Secjuice Squeeze Volume 47

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Muhammad Luqman, Thunder-Son, Sinwindie, and Miguel Calles.

Articles

iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.

Source & Link: arstechnica.com
Curator: Prasanna

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.

Source & Link: threatpost.com
Curator: Prasanna

8% of all Google Play apps vulnerable to old security bug

Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams.

Source & Link: zdnet.com
Curator: Prasanna

Researchers Bypass Next-Generation Endpoint Protection

Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.

Source & Link: darkreading.com
Curator: Muhammad Luqman

Cloud Security Threats for 2021

Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.

Source & Link: darkreading.com
Curator: Muhammad Luqman

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.

Source & Link: nytimes.com, fireeye.com
Curators: Thunder-Son, Prasanna

Facebook links APT32, Vietnam's primary hacking group, to local IT firm

Facebook suspends accounts linked to APT32, says the group used its platform to spread malware.

Source & Link: zdnet.com
Curator: Sinwindie

Australian mathematician helps crack 50-year Zodiac serial killer mystery

Samuel Blake, together with two other cryptologists and a supercomputer, is recognised by the FBI as having cracked a code used by the infamous Zodiac killer.

Source & Link: abc.net.au
Curator: Sinwindie

The U.S. Emergency Alert system has been hacked

Emergency communications could cause chaos or start a war — and the vulnerability has yet to be patched.

Source & Link: inputmag.com
Curator: Miguel Calles

18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack

Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.

Source & Link: darkreading.com
List of software products not compromised: krebsonsecurity.com
Curator: Muhammad Luqman, Prasanna

Microsoft was reportedly swept up in SolarWinds hack

Microsoft was a victim of attacks resulting from vulnerabilities tied to software from SolarWinds, according to Reuters.

Source & Link: cnbc.com
Curator: Sinwindie

Tesla hacker unlocks Autopilot 'Augmented Vision' and it's awesome

A Tesla hacker has unlocked “Autopilot Augmented Vision,” a new mode in Tesla’s autonomous driving suite, that enables to see what Autopilot can detect in real time. It’s awesome to watch. More than two years ago, we shared pictures on Electrek of leaked images from inside a Tesla engineering vehicle testing Autopilot.

Source & Link: electrek.co
Curator: Miguel Calles

Lithuania came under biggest cyber attack in years, says defence minister

Earlier this month, Lithuania faced one of the “biggest and most complex” cyber attacks in recent years, according to Defence Minister Arvydas Anušauskas.

Source & Link: lrt.lt
Curator: Prasanna

Trump Twitter ‘hack’: Police accept attacker's claim

Victor Gevers was acting ethically when he guessed the president's password, "MAGA2020!", police say.

Source & Link: bbc.com
Curator: Prasanna

Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems

AIR-FI technique can send stolen data at speeds of up to 100 b/s to Wi-Fi receivers at a distance of a few meters.

Source & Link: zdnet.com
Curator: Sinwindie

More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

Minutes after the government statement, President-elect Joseph R. Biden Jr. warned that his administration would impose “substantial costs” on those responsible. President Trump has been silent on the hacking.

Source & Link: nytimes.com
Curator: Sinwindie

2021 Cybersecurity Predictions: The Intergalactic Battle Begins

There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.

Source & Link: darkreading.com
Curator: Muhammad Luqman

About The Art Used In This Article

The awesome artwork used in this article is the work of Zaki Abdelmounim. He is a 25-year-old Moroccan 3D generalist living in Qatar and working in the TV industry.  This project is called Hardcoding:Redshift Study, Zaki started the project after watching the movie Chappie, he really liked the concept of the command chair that was done by George Hull, and wanted to recreate something similar in 3D for the sake of practice and fun, resulting in what we think is the worlds best hacker desk design. Learn more about this project here.