Welcome to the 25th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you on a weekly basis. This week's volume compiled by Secjuice writers Prasanna, Devesh Chande, Mike Peterson, Manmeet Singh Bhatia, Sinwindie, Thunder-Son, Miguel Calles, and Hartoyo Wahyu.

Articles

Apple iOS 13.5 Hacked: Zero-Day Flaw Exploited By iPhone Jailbreakers

Hacking group exploits iOS zero-day vulnerability to unlock any iPhone.

Source: forbes.com
Curator: Sinwindie

Huge Rise In Hacking Attacks On Home Workers During Lockdown

Cybercriminals are exploiting fears and chaos caused by coronavirus.

Source: theguardian.com
Curator: Sinwindie

Documenting The Impossible: Unexploitable XSS labs

Have you ever found some risky behavior, but couldn't prove it was exploitable?

Source: portswigger.net
Curator: Thunder-Son

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway.

Source: threatpost.com
Curator: Prasanna

Norfund Scammed Out Of $10 Million By Hackers Who Used Spoofed Email Addresses

The Norwegian Investment Fund, more commonly known as Norfund, announced that scammers stole £8.2 million ($10 million) by spoofing an email address.

Source: https://www.cyberscoop.com/norfund-hacked-wealth-fund-10-million/
Curator: Devesh Chande

Signal To Move Away From Using Phone Nmbers As User IDs

Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.

Source: zdnet.com
Curator: Mike Peterson

How Cybersecurity Enables Government, Health, EduTech To Cope With COVID-19

Cybersecurity is proving increasingly essential to protect government, health, and edutech websites in the wake of growing reliance on remote working apps during the Covid-19 crisis.

Source: thehackernews.com
Curator: Manmeet Singh Bhatia

EasyJet Admits Data Of Nine Million Hacked

The attack was "sophisticated" the airline said, adding that some credit card details had been accessed.

Source: bbc.com
Curator: Sinwindie

Commander Discusses a Decade of DOD Cyber Power

While the U.S. Cyber Command's mission has evolved over the last decade, defense of the nation in cyberspace remains as important as ever.

Source: defense.gov
Curator: Sinwindie

Israel Hack of Iran Port Is Latest Salvo in Exchange of Cyberattacks

Israel was behind a cyberattack that disrupted a major port in Iran, done in response to an attempt by the Revolutionary Guards to infiltrate an Israeli water facility.

Source: nytimes.com
Curator: Sinwindie

Florida’s Unemployment System Breached

No information was released on when the hack took place, how many accounts were opened or if the breach will affect people being able to receive unemployment benefits.

Source: tampabay.com
Curator: Sinwindie

ShinyHunters Is a Hacking Group on a Data Breach Spree

In the first two weeks of May, they've hit the dark web, hawking 200 million stolen records from over a dozen companies.

Source: wired.com
Curator: Sinwindie

How To Stay Mentally Healthy While Doing OSINT

Listen to a podcast where OSINT specialist discuss a range of practical techniques that OSINT practitioners can apply – both on an individual basis and in teams - to keep mentally healthy while conducting investigations, and also talk about the impact of social media research on mental health.

Source: janes.com
Curator: Sinwindie


Upcoming Events, Webcasts, Conferences, etc.

LASCON 20/20 - Call for Papers and Training

When: Now thru June 30, 2020
Source: lascon.org

DockerCon LIVE 2020 with theCUBE

When: May 28, 2020 @ 09:00 AM - 05:00 PM Pacific (04:00 PM to 12:00 AM UTC)
Location: Online
Source: cube365.net
Curator: Hartoyo Wahyu

Zero Trust: Fast forwarding into working without boundaries

When: May 29, 2020 at 10:30 AM EDT (2020-05-29 14:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

The State of AI in Financial Services

When: Jun 2, 2020 @ 01:00 PM in Eastern Time (05:00 PM UTC)
Location: Online
Source: zoom.us
Curator: Miguel Calles

Winning in the Dark - Defending Serverless Infrastructure in the Cloud

When: June 03, 2020 at 10:30 AM EDT (2020-06-03 14:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

Shift Left: Integrate security in your DevOps lifecycle

When: June 04, 2020 at 1:00 PM EDT (2020-06-04 17:00:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

CSA EU Summit 2020

When: June 9-12, 2020
Location: Online
Source: cvent.com
Curator: Miguel Calles

Putting Your SOC to the Test

When: June 10, 2020 at 10:30 AM EDT (2020-06-10 14:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

CloudOps Summit

When: June 10th, 2020 - 10am PT (2020-06-10 17:00 UTC)
Location: Online
Source: cloudopsummit.com
Curator: Miguel Calles

SANS@MIC - Shellcode Analysis 101

When: June 10, 2020 at 3:30 PM EDT (2020-06-10 19:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

SANS@MIC - Leveraging Telegram for OSINT purposes

When:  June 10, 2020 at 8:30 PM EDT (2020-06-11 00:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

DevSecCon24

When: June 15-16, 2020
Location: Online
Source: devseccon.com
Curator: Miguel Calles

You Can Write an Infosec Book!

When: June 15, 2020 at 1:00 PM EDT (2020-06-15 17:00:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

SANS@MIC - The 14 Absolute Truths of Security

When: July 06, 2020 at 8:30 PM EDT (2020-07-07 00:30:00 UTC)
Location: Online
Source: sans.org
Curator: Miguel Calles

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source: osdfcon.org
Curator: Hartoyo Wahyu

LASCON 20/20

When: October 29-30, 2020
Location: Austin, TX
Cost: $199 (early registration)
Source: lascon.org
Curator: Miguel Calles

The awesome artwork used in this article is called Pinky Girl and it was created by Georgi Dimitrov Erase.