Secjuice Squeeze Volume 41

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Thunder-Son, Sinwindie, Muhammad Luqman, Prasanna, Mike Peterson and Miguel Calles.

Articles

Software AG Data Released After Clop Ransomware Strike

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

Source & link: ThreatPost
Curator: Prasanna

Microsoft Patches Critical, Wormable RCE Bug

There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates and one of them is wormable.

Source & link: ThreatPost
Curator: Prasanna

20 ARRESTS IN QQAAZZ MULTI-MILLION CYBERCRIMINAL MONEY LAUNDERING CASE

An unprecedented international law enforcement operation involving 16 countries has resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network which attempted to launder tens of millions of euros on behalf of the world’s foremost cybercriminals.

Source & link: Europol
Curator: ThunderSon

GHunt OSINT Tool Sniffs Out Google Users’ Account Information Using Just Their Email Address

A new open source tool allows security teams to explore data created by Google accounts. GHunt lets individuals, or security experts, analyze a target’s Google “footprint” based just on an email.

Source & link: PortSwigger
Curator: Muhammad Luqman

Cybercriminals Gamble With Victims' Livelihoods To Pass the Covid-19 Blues

An interesting look at the online leisure activities of cybercriminals. Cybercriminals seem to favor certain types of online competitions, which have increased in frequency in 2020 as the pandemic progressed. These include online rap battles, poker tournaments, poem contests and in-person sport tournaments.

Source & link: Trend Micro
Curator: Mike Peterson

Fancy Bear Imposters Are on a Hacking Extortion Spree

Nice looking website you've got there. It'd be a shame if someone DDoS'd it.

Source & link: Wired
Curator: Sinwindie

Hackers Are Using A Severe Windows Bug To Backdoor Unpatched Servers

One of the most critical Windows vulnerabilities disclosed this year is under active attack by hackers who are trying to backdoor servers that store credentials for every user and administrative account on a network.

Source & link: Ars Technica
Curator: Sinwindie

Robinhood Kicks Cybersecurity Month Off By Getting Hacked

Approximately 2,000 Robinhood accounts were accessed by hackers and looted during the week of October 5, according to Bloomberg1. Victims told Bloomberg that their trading accounts were hacked in spite of already having set up account protection.

Source & link: Investopedia
Curator: Sinwindie

Iranian State Hacker Group Linked To Ransomware Deployments

Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers. While investigating incidents at several Israeli prominent organizations, security researchers said they linked the intrusions to MuddyWater, an Iranian state-sponsored hacking group

Source & link: ZDNET
Curator: Sinwindie

Upcoming Events, Webcasts, Conferences, etc.

Stop attacks and reduce security operations workload with automated cross-domain (XDR) security

When: Thursday, October 15, 2020 at 1:00 PM EDT (2020-10-15 17:00:00 UTC)
Location: Online
Cost: Free
Source & link: sans.org
Curator: Miguel Calles

Cyber42 Game Day: CISO For A Day

When: Wednesday, October 21, 2020 at 12:00 PM EST (2020-10-21 16:00:00 UTC)
Location: Online
Cost: Free
Source & link: sans.org
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source & Link: osdfcon.org
Curator: Hartoyo Wahyu

GrayHat (formerly the Texas Cyber Summit)

When: October 29, 2020
Location: Virtual
Cost: Free
Source & Link: https://grayhat.co
Curator: Miguel Calles

BIG List of Virtual Cybersecurity Conferences

Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule