Secjuice Squeeze Volume 19

Welcome to the 19th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed.

Secjuice Squeeze Volume 19

Welcome to the 19th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week (most of the time—we took a few break the past few weeks). We are transitioning to a new format this week. This week's volume compiled by Secjuice writers Miguel Calles, Mike Peterson, Bhumish Gajjar, and Sinwindie.

Hackers are using DNS-Hijacking to Get Users to Install Malicious COVID-19 Apps

Beware downloading mobile apps designed for COVID-19. Hacker brute forcing the router passwords to implement DNS-hijacking techniques against D-Link and Linksys routers. These attacks redirect users to phony sites that advertise malicious COVID-19 apps.

Source: zdnet.com; threatpost.com
Curator: Miguel Calles

Troubles with Zoom in an age of remote work and play

We probably don't need to tell you about all of the vulnerabilities, privacy issues and other blunders discovered about video conferencing app Zoom over the past week. Many took up arms against the app, and in some opinions, justifiably so.

Whether or not the outrage was warranted is really up to you. Many Infosec professionals on Twitter pointed out that not everyone's threat model will be the same. Zoom is hardly perfect, but for the average user, the riskiness of the platform is relatively low. But, some food for tought: Instead of just telling not to use the app, explain why. Get them to think about their security risk models. Offer better alternatives.

Source: npr.org
Curator: Mike Peterson

Saudi Arabia exploited cell network flaw to track its citizens in the U.S.

A whistleblower told The Guardian that elements of the Saudi government may be exploiting vulnerabilities in global messaging system SS7 to spy on citizens as they traveled around the U.S. A cache of data given to the publication found that were were "millions" of secret tracking requests emanating from Saudi Arabia between November 2019 and February 2020.

There have long been concerns about SS7, which is a set of protocols that the telecom industry uses to route and direct calls between networks. But the system also has weaknesses that allow nation state actors to "weaponize" flaws to track citizens. More than that, U.S. carriers have historically done little to track the flaws, despite security experts and lawmakers sounding the alarm for years.

Source: theguardian.com
Curator: Mike Peterson

Digital wallet app leaks nearly 44 million images of cards

A digital wallet app used by millions of users across North America has leaked images of cards stored on its platform. Like many other careless data leaks, the app developers appeared to have stored customer data in five unsecured Amazon Web Services (AWS) S3 buckets – which were then discovered by researchers at vpnMentor.

While most users only stored low-risk cards on Key Ring, such as membership or loyalty cards, some used the platform to keep much more sensitive ones. Some of the exposed cards, for example, included state-issued IDs, credit cards with all relevant details, medical insurance cards, and medical marijuana ID cards.

Source: vpnmentor.com
Curator: Mike Peterson

Spearphishers continue to use COVID-19 to spread malware and infostealers

Phishing and malware campaigns related to the 2019 Novel Coronavirus have become a common theme over the past few months, but a recent example is worth singling out because of its use of the World Health Organization Trademark. The COVID-19-themed campaign is spread via email, as many similar scams are, according to security researchers at FortiGuard labs.

Worringly for the average user, the messages are filled with "legitimate characteristics." As you might expect, the emails contain an attachment that downloads the LokiBot infostealer if executed. There are some signs that it's not legitimate, such as grammatical errors and an unfactual linking of the WHO with the U.S.-based CDC. But still, now is as good of a time as any to inform the non-security professionals in your life to be extremely skeptical.

Source: threatpost.com
Curator: Mike Peterson

Login details of verified Zoom accounts posted on Dark Web

Source: hackread.com
Curator: Bhumish Gajjar

Flaw hunter bags $75,000 off Apple after duping Safari into spying through iPhone, Mac cameras without permission

Source: theregister.co.uk
Curator: Bhumish Gajjar

The Indestructible XHelper Malware Can Now Be Permanently Deleted

Source: threathunting.se
Curator: Bhumish Gajjar

Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft

Source: zdnet.com
Curator: Bhumish Gajjar

DarkHotel hackers use VPN zero-day to breach Chinese government agencies

Source: zdnet.com
Curator: Sinwindie

This Map Shows the Global Spread of Zero-Day Hacking Techniques

Source: wired.com
Curator: Sinwindie

A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details

Source: cyberscoop.com
Curator: Sinwindie

Critical VMware Bug Opens Up Corporate Treasure to Hackers

Source: threatpost.com
Curator: Bhumish Gajjar

San Francisco Airport Cyber Attack Confirmed: Windows Passwords Stolen

Source: forbes.com
Curator: Bhumish Gajjar

Bypassing modern XSS mitigations with code-reuse attacks

Source: truesec.com
Curator: Bhumish Gajjar

A fun platform for learning modern cryptography

Source: cryptohack.org
Curator: Bhumish Gajjar


The awesome image used in this article is called "Metrics For Faster Mobile App Success" and it was created by Lily.