Secjuice Squeeze 70
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Nishith K, Prasanna, Ross Moore, and Mars Groves.
The relatives frozen in time on Google Street View
People are sharing ways in which the mapping tool has accidentally connected them with dead relatives.
Read more at bbc.com
Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site
Hackers could have stolen your secrets for any site through a Microsoft Edge bug.
Read more at thehackernews.com
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware
Hackers tricked Microsoft into digitally signing a malicious "Netfilter" driver linked to a Windows rootkit malware.
Read more at thehackernews.com and hackread.com
DMARC: The First Line of Defense Against Ransomware
DMARC is also known as the first line of defense against Ransomware.
Read more at thehackernews.com
New malware in pirated games disables Windows Updates, Defender
Crackonosh malware has been around since at least June 2018 and has infected more than 222,000 systems around the world.
Read more at hackread.com
Official Python repositories plagued with cryptomining malware
Researchers at security firm Sonatype have uncovered six malicious typosquatting packages in the official Python programming language’s PyPI repository, laced with cryptomining malware.
Read more at hackread.com
NFC smartphones enabled researchers to hack point of sale systems and ATMs
Smartphones with NFC enabled allowed researchers to hack point of sale systems and ATMs, gaining custom code execution on some of them.
Read more at xda-developers.com
Windows 11 will let you run Android apps directly on the desktop
With Microsoft's announcement of Windows 11 today, they also revealed that users would soon be able to run Android apps directly on the desktop. (145 kB)
Read more at bleepingcomputer.com
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again – with big security ramifications. (567 kB)
Read more at threatpost.com, latesthackingnews.com, and https://9to5mac.com/2021/06/29/linkedin-breach/
REvil ransomware's new Linux encryptor targets ESXi virtual machines
The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. (145 kB)
Read more at bleepingcomputer.com
Experts developed a free decryptor for the Lorenz ransomware
Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.
Read more at securityaffairs.co and latesthackingnews.com
Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
Virtual machines on Google Compute Engine are affected by an unpatched bug.
Read more at thehackernews.com
New API Lets App Developers Authenticate Users via SIM Cards
How to Go Passwordless: New API Lets You Use the SIM Card for Mobile Identity Verification.
Read more at thehackernews.com
Google now requires app developers to verify their address and use 2FA
Google now requires that app developers verify their addresses and enable two-factor authentication.
Read more at thehackernews.com
Deep Dive into AWS Penetration Testing
Getting Started into AWS Penetration Testing: Part 1.
Read more at infosecwriteups.com
SolarWinds hackers remained hidden in Denmark’s central bank for months
Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The security breach is the result of the SolarWinds supply chain attack.
Read more at securityaffairs.co
Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability
Researcher Accidentally Leaks PoC Exploit For Critical Windows RCE Vulnerability.
Read more at thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html
Multiple vulnerabilities in WordPress plugin pose website remote code execution risk
Quartet of critical web security flaws plague CMS software.
Read more at portswigger.net
Universal XSS Vulnerability In Microsoft Edge Allowed Targeting Any Site
The universal XSS flaw affected the automatic translation feature of Microsoft Edge browser. Microsoft patched it with Edge v.91.0.864.59.
Read more at latesthackingnews.com
Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller
Kill this service immediately.
Read more at theregister.com
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia
Colombian authorities have arrested a Romanian hacker who is wanted in the U.S. for distributing Gozi virus that infected more than million computers.
Read more at thehackernews.com
Major Linux RPM problem uncovered
Red Hat has used RPM for software package distribution for decades, but we now know RPM contained a nasty hidden security bug since Day One. It's now been unveiled and a repair patch has been submitted.
Read more at zdnet.com
Microsoft adds second CVE for PrintNightmare remote code execution
While PrintNightmare has been known as CVE-2021-1675 this week, Microsoft has now thrown CVE-2021-34527 into the mix.
Read more at zdnet.com
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.
Read more at darkreading.com
PoC Exploit Circulating for Critical Windows Print Spooler Bug
The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code execution attacks.
Read more at threatpost.com
The Most Prolific Ransomware Families: A Defenders Guide
In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.
Read more at domaintools.com
Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked
LineStar Integrity Services was hacked around the same time as Colonial Pipeline, but radical transparency activists have brought the attack to light.
Read more at wired.com
The possible reasons Google is moving away from APKs on Android
Google has announced it is moving away from the APK format for Android apps. Jack Wallen offers his opinion on why this could be happening.
Read more at techrepublic.com
OSWE Exam Review and Tips (ft. No Developer Background Candidate)
Read more at infosecwriteups.com
Exploiting Insecure Deserialization Vulnerabilities Found in the Wild
Deserialization is the process of converting a byte stream back into an object so that it can be used by the web application the way it was intended. The importance of serialization and deserialization of data is it ensure that the object remain a replica of the original object before it was serialized. Insecure deserialization comes when unsanitized user-controlled data is passes to a unserialize call, it can cause an attacker to leverage the vulnerability which in turn leads to code execution or arbitrary file read on any system.
Read more at macrosec.tech
HTTP Parameter Pollution (HPP)
HPP is a type of injection attack that occurs when a target system accepts multiple parameters with the same name and handles them in a manner that might be insecure or unexpected. This type of vulnerability can be found on both the server-side and client-side. HPP tests the applications response to receiving multiple HTTP parameters with the same name; for example, if the parameter username is included in the GET or POST parameters twice.When multiple parameters with the same name are sent to a server, different languages and frameworks handle these parameters in a different way.
Read more at macrosec.tech
synackodes/TryHackMe
Write-ups of various rooms I have completed on the TryHackMe platform - synackodes/TryHackMe
Learn more at github.com
Diavol - A New Ransomware Used By Wizard Spider?
FortiGuard Labs identified a new ransomware family, Diavol. Learn about the inner workings of Diavol and its possible attribution to the criminal group known as Wizard Spider.
Rear more at fortinet.com
Babuk ransomware is back, uses new version on corporate networks
After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks.
Read more at bleepingcomputer.com
REvil ransomware executes supply chain attack via malicious Kaseya update
The REvil ransomware gang appears to have gained access to the infrastructure of Kaseya, a provider of remote management solutions, and is using a malicious update for the VSA software to deploy ransomware to companies across the world.
Read more at therecord.media
Parameter Tampering Vulnerability Using 3 Different Approaches
Read more at cobalt.io