Secjuice Squeeze 65

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed.

Secjuice Squeeze 65

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Tony Kelly, Abartan Dhakal, Gurkirat Singh and Andy74.

In this edition, we have news articles.

News

FragAttacks: Affecting Millions of Wi-Fi Enabled Devices | Cyware Hacker News

A total of 12 design and implementation flaws in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.

Read more at cyware.com

PoC released for wormable Windows IIS bug | The Record by Recorded Future

A security researcher has published over the weekend proof-of-concept exploit code for a wormable Windows IIS server vulnerability. Tracked as CVE-2021-31166, the vulnerability was discovered internally by Microsoft's staff and patched last week in the May 2021 Patch Tuesday.

Read more at therecord.media

Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs | The Record by Recorded Future

US authorities have charged a gang of Brazilian nationals for a scheme that defrauded the customers of services like Uber, Lyft, DoorDash, and two other unidentified food delivery services.

Read more at therecord.media

Lorenz Ransomware – One More Threat To the Enterprise Security

Lorenz is also a double extortion ransomware, possibly, a ThunderCrypt variant that has targeted a dozen victims in just a month.

Read more at latesthackingnews.com

Take action now – FluBot malware may be on its way | WeLiveSecurity

As FluBot continues to spread, we look at how this Android malware operates and how you can get rid of it if your device has already been compromised.

Read more at welivesecurity.com

Analysis of NoCry ransomware: A variant of the Judge ransomware

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative.

Read more at securityaffairs.co

Discovery of Simps Botnet Leads To Ties to Keksec Group

Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities.

Read more at securityaffairs.co

Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions

FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information.

Read more at fortinet.com

DSA-2020-063: iDRAC Buffer Overflow Vulnerability | Dell UK

Dell EMC iDRAC has been updated to address a vulnerability which may potentially be exploited to compromise the affected systems.

Read more at dell.com

Scammers Pose as Meal-Kit Services to Steal Customer Data

Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.

Read more at threatpost.com

MountLocker ransomware uses Windows API to worm through networks

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.

Read more at bleepingcomputer.com

Researchers Find Exploitable Bugs in Mercedes-Benz Cars | SecurityWeek.Com

Security researchers with Tencent Security Keen Lab documents five vulnerabilities in the Mercedes Benz infotainment system, four of which could be exploited for remote code execution.

Read more at securityweek.com

Scammers Impersonating Windows Defender to Push Malicious Windows Apps | McAfee Blogs

Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender.

Read more at mcafee.com

Fake DocuSign Download Page Leads to Hentai Onichan Ransomware

We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed.

Read more at cyren.com

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser

Google Chrome browser to offer users a new feature allowing them to identify and reset their compromised passwords with just one-click.

Read more at thehackernews.com

Cross-browser tracking vulnerability compromises user anonymity

It is not unusual for a user to switch between using different browsers for different browsing activities and those who have made this into a routine may even be at risk because a security researcher and developer at FingerprintJS, Konstatin Darutkin, recently discovered a vulnerability that allows websites to track users across different browsers.

Read more at hackread.com

Detectify releases Ugly Duckling, an open-source web scanner for ethical hackers | Detectify Labs

Detectify Research team released a web scanner on Github called Ugly Duckling  to make it easier for hackers to create security module tests.

Read more at detectify.com

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Read more at wired.com

Blind SQL Injection flaw in WP Statistics impacted 600K+ sites

Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs.

Read more at securityaffairs.co

Pega Infinity patches authentication vulnerability - Malwarebytes Labs

Pega Infinity is a popular enterprise software and researchers found a flaw in the authentication process by using a password reset weakness.

Read more at malwarebytes.com

This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals | ZDNet

Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.

Read more at zdnet.com

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

Android issues security patches for Arm and Qualcomm zero-day vulnerabilities exploited in the wild.

Read more at thehackernews.com

Fake Microsoft Authenticator extension discovered in Chrome Store

I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security.Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.

Read more at bitdefender.com

Magecart Now Hides Malicious PHP Web Shells In Website Favicons

The Magecart Group 12 has compromised numerous websites by hiding malicious PHP web shells in favicons to gain persistence, evade detection.

Read more at latesthackingnews.com

How to Tell a Job Offer from an ID Theft Trap

One of the oldest scams around -- the fake job interview that seeks only to harvest your personal and financial data -- is on the rise, the FBI warns.

Read more at krebsonsecurity.com

45 Lakh Affected In Massive Air India Data Breach Including Credit Cards

Ten years' worth of customer data including credit cards, passports and phone numbers has been leaked in a massive breach at Air India, the airline has announced.

Read more at ndtv.com

The images used in this weeks edition were created by photographer and director Brian Cummings. The series looks back at the summer that wasn’t and how we adapted to isolation and the new abnormal.