Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mike Peterson, Sinwindie, Prasanna, Ross Moore, Tony Kelly, Muhammad Luqman, and Miguel Calles.

Articles

FBI Warn Hackers are Using Hijacked Home Security Devices for 'Swatting'

Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.

Source & Link: threatpost.com
Curator: Mike Peterson

The Mac Malware of 2020

A comprehensive analysis of the year's new malware.

Source & Link: objective-see.com
Curator: Mike Peterson

Hackers target cryptocurrency users with new ElectroRAT malware

Intezer Labs said it discovered fake cryptocurrency apps laced with ElectroRAT, a new Go-based malware strain.

Source & Link: zdnet.com
Curator: Mike Peterson

Singapore says police will be given access to Covid-19 contact tracing data

Concerns over privacy as TraceTogether scheme is used by almost 80% of the nation’s population.

Source & Link: theguardian.com
Curator: Mike Peterson

Major Gaming Companies Hit with Ransomware Linked to APT27

Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.

Source & Link: threatpost.com
Curator: Sinwindie

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data.

Source & Link: bleepingcomputer.com
Curator: Prasanna

Dark Web Forum Activity Surged 44% in Early COVID Months

Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.

Source & Link: darkreading.com
Curator: Prasanna

WhatsApp: Share your data with Facebook or delete your account

After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users' data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.

Source & Link: bleepingcomputer.com
Curator: Prasanna

SolarWinds Hit With Class-Action Lawsuit Following Orion Breach

SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.

Source & Link: darkreading.com
Curator: Ross Moore

Green watchdog communications wrecked by cyber attack

Computer systems at the Scottish Government’s green watchdog have been crippled for two weeks by a “complex and sophisticated” cyber attack.

Source & Link: theferret.scot
Curator: Prasanna

Italian mobile operator offers to replace SIM cards after massive data breach

Hackers stole the personal data for 2.5 million Ho Mobile subscribers.

Source & Link: zdnet.com
Curator: Prasanna

Bug? No, Telegram exposing its users' precise location is a feature working as 'expected'

Messaging app makes inadvertent oversharing too easy.

Source & Link: theregister.com
Curator: Tony Kelly

Ryuk gang estimated to have made more than $150 million from ransomware attacks

Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.

Source & Link: zdnet.com
Curator: Tony Kelly

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020

Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.

Source & Link: zdnet.com
Curator: Muhammad Luqman

Events

Scholarships for Building a Cybersecurity Skillset for College and Career Success

Webinar: January 13 @ 03:30 PM Eastern

$2 million in Cybersecurity Scholarships, Very Cool Hands-On Experiential Learning, and How to Build a Cybersecurity Skillset for College and Career Success
Source & Link: zoom.us
Curator: Miguel Calles

Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training

Summit: February 11-12 | Training: February 8-10 & 15-20

The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.

Source & Link: sans.org
Curator: Sinwindie

Webinars: January 12 @ 4 PM UTC | February 16 @ 4 PM UTC | March 16 @ 4 PM UTC

This course will change the way you conduct internet research, regardless of your job title.

Source & Link: mtg-bi.com
Curator: Tony Kelly

The Dolomites. Inspired by Ansel Adams by Przemyslaw Kruk