Secjuice Squeeze 72

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.

Secjuice Squeeze 72

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Andy74, Prasanna, and Mars Groves.

Zloader With a New Infection Technique

This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means

Read more at mcafee.com

Active Directory Fundamentals (Part 1)- Basic Concepts

Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks.

Read more at rootdse.org

PowerShell Empire for Pentester: Mimikatz

This article will showcase various attacks and tasks that can be performed on a compromised Windows Machine which is a part of a Domain Controller.

Read more at hackingarticles.in

Effectively cybersecurity exploitation techniques requires deep system knowledge and constant monitoring of all applications.

Read more at helpnetsecurity.com

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Kaneya releases patch to address flaws exploited by a wide-spread ransomware attack.

Read more at thehackernews.com and securityweek.com

Flaw in preprocessor language Less.js causes website to leak AWS secret keys

Issues in plugin feature can leave users at risk.

Read more at portswigger.net

Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems

Mitsubishi Electric patches critical and high-severity vulnerabilities affecting many of its air conditioning systems.

Read more at securityweek.com

Malware hits Hive OS cryptomining users; steals funds from wallets

Read more at hackread.com

Hackers disabling Macro security warnings in new malspam campaign

Read more at hackread.com

Level Up InfoSec - Free Resources

I personally believe that learning should cost as little as possible and over the years I have curated a lot free resources and content available on the internet. I created this page on my website to organize and share that collection.

Read more at levelupinfosec.com

What I have learned from doing a year of Cloud Forensics in Azure AD

Today I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where logs are stored and what kind of information it contains.

During this blog post, I will share some of my experience. This includes the challenges that I’ve faced, but also the things I have learned. Last, but not least. I will share my methodology on doing Cloud forensics in Azure AD.

Read more at m365internals.com

Malicious Android App Posed As QR Scanner To Launch Joker Malware

Researchers uncovered a new wave of Android malware campaign " Joker" which posed as a QR scanner to target Android users.

Read more at gbhackers.com

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack

CISA warns of critical vulnerability in ForgeRock OpenAM RCE exploited in the wild.

Read more at https://thehackernews.com/2021/07/critical-rce-flaw-in-forgerock-access.html

Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Trickbot malware has returned with a new VNC module to spy on its victims.

Read more at thehackernews.com

WordPress File Management Plugin Riddled with Critical Bugs

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.

Read more at threatpost.com

Adobe updates fix 28 vulnerabilities in 6 programs

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.

Read more at bleepingcomputer.com

DLL Side-Loading Technique Used in the Recent Kaseya Ransomware Attack

FortiGuard Labs examines the ransomware used in the recent Kaseya attack and seeing what happens when a machine is infected by this ransomware by looking at some of the visible Indicators of Compromise.

Read more at fortinet.com

Chinese hackers use new SolarWinds zero-day in targeted attacks

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.

Read more at bleepingcomputer.com

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws.

Read more at thehackernews.com

Cybercriminals using Marvel's Black Widow movie to spread malware

Read more at hackread.com

Microsoft fixes Windows Hello authentication bypass vulnerability

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

Read more at bleepingcomputer.com

VMware Patches Vulnerabilities in ESXi, ThinApp

The issues could be abused to bypass authentication, cause a denial of service condition, or elevate privileges to administrator.

Read more at securityweek.com

Hackers Move to Extort Gaming Giant EA

After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.

Read more at vice.com

HelloKitty ransomware now targets VMware ESXi servers

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms.

Read more at securityaffairs.co

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.

Read more at blog.talosintelligence.com

Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability

Microsoft warns of unpatched vulnerability (CVE-2021-34481) in Windows Print Spooler service.

Read more at thehackernews.com

Critical Vulnerabilities Spotted In WordPress Plugin Frontend File Manager

As much as six different vulnerabilities existed in the Frontend File Manager plugin having over 2000 active installations. Patches released.

Read more at latesthackingnews.com

Remote code execution in cdnjs of Cloudflare

Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published with the permission of the Cloudflare security team. So this article is not intended to recommend you to perform an unauthorized vulnerability assessment. If you found any vulnerabilities in Cloudflare’s product, please report it to Cloudflare’s vulnerability disclosure program.

Read more at blog.ryotak.me

US offers up to $10 million reward for information on cyberattacks against critical infrastructure by foreign states

The US government is offering up to $10 million for information that can identify or locate malicious cyber actors working on behalf of a foreign government to target critical US infrastructure, the US State Department announced Thursday.

Read more at cnn.com

Cybersecurity bills gain new urgency after rash of attacks

Bipartisan bills aimed at strengthening U.S. cybersecurity after a string of major attacks are making headway in both the House and Senate.

Read more at thehill.com

FBI Issues Warning to Crypto Stakeholders About Potential Cyber Attacks

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are increasingly targeting crypto exchanges, third-party payment platforms as well as private owners of digital assets.

Read more at dailyhodl.com

The awesome image used in this article was created by Rafael Coppola.