Welcome to the 23rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week's volume compiled by Secjuice writers Mike Peterson, Sinwindie, Hartoyo Wahyu, Guise Bule and Miguel Calles.
Microsoft Offers $100,000 If You Can Hack This Linux Operating System
Microsoft chose Linux instead of Windows 10 to power an IoT security platform, and now it's offering hackers $100,000 (£81,000) if they can break it.
There are, of course, conditions attached.
WebMonitor RAT Bundled with Zoom Installer
In early April, we spotted an attack leveraging Zoom installers to spread a cryptocurrency miner. We recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT (detected by Trend Micro as Backdoor.Win32.REVCODE.THDBABO).
Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found.
DEF CON 28 in-person conference is CANCELLED
Why? It is not safe for people to gather in large groups for conferences, sports ball events, or clubbing now or in the foreseeable future this year.
Report: Microsoft’s GitHub Account Gets Hacked
Hackers have broken into Microsoft’s GitHub account and stolen 500 GB of data from the tech giant’s own private repositories on the developer platform, according to published reports.
An Undetected Network Of Bots That Infected Over 10,000 Devices Just To Download Anime
A hacker ran a network of bots that compromised more than 10,000 devices for years, seemingly for one purpose: to download anime videos.
Nation-State Hackers Are Targeting COVID-19 Response Orgs
Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.
German Authorities Charge Russian Hacker for 2015 Bundestag Hack
German prosecutors have issued an arrest warrant today for a hacker working for the Russian military on charges of hacking the German Parliament in the spring of 2015.
Zoom Buys Keybase As Part Of A 90-day Plan To Fix Security Flaws
Zoom has acquired security start-up Keybase, the first purchase in the company’s nine-year history. With in-person dealmaking off the table because of social distancing requirements, the negotiations took place over Zoom video calls.
New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms
Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms.
Trump Issues Executive Order To Protect Power Grid From Attack
The executive order bans the use of equipment for the power grid that was manufactured by a company under the control of a foreign adversary, or the buying of any equipment that poses a national security threat.
Ghost Blogging Platform Servers Hacked and Infected With Crypto-Miner
Earlier today, ZDNet reported that hackers managed to breach the servers of Ghost, a Node.js-based blogging platform, built and advertised as a simpler alternative to WordPress and used by your very own Secjuice!
The Path That Leads From Gaming To Malware
The rise of online gaming means that the underhand behavior that so often has undermined real-world sporting competitions has been extended into the digital world, too.