Secjuice Squeeze Volume 47
Welcome to the Secjuice Squeeze, a curated selection of security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Muhammad Luqman, Thunder-Son, Sinwindie, and Miguel Calles.
Articles
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever
Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.
Source & Link: arstechnica.com
Curator: Prasanna
Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout
New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.
Source & Link: threatpost.com
Curator: Prasanna
8% of all Google Play apps vulnerable to old security bug
Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams.
Source & Link: zdnet.com
Curator: Prasanna
Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
Source & Link: darkreading.com
Curator: Muhammad Luqman
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
Source & Link: darkreading.com
Curator: Muhammad Luqman
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.
Source & Link: nytimes.com, fireeye.com
Curators: Thunder-Son, Prasanna
Facebook links APT32, Vietnam's primary hacking group, to local IT firm
Facebook suspends accounts linked to APT32, says the group used its platform to spread malware.
Source & Link: zdnet.com
Curator: Sinwindie
Australian mathematician helps crack 50-year Zodiac serial killer mystery
Samuel Blake, together with two other cryptologists and a supercomputer, is recognised by the FBI as having cracked a code used by the infamous Zodiac killer.
Source & Link: abc.net.au
Curator: Sinwindie
The U.S. Emergency Alert system has been hacked
Emergency communications could cause chaos or start a war — and the vulnerability has yet to be patched.
Source & Link: inputmag.com
Curator: Miguel Calles
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
Source & Link: darkreading.com
List of software products not compromised: krebsonsecurity.com
Curator: Muhammad Luqman, Prasanna
Microsoft was reportedly swept up in SolarWinds hack
Microsoft was a victim of attacks resulting from vulnerabilities tied to software from SolarWinds, according to Reuters.
Source & Link: cnbc.com
Curator: Sinwindie
Tesla hacker unlocks Autopilot 'Augmented Vision' and it's awesome
A Tesla hacker has unlocked “Autopilot Augmented Vision,” a new mode in Tesla’s autonomous driving suite, that enables to see what Autopilot can detect in real time. It’s awesome to watch. More than two years ago, we shared pictures on Electrek of leaked images from inside a Tesla engineering vehicle testing Autopilot.
Source & Link: electrek.co
Curator: Miguel Calles
Lithuania came under biggest cyber attack in years, says defence minister
Earlier this month, Lithuania faced one of the “biggest and most complex” cyber attacks in recent years, according to Defence Minister Arvydas Anušauskas.
Source & Link: lrt.lt
Curator: Prasanna
Trump Twitter ‘hack’: Police accept attacker's claim
Victor Gevers was acting ethically when he guessed the president's password, "MAGA2020!", police say.
Source & Link: bbc.com
Curator: Prasanna
Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems
AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters.
Source & Link: zdnet.com
Curator: Sinwindie
More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government
Minutes after the government statement, President-elect Joseph R. Biden Jr. warned that his administration would impose “substantial costs” on those responsible. President Trump has been silent on the hacking.
Source & Link: nytimes.com
Curator: Sinwindie
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
Source & Link: darkreading.com
Curator: Muhammad Luqman
About The Art Used In This Article
The awesome artwork used in this article is the work of Zaki Abdelmounim. He is a 25-year-old Moroccan 3D generalist living in Qatar and working in the TV industry. This project is called Hardcoding:Redshift Study, Zaki started the project after watching the movie Chappie, he really liked the concept of the command chair that was done by George Hull, and wanted to recreate something similar in 3D for the sake of practice and fun, resulting in what we think is the worlds best hacker desk design. Learn more about this project here.