Secjuice Squeeze Volume 30

Welcome to the 30th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Sinwindie, Devesh Chande, ThunderSon and Miguel Calles.

Articles

Lazarus APT Stole Credit Card Data From US and EU Stores

North Korea-linked Lazarus APT has been stealing payment card data from customers of large retailers in the U.S. and Europe for at least a year. Sansec researchers reported that North Korea-linked Lazarus APT group has been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year.

Source & Link: Security Affairs
Curator: Prasanna

Ex-Yahoo Employee Avoids Jail, Despite Hacking 6000 Accounts and Stealing Explicit Photos and Videos

A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women.

Source & Link: Security Boulevard
Curator: Sinwindie

US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet

US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.

Source & Link: ZDNet
Curator: Sinwindie

Hacking Tensions With Iran Surging After Nuclear Site Fire

Following a mysterious outbreak of fire at an Iranian nuclear site, Iran has threatened to retaliate for the possible cyberattack but not officially blamed the U.S. or Israel.

Source & Link: Washington Post
Curator: Sinwindie

Email Fraud Campaign Aimed at Fortune 500 Linked to Russian Scammers

A group of scammers masquerading as legitimate business executives is behind more than 200 email-based attacks that aim to swindle hundreds of thousands of dollars from companies. Dubbed “Cosmic Lynx” by the email security firm Agari, the group has targeted individuals in 46 countries since July 2019, often victimizing senior leaders in Fortune 500 or Global 2000 firms.

Source & Link: CyberScoop
Curator: Devesh Chande

Ransomware Attack On Insurance MSP Affects Clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. An undisclosed number of customers was impacted by the cyberattack, denying access to their operating environment.

Source & Link: Bleeping Computer
Curator: Miguel Calles

Home Routers Are Riddled With Known Flaws and Run Ancient, Unpatched Linux Operating Systems

Germany's Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling, there are no routers in the study without known security flaws.

Source & Link: ZDNet
Curator: Miguel Calles

Citrix Bugs Allow Unauthenticated Code Injection & Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker. The Citrix products are installed in at least 80,000 companies in 158 countries.

Source & Link: ThreatPost
Curator: ThunderSon

Police Are Buying Access to Hacked Website Data

Companies are selling the police and government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. One company claimed to "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice."

Source & Link: Vice
Curator: Sinwindie

Citizen of Kazakhstan Charged With Computer Fraud and Wire Fraud For Hacking Hundreds Of Corporate Networks In More Than 40 Countries Worldwide

An indictment was unsealed today in the Western District of Washington charging a citizen of Kazakhstan with various federal crimes related to a prolific, financially motivated cybercrime group that hacked the computer networks of a broad array of corporate entities, educational institutions, and governments throughout the world.

Source & Link: Department Of Justice
Curator: Sinwindie

Whitepaper: From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover

Over the past 2.5 years, the Digital Shadows Photon Research team has been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use on an everyday basis―for banks, to stream videos or music, for work―the list goes on. For this paper we closely examine this ubiquitous problem, including how attackers approach account takeovers (ATO).

Source & Link: Digital Shadows
Curator: Devesh Chande

Upcoming Events, Webcasts, Conferences, etc.

OWASP Virtual AppSec Days Summer of Security

When: July 28-29, 2020 (12:00pm to 4:00pm EDT/1800pm to 2200pm CET)
Location: Online
Source & Link: appsecdays.org
Curator: Hartoyo Wahyu

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source & Link: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source & Link: osdfcon.org
Curator: Hartoyo Wahyu