Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Miguel Calles, Ross Moore, Andy74, Muhammad Luqman, Prasanna, Mike Peterson, Tony Kelly, and Sinwindie.
In this edition we have news articles, blog posts, and events.
SonicWall Confirms Critical Flaw In Secure Mobile Access Tool
SonicWall confirmed its Secure Mobile Access 100 tool has a critical zero-day flaw a day after researchers said the vulnerability was being exploited in the wild.
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
New cryptojacking malware is targeting cloud infrastructures using Apache, Oracle, Redis vulnerabilities.
Pay-or-Get-Breached Ransomware Schemes Take Off
In 2020, ransomware attackers moved quickly to adopt so-called double extortion schemes, with more than 550 incidents in the fourth quarter alone.
Ransomware gangs made at least $350 million in 2020
The figure represents a 311% increase over ransomware payments recorded the previous your, in 2019.
Microsoft Defender now detects macOS system, app vulnerabilities
Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.
3 New Severe Security Vulnerabilities Found In SolarWinds Software
3 New Severe Security Vulnerabilities Found In SolarWinds Orion and Serv-U FTP Server Software.
Vendor Responsible for Goodwin Breach Has Some Other Big Law Clients
Accellion, a Palo Alto-based cybersecurity company, was responsible for the breach at Goodwin Procter, sources confirmed.
Why Human Error is #1 Cyber Security Threat to Businesses in 2021
Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Instagram Unmasks High Profile 'OG' Account Stealers, Threatens to Sue
The action centres around the OGUsers community. It is highly unusual for social media companies to publicly announce that it has identified the real names of pseudonymous users.
Instagram bans hundreds of accounts in OGUsers takedown
Instagram has banned hundreds of accounts tied to the notorious “OGUsers” forum, where members buy and sell stolen social media accounts.
Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security
Older commercial machines rely on insecure Mifare Classic payments
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
Hackers intercepted a Covid-19 vaccination appointment hotline in Pennsylvania
At some point "mid-afternoon," the Allegheny County health department and the 2-1-1 service became aware that a hacker was intercepting callers and diverting them away from the help line without their knowledge, officials said.
Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites
An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users.
Hackers post detailed patient medical records from two hospitals to the dark web
The files, which number in at least the tens of thousands, includes patients’ personal identifying information.
This old form of ransomware has returned with new tricks and new targets
Cerber was once the most common form of ransomware - and now it's back, years after it's heyday.
Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
Cisco has rolled out patches for multiple critical vulnerabilities in the web-based management interface of Small Business routers.
Spotify Hit With Another Credential-Stuffing Attack
This marks the second credential-stuffing attack to hit the streaming platform in the last few months.
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.
Microsoft repo secretly installed on all Raspberry Pi's Linux OS
Microsoft repo secretly installed on all Raspberry Pi's Linux OS by Raspberry foundation's official OS, and many Linux/FOSS users are upset.
Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style
On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.
How to decrypt files encrypted by Fonix
The authors of Fonix ransomware published the master key, so we released a tool to decrypt files.
Evading Antivirus with Encrypted Payloads using Venom
Venom uses Msfvenom from Metasploit to generate shellcode in different formats such as "c", "python", "ruby", "dll", "msi", "hta-psh" to inject the shellcode generated into one template and work with encrypted payloads.
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
We observed an exploit of the WordPress File Manager RCE vulnerability CVE-2020-25213, which was used to install Kinsing, a malicious cryptominer.
Out in the Wild: How OSINT Supports Proactive Defense
Thursday, February 11th | 12:45 - 1:30 PM EST
In the SOC, defenders are often true to their name-playing defense to manage detections, assess risk, and protect the network from an ever-evolving barrage of threats. However, attacks don't start with alerts-they start with the infrastructure that attackers set up to deliver the attack. Proactive open-source investigations and external hunting practices can help shift your security posture from reactive to proactive.
Learn how you can use real-world attacks and open-source data to:
- Identify high-risk infrastructure associated with threat actor activity
- Rapidly investigate infrastructure associations to identify patterns and TTPs, and
- Create profiles that you can use to hunt externally for threats relevant to your organization-moving left in attack detection by finding threats before they find you
Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training
Summit: February 11-12 | Training: February 8-10 & 15-20
The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.