Secjuice Squeeze 72
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Andy74, Prasanna, and Mars Groves.
Zloader With a New Infection Technique
This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means
Read more at mcafee.com
Active Directory Fundamentals (Part 1)- Basic Concepts
Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks.
Read more at rootdse.org
PowerShell Empire for Pentester: Mimikatz
This article will showcase various attacks and tasks that can be performed on a compromised Windows Machine which is a part of a Domain Controller.
Read more at hackingarticles.in
Understanding and stopping 5 popular cybersecurity exploitation techniques
Effectively cybersecurity exploitation techniques requires deep system knowledge and constant monitoring of all applications.
Read more at helpnetsecurity.com
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack
Kaneya releases patch to address flaws exploited by a wide-spread ransomware attack.
Read more at thehackernews.com and securityweek.com
Flaw in preprocessor language Less.js causes website to leak AWS secret keys
Issues in plugin feature can leave users at risk.
Read more at portswigger.net
Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems
Mitsubishi Electric patches critical and high-severity vulnerabilities affecting many of its air conditioning systems.
Read more at securityweek.com
Malware hits Hive OS cryptomining users; steals funds from wallets
Read more at hackread.com
Hackers disabling Macro security warnings in new malspam campaign
Read more at hackread.com
Level Up InfoSec - Free Resources
I personally believe that learning should cost as little as possible and over the years I have curated a lot free resources and content available on the internet. I created this page on my website to organize and share that collection.
Read more at levelupinfosec.com
What I have learned from doing a year of Cloud Forensics in Azure AD
Today I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where logs are stored and what kind of information it contains.
During this blog post, I will share some of my experience. This includes the challenges that I’ve faced, but also the things I have learned. Last, but not least. I will share my methodology on doing Cloud forensics in Azure AD.
Read more at m365internals.com
Malicious Android App Posed As QR Scanner To Launch Joker Malware
Researchers uncovered a new wave of Android malware campaign " Joker" which posed as a QR scanner to target Android users.
Read more at gbhackers.com
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
CISA warns of critical vulnerability in ForgeRock OpenAM RCE exploited in the wild.
Read more at https://thehackernews.com/2021/07/critical-rce-flaw-in-forgerock-access.html
Trickbot Malware Returns with a new VNC Module to Spy on its Victims
Trickbot malware has returned with a new VNC module to spy on its victims.
Read more at thehackernews.com
WordPress File Management Plugin Riddled with Critical Bugs
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.
Read more at threatpost.com
Adobe updates fix 28 vulnerabilities in 6 programs
Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.
Read more at bleepingcomputer.com
DLL Side-Loading Technique Used in the Recent Kaseya Ransomware Attack
FortiGuard Labs examines the ransomware used in the recent Kaseya attack and seeing what happens when a machine is infected by this ransomware by looking at some of the visible Indicators of Compromise.
Read more at fortinet.com
Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.
Read more at bleepingcomputer.com
Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days
Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws.
Read more at thehackernews.com
Cybercriminals using Marvel's Black Widow movie to spread malware
Read more at hackread.com
Microsoft fixes Windows Hello authentication bypass vulnerability
Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.
Read more at bleepingcomputer.com
VMware Patches Vulnerabilities in ESXi, ThinApp
The issues could be abused to bypass authentication, cause a denial of service condition, or elevate privileges to administrator.
Read more at securityweek.com
Hackers Move to Extort Gaming Giant EA
After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.
Read more at vice.com
HelloKitty ransomware now targets VMware ESXi servers
HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms.
Read more at securityaffairs.co
Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.
Read more at blog.talosintelligence.com
Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability
Microsoft warns of unpatched vulnerability (CVE-2021-34481) in Windows Print Spooler service.
Read more at thehackernews.com
Critical Vulnerabilities Spotted In WordPress Plugin Frontend File Manager
As much as six different vulnerabilities existed in the Frontend File Manager plugin having over 2000 active installations. Patches released.
Read more at latesthackingnews.com
Remote code execution in cdnjs of Cloudflare
Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published with the permission of the Cloudflare security team. So this article is not intended to recommend you to perform an unauthorized vulnerability assessment. If you found any vulnerabilities in Cloudflare’s product, please report it to Cloudflare’s vulnerability disclosure program.
Read more at blog.ryotak.me
US offers up to $10 million reward for information on cyberattacks against critical infrastructure by foreign states
The US government is offering up to $10 million for information that can identify or locate malicious cyber actors working on behalf of a foreign government to target critical US infrastructure, the US State Department announced Thursday.
Read more at cnn.com
Cybersecurity bills gain new urgency after rash of attacks
Bipartisan bills aimed at strengthening U.S. cybersecurity after a string of major attacks are making headway in both the House and Senate.
Read more at thehill.com
FBI Issues Warning to Crypto Stakeholders About Potential Cyber Attacks
The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are increasingly targeting crypto exchanges, third-party payment platforms as well as private owners of digital assets.
Read more at dailyhodl.com