Secjuice Squeeze Volume 33
Welcome to the Secjuice Squeeze, a curated selection of interesting infosec articles and news that you may have missed. Now with upcoming events!
Welcome to the 33rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers pirateducky, Sinwindie, Hartoyo Wahyu, Prasanna, Mike Peterson, and Miguel Calles.
Articles
CVE-2020-13379
Unauthenticated Full-Read SSRF in Grafana - While doing some security research on Grafana for bug bounty, I discovered that by chaining together some redirects and a URL Parameter Injection bug, it is possible to achieve a full-read, unauthenticated, SSRF on any Grafana instance.
Source & Link: rhynorater.github.io
Curator: pirateducky
Interpol: Lockbit ransomware attacks affecting American SMBs
American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world.
Source & Link: bleepingcomputer.com
Curator: Sinwindie
What Just Blew Up In Beirut?
Shortly before 6 PM Beirut time reports began flooding Twitter of a fire and a series of explosions in Beirut. It rapidly became evident that event was far more than a small industrial fire. Shortly after, videos and images of a vast explosion flooded onto social media.
Source & Link: bellingcat.com
Curator: Hartoyo Wahyu
Twitter Hack Zoom Court Hearing Interrupted by Ass-Eating Porn Video
“Zoombombers” interrupt the bond hearing for the alleged Twitter hack mastermind with loud music and a Pornhub video.
Source & Link: vice.com
Curator: Prasanna
Facebook’s ‘Red Team’ Hacks Its Own AI Programs
Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative.
Source & Link: wired.com
Curator: Sinwindie
Black Hat: How your pacemaker could become an insider threat to national security
Implanted medical devices are an overlooked security challenge that is only going to increase over time.
Source & Link: zdnet.com
Curator: Mike Peterson
Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors
Anonymous hacker promises more to come soon, too.
Source & Link: tomshardware.com
Curator: Sinwindie
Upcoming Events, Webcasts, Conferences, etc.
SANS@MIC -Large Scale Honeypotting: The SANS Internet Storm Center
When: Monday, August 10, 2020 at 8:30 PM EDT (2020-08-11 00:30 UTC)
Location: Virtual
Cost: Free
Source & Link: sans.org
Curator: Miguel Calles
Tech Tuesday Workshop - Threat Hunting with OSSEC
When: Tuesday, August 11, 2020 at 1:00 PM EDT (2020-08-11 17:00:00 UTC)
Location: Virtual
Cost: Free
Source & Link: sans.org
Curator: Miguel Calles
Ai4 2020
When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source & Link: ai4.io
Curator: Miguel Calles
Open Source Digital Forensics Conference
When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source & Link: osdfcon.org
Curator: Hartoyo Wahyu
BIG List of Virtual Cybersecurity Conferences
Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule