto “better late than never”, here is part 2 of the forest trust series, with the knowledge I’ve learned since then. Part of this content is also available as video on my YouTube channel.
Read more at dikjanm.io
Abusing Firefox in Enterprise Environments
In this blogpost, we will describe a technique that abuses legacy Firefox functionality to achieve command execution in enterprise environments.
Read more at mdsec.co.uk
U.S. Army Hacked By 40 Military And Civilian Hackers In Six Weeks
During six weeks at the start of 2021, the U.S. Army was hacked by a crack team of 40 top-tier operatives.
Read more at forbes.com
EA: Gaming giant hacked and source code stolen
Game data and source code were both stolen by hackers, but no player data, EA said in a statement.
Read more at bbc.com
The Debate Over Hacking Ransomware Hackers
The recovery of ransom paid by the Colonial Pipeline operator allays some worries about cryptocurrency — but worries others.
Read more at nytimes.com
McDonald's hit by data breach
McDonald's is the latest high-profile company to be affected by a data breach, leading to the exposure of private information of customers and employees in South Korea and Taiwan.
Read more at cnn.com
Hackers breach gaming giant Electronic Arts, steal game source code
Gaming giant Electronic Arts (EA) has been hacked and threat actors claim to have stolen roughly 750 GB of data, including game source code and debug tools.
Read more at bleepingcomputer.com
This weeks images were provided by Nina Z's digital art collection.