Squeeze Volume 3 - $5M Bounty, Great Cannon DDoS, Linux CVE, a BeerCon in a pear tree

Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.

Squeeze Volume 3 - $5M Bounty, Great Cannon DDoS, Linux CVE, a BeerCon in a pear tree

Welcome to the third edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This week's volume was created by Chad Calease and Miguel Calles.

BeerConOne

The Beer Farmers are running a virtual conference called Beer Con One (or #BC1 for short). This will include guests from all over the globe, from many  different areas of the information security community and cover different time zones.

The  event is being run with the support of The Many Hats Club and is being held from Saturday, 7 December at 8pm (GMT) for 24 hours through to Sunday, 8 December 2019 on https://www.twitch.tv/themanyhatsclub

#BC1 is raising money for two charities the security community holds close to its heart; the Electronic Frontier Foundation (EFF) and Mental Health Hackers.  All funds raised go to both of these charities.

Donate at https://www.gofundme.com/f/beerconone

Beer Con One (#BC1)
The Beer Farmers are running a virtual conference called Beer Con One (or #BC1[https://twitter.com/search?q=%23BC1] for short). This will include guests fromall over the globe, from many different areas of the information securitycommunity and cover different time zones. This will be held as a 24…

US Offers $5M Bounty for Russian Hackers

For the last 10 years or so the criminal collective known as "Evil Corp" have developed and used malware to steal tens of millions of dollars. This past Thursday the FBI issued the largest bounty in history for its leader: Maksim V. Yakubets, also known as “aqua.”

Russian ‘Evil Corp’ hackers charged by US in $100m cyber theft
US officials announce a $5m reward towards the hacking group leader’s arrest, highest ever offered for a cybercriminal.

CVE-2019-14899: New *nix vuln!

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections.

The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams.

Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more.

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
The Hacker News is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.

Carriers Mobile Bills Exposed on Open Web

Hundreds of thousands of mobile phone bills for AT&T, Verizon, and T-Mobile subscribers have been publicly exposed due to a misconfiguration of an AWS S3 bucket by a contractor working with Sprint. Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.

According to an investigation, the contractor misconfigured a  cloud storage bucket on Amazon Web Services (AWS), in which more than  261,300 documents were stored – mainly cell phone bills from Sprint customers who switched from other carriers.

Sprint contractor’s unsecured AWS bucket exposed thousands of cell phone bills
Analysts at Fidus Information Security, a UK-based penetration testing firm, discovered an Amazon Web Services (AWS) bucket unprotected on the internet. The find contained more than 260,000 documents belonging to cell phone customers from most of the major carriers, including…

Man-in-the-Middle Attack Steals $1M from Startup

Hacker successfully stole $1M from a Chinese venture capital (VC) firm and an Israeli startup. They used spoofed emails and bogus domains in their exploit. A carefully planned attack managed to steal seed money the VC firm was planning to send to the startup. The hackers quickly setup domains that looked very similar to the target domain and sent spoofed emails to the VC pretending to be the startup's CEO. Neither side noticed anything suspicious. Several emails later, both the VC and the startup the wire transfer was executing, but the money did not reach the intended recipients. Moral: Verify with whom you're communicating (maybe pickup a phone before wiring money).

https://threatpost.com/ultimate-mitm-attack-steals-1m-from-israeli-startup/150840/
https://www.vice.com/en_us/article/mbmmaq/hackers-trick-venture-capital-firm-into-sending-them-dollar1-million

"Great Cannon" Distributed Denial of Service (DDoS) Tool Used Against Hong Kong Protestors

AT&T Cybersecurity discovered a DDoS attack against Hong Kong LIHKG pro-democracy protestors. The Great Cannon is a Chinese goverment backed DDoS tool. It was used against the LIHKG web site and social media platform. The tool highjacks unencrypted JavaScript resources in its attack. The tool was created about four years ago.

https://www.bleepingcomputer.com/news/security/the-great-cannon-ddos-tool-used-against-hong-kong-protestors-forum/
https://www.infosecurity-magazine.com/news/chinas-great-cannon-fires-on-hong/

The rad gif used in this post is called A Partridge in a Pear Tree by Harvey Leversha