Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Andy74, Tony Kelly, Ross Moore, Muhammad Luqman, and Sinwindie.

News

Windows 10 bug crashes your PC when you access this location

A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.

Learn more at bleepingcomputer.com
Curated by Prasanna

DuckDuckGo surpasses 100 million daily search queries for the first time

DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users.

Learn more at zdnet.com
Curated by Tony Kelly

Microsoft Teams Maybe Collecting Data That Employers Can Use to Spy on Workers

It appears that the amount of data which the app collects presents privacy infringement for the users and the employers can manipulate and use that data to spy on their workers.

Learn more at ibtimes.sg
Curated by Ross Moore

Malwarebytes said it was hacked by the same group who breached SolarWinds

Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike.

Learn more at zdnet.com
Curated by Muhammad Luqman

FireEye Releases New Open Source Tool in Response to SolarWinds Hack

FireEye has released an open source tool that checks Microsoft 365 tenants for the use of techniques associated with the SolarWinds hackers.

Learn more at securityweek.com
Curated by Prasanna

Microsoft Files Patent to Create Chatbots That Imitate Dead People

Microsoft has filed a patent that would allow the company to digitally revive deceased loved ones as chatbots, using the individual's personal information.

Learn more at ign.com
Curated by Tony Kelly

Spy companies using Channel Islands to track phones around the world

A security vulnerability in phone technology is being exploited by private intelligence companies via small networks in Jersey and Guernsey.

Learn more at thebureauinvestigates.com
Curated by Tony Kelly

Hacker leaks full database of 77 million Nitro PDF user records

A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.

Learn more at bleepingcomputer.com
Curated by Ross Moore

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

Researchers details a recently disclosed Windows MSRPC Printer Spooler Relay vulnerability that can be exploited remotely to execute code.

Learn more at thehackernews.com
Curated by Muhammad Luqman

SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Cybersecurity company SonicWall hacked using zero-day vulnerabilities affecting its own NetExtender VPN product.

Learn more at thehackernews.com
Curated by Muhammad Luqman

New website launched to document vulnerabilities in malware strains

Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.

Learn more at zdnet.com
Curated by Tony Kelly

CISA Launches Campaign to Reduce the Risk of Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.

Learn more at cisa.gov
Curated by Tony Kelly

The Takedown of a Dark-Web Marketplace

One of the world’s largest illicit bazaars was shuttered using data seized from a fortified bunker in Germany.

Learn more at newyorker.com
Curated by Sinwindie

Sentences and an Exit Scam: It's Been a Big Week on the Dark Web

The dark web's largest illegal marketplace went offline last Monday. It was the start of a bad week for cybercriminals.

Learn more at vice.com
Curated by Sinwindie

Russian Hacker Pleads Guilty to Administering a Website that Catered to Criminals

Kirill Victorovich Firsov, a Russian citizen, pleaded guilty in federal court today to a cybercrime, admitting that he was the administrator of a website that catered to cyber criminals by virtually selling items such as stolen credit card information, other personal information and services to be used for criminal activity.

Learn more at justice.gov
Curated by Sinwindie

Blogs

Process Herpaderping – Windows Defender Evasion

Windows Defender has improved significantly the security posture of Windows environments since it has better detection capabilities compare to other security products. When a process is created Windows Defender receives a notification since it has a register callback on the kernel. However the actual inspection of the file occurs when the thread is inserted and before the process initiates on the system and not when the process object is created.

Learn more at  pentestlaboratories.com
Curated by Andy74

A slew of Cisco bugs, Risks of DoH & DNSpooq (aka new proof that it's always DNS!)

Security Snacks is a weekly digest of the most notable InfoSec news.Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking. This week in cybersecurity news: A bunch of critical vulnerabilities were found in Cisco products that we may soon see exploited in-the-wild.

Learn more at intigriti.com
Curated by Tony Kelly

Learning

Online Incident Response Training with Brian Carrier

Our free, online DFIR training courses focus on helping you improve the speed and comprehensiveness of your intrusion investigations.

Learn more at cybertriage.com
Curated by Ross Moore

Wireshark Tutorial: Examining Emotet Infection Traffic

This Wireshark tutorial reviews recent Emotet activity and provides some tips on identifying this malware based on examining Emotet infection traffic.

Learn more at paloaltonetworks.com
Curated by Tony Kelly

CTF Challenges

Learn more at hackingarticles.in
Curated by Tony Kelly

Events

Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training

Summit: February 11-12 | Training: February 8-10 & 15-20

The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.

Source & Link: sans.org
Curator: Sinwindie