Secjuice Squeeze Volume 34

Welcome to the Secjuice Squeeze, a curated selection of interesting infosec articles and news that you may have missed. Now with upcoming events!

Secjuice Squeeze Volume 34

Welcome to the 34th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Sinwindie, Mike Peterson, Miguel Calles, Muhammad Luqman, and Prasanna.

Articles

Homeland Security details new tools for extracting device data at US borders

The agency says it can now obtain details including your phone's location history, social media information, and photos and videos.

Source & Link: cnet.com
Curator: Sinwindie

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.

Source & Link: threatpost.com
Curator: Mike Peterson

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.

Source & Link: threatpost.com
Curator: Mike Peterson

SANS infosec training org suffers data breach after phishing attack

The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack.

Source & Link: bleepingcomputer.com
Curator: Mike Peterson

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked

Microsoft Patch Tuesday Reveals A Few Innocent Ways to Get Hacked

Source & Link: thehackernews.com
Curator: Muhammad Luqman

NSA, FBI expose Russian intelligence hacking tool: report

The U.S. National Security Agency and Federal Bureau of Investigation have exposed a sophisticated Russian hacking tool, they said on Thursday in a rare public report offering new insight on Russia's arsenal of digital weapons.

Source & Link: reuters.com
Curator: Sinwindie

North Korean Hacking Group Attacks Israeli Defense Industry

Israel says the attack was thwarted, but a cybersecurity firm says it was successful. Some officials fear that classified data stolen by North Korea could be shared with Iran.

Source & Link: nytimes.com
Curator: Sinwindie

Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon's Alexa

“Please lower the temperature of the AC, it’s getting humid in here,” said Eric to Alexa, who turned the AC to a cooler temperature in the living room. No, Alexa is not Eric’s partner, wife or friend. Alexa is his virtual assistant.

Source & Link: checkpoint.com
Curator: Sinwindie

Global Disruption of Three Terror Finance Cyber-Enabled Campaigns

The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS). This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia. These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context.

Source & Link: justice.gov
Curator: Sinwindie

Chrome extensions that lie about their permissions - Malwarebytes Labs

Users have learned to review the list of permissions Chrome extensions require before installing them. But what's the use if they lie to you?

Source & Link: malwarebytes.com
Curator: Prasanna

Upcoming Events, Webcasts, Conferences, etc.

Predict 2020: Intelligence to Disrupt the Status Quo

When: October 5-8, 2020
Location: Virtual
Cost: Free
Source & Link: recordedfuture.com
Curator: Miguel Calles

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source & Link: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source & Link: osdfcon.org
Curator: Hartoyo Wahyu

BIG List of Virtual Cybersecurity Conferences

Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule

The awesome image used in this article is called Hulk Eye and was created by Shigil Jimbolji.