INFOSEC

Secjuice Squeeze 68

Welcome to the Secjuice Squeeze, a weekly, curated selection of interesting security articles and infosec news that you may have missed.

Tony Kelly, Andy74, Prasanna

Jun 20, 2021 • 4 min read

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Prasanna, Ross Moore, and Mars Groves.

What We Owe To Ransomware Gangs

The ransomware "epidemic" we’re experiencing is really just a slow moving, decentralized, cross-sector red teaming exercise that we have outsourced to the mob.

Coast Guard to Stand Up First Cybersecurity ‘Red Team’

The service branch is also transforming its main defensive IT security team.

Android screen lock protection thwarted by Facebook Messenger Rooms exploit

Researcher earns $3,000 bug bounty after compromising Facebook accounts on screen-locked devices.

SIP protocol abused to trigger XSS attacks via VoIP call monitoring software

SIP devices could become unwitting access points for remote attacks on critical systems.

Mark it in your diaries: 14 October 2025 is the end of Windows 10

Wasn't it to be the 'last version of Windows'? Maybe not...

AlienVault - Open Threat Exchange

Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's latest threats.

"Business email compromise: Using cross-domain threat data to disrupt a large BEC campaign" Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise (BEC) infrastructure hosted in multiple web services.

Learn more at otx.alienvault.com

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services.

Source code for Paradise ransomware leaked on hacking forums

The source code of the Paradise ransomware has been leaked on hacking forums over the weekend, Tom Malka, a threat intelligence analyst for security firm Security Joes, has told The Record today.

Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Experts‌ ‌Provide Insights Into The Distinctive Tactics Used By‌ ‌Hades‌ ‌Ransomware.

Instagram Bug Allowed Anyone to View Private Accounts Without Following Them

Instagram patched a new flaw that allowed anyone to see content posted by private accounts without following them.

Emotet Has Taken Down – Should I Still Be Worried?

As of Jan 27, 2021, the Emotet botnet – attacker’s all-purpose weapon has been taken…

Twitter’s Latest Feature “Tip Jar” Draws Privacy Concerns

Twitter introduced a new feature called “Tip Jar” with an intent to support the voices of creators, journalists, nonprofits, etc. However, privacy experts fear the compromise of the tipper’s PII.

CloudLinux releases UChecker security tool for Linux servers

CloudLinux, best known for its CentOS work, is releasing UChecker, its Linux server security scanner.

We've found another reason not to use Microsoft's Paint 3D – researchers

Scream if you wanna go raster: Vulnerability uncovered in unloved software.

Inside the Market for Cookies That Lets Hackers Pretend to Be You

A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market.

Alibaba data breach exposes 1.1 billion pieces of data

Usernames and mobile numbers were included in the breach which affected Taobao, Alibaba’s shopping website.

Matanbuchus: Malware-as-a-Service with Demonic Intentions

Matanbuchus Loader is a new malware-as-a-service created by a threat actor who references demonic themes in software and usernames.

Read more at unit42.paloaltonetworks.com

Malware infected Minecraft modpacks hit Google Play Store

Minecraft is a top-rated game with followers spread worldwide. However, if you are a Minecraft player, you must exercise caution and do some research before installing the game’s add-ons, apps, plug-ins and mods, warns the cybersecurity giant Kaspersky.

Hackers could access photos, videos without unlocking your phone

The vulnerability existed in the Facebook Messenger Rooms video chat feature and exposed Android smartphone users to intrusion.

CISA suggests using ad blockers to fend off 'malvertising' - Securing your browser

At the beginning of 2021 CISA made an important statement [PDF] which many internet users consider so long-awaited: federal and public agencies, along with their expansion in the World Web should as well implement and standardize the usage of ad-blocking software.

https://www.hackread.com/cisa-suggests-using-ad-blockers-against-malvertising/

How to Negotiate with Ransomware Hackers

Kurtis Minder finds the cat-and-mouse energy of outsmarting criminal syndicates deeply satisfying.

How Does One Get Hired by a Top Cybercrime Gang?

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those.

The Hacker Mind Podcast: Hacking APIs

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. So how hard is it to hack APIs? Not very hard. In this episode, Jason Kent from Cequence Security talks about his experience hacking a garage door opener API.

Supreme Court narrows scope of sweeping cybercrime law

The justices agreed with a broad range of critics that prosecutors had been misusing the 35-year-old law.

Crashing your LinkedIn app with a connection request.

This write-up is about an accidental bug that I found on LinkedIn.