Squeeze Volume 1 - Disney+, Google $1.5M Reward & More
Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.
Welcome to the first edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This weeks volume was created by Secjuice leadership member Miguel Calles.
Disney+ Accounts on Sale for $1
Shortly after the public launch of the Disney+ streaming service accounts were compromised and became available for sale on darknet markets. Some of these compromised accounts can be attributed to users reusing passwords, but it did not help that Disney+ made account takeovers fairly easy for miscreants to exploit too.
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
https://www.infosecurity-magazine.com/news/hacked-disney-accounts-on-sale-for/
Ransomware Continues to Strike
Ransomware affected a Texas high school, 400 veterinary hospitals, and a French hospital. The high school paid the ransom, whereas the hospitals might not decide to pay it. Ransomware attacks are becoming more aggressive and sophisticated. To learn more ransomware, consider reading "Ransomware Revealed: A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks" by Secjuice writer Nihad A. Hassan.
https://www.beaumontenterprise.com/news/article/PN-G-pays-ransom-to-regain-access-to-district-14844446.php
https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
https://www.theregister.co.uk/2019/11/21/french_hospital_rouen_ransomware/
Microsoft Updates Patch UAC Flaw
Windows Secure Desktop has a User Access Control (UAC) flaw that allows a malicious actor to launch a web browser with elevated user privileges. Apply the November updates to patch this flaw.
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
Google Offers $1.5M Hacking Reward
Google claims its Titan M secure chip is pretty secure. Google's confidence led them to offer a $1.5 million reward for a complex remote code execution exploit.
https://www.zdnet.com/article/google-will-pay-bug-hunters-up-to-1-5m-if-they-can-hack-its-titan-m-chip/
https://www.msn.com/en-us/news/technology/google-is-offering-a-2415-million-reward-to-anyone-who-can-pull-off-a-complex-android-hack/ar-BBXaRuP