Secjuice Squeeze 65
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Tony Kelly, Abartan Dhakal, Gurkirat Singh and Andy74.
In this edition, we have news articles.
News
FragAttacks: Affecting Millions of Wi-Fi Enabled Devices | Cyware Hacker News
A total of 12 design and implementation flaws in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.
Read more at cyware.com
PoC released for wormable Windows IIS bug | The Record by Recorded Future
A security researcher has published over the weekend proof-of-concept exploit code for a wormable Windows IIS server vulnerability. Tracked as CVE-2021-31166, the vulnerability was discovered internally by Microsoft's staff and patched last week in the May 2021 Patch Tuesday.
Read more at therecord.media
Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs | The Record by Recorded Future
US authorities have charged a gang of Brazilian nationals for a scheme that defrauded the customers of services like Uber, Lyft, DoorDash, and two other unidentified food delivery services.
Read more at therecord.media
Lorenz Ransomware – One More Threat To the Enterprise Security
Lorenz is also a double extortion ransomware, possibly, a ThunderCrypt variant that has targeted a dozen victims in just a month.
Read more at latesthackingnews.com
Take action now – FluBot malware may be on its way | WeLiveSecurity
As FluBot continues to spread, we look at how this Android malware operates and how you can get rid of it if your device has already been compromised.
Read more at welivesecurity.com
Analysis of NoCry ransomware: A variant of the Judge ransomware
Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative.
Read more at securityaffairs.co
Discovery of Simps Botnet Leads To Ties to Keksec Group
Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities.
Read more at securityaffairs.co
Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information.
Read more at fortinet.com
DSA-2020-063: iDRAC Buffer Overflow Vulnerability | Dell UK
Dell EMC iDRAC has been updated to address a vulnerability which may potentially be exploited to compromise the affected systems.
Read more at dell.com
Scammers Pose as Meal-Kit Services to Steal Customer Data
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
Read more at threatpost.com
MountLocker ransomware uses Windows API to worm through networks
The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.
Read more at bleepingcomputer.com
Researchers Find Exploitable Bugs in Mercedes-Benz Cars | SecurityWeek.Com
Security researchers with Tencent Security Keen Lab documents five vulnerabilities in the Mercedes Benz infotainment system, four of which could be exploited for remote code execution.
Read more at securityweek.com
Scammers Impersonating Windows Defender to Push Malicious Windows Apps | McAfee Blogs
Summary points: Scammers are increasingly using Windows Push Notifications to impersonate legitimate alerts Recent campaigns pose as a Windows Defender.
Read more at mcafee.com
Fake DocuSign Download Page Leads to Hentai Onichan Ransomware
We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed.
Read more at cyren.com
A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser
Google Chrome browser to offer users a new feature allowing them to identify and reset their compromised passwords with just one-click.
Read more at thehackernews.com
Cross-browser tracking vulnerability compromises user anonymity
It is not unusual for a user to switch between using different browsers for different browsing activities and those who have made this into a routine may even be at risk because a security researcher and developer at FingerprintJS, Konstatin Darutkin, recently discovered a vulnerability that allows websites to track users across different browsers.
Read more at hackread.com
Detectify releases Ugly Duckling, an open-source web scanner for ethical hackers | Detectify Labs
Detectify Research team released a web scanner on Github called Ugly Duckling to make it easier for hackers to create security module tests.
Read more at detectify.com
The Full Story of the Stunning RSA Hack Can Finally Be Told
In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.
Read more at wired.com
Blind SQL Injection flaw in WP Statistics impacted 600K+ sites
Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs.
Read more at securityaffairs.co
Pega Infinity patches authentication vulnerability - Malwarebytes Labs
Pega Infinity is a popular enterprise software and researchers found a flaw in the authentication process by using a password reset weakness.
Read more at malwarebytes.com
This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals | ZDNet
Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.
Read more at zdnet.com
Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild
Android issues security patches for Arm and Qualcomm zero-day vulnerabilities exploited in the wild.
Read more at thehackernews.com
Fake Microsoft Authenticator extension discovered in Chrome Store
I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security.Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.
Read more at bitdefender.com
Magecart Now Hides Malicious PHP Web Shells In Website Favicons
The Magecart Group 12 has compromised numerous websites by hiding malicious PHP web shells in favicons to gain persistence, evade detection.
Read more at latesthackingnews.com
How to Tell a Job Offer from an ID Theft Trap
One of the oldest scams around -- the fake job interview that seeks only to harvest your personal and financial data -- is on the rise, the FBI warns.
Read more at krebsonsecurity.com
45 Lakh Affected In Massive Air India Data Breach Including Credit Cards
Ten years' worth of customer data including credit cards, passports and phone numbers has been leaked in a massive breach at Air India, the airline has announced.
Read more at ndtv.com