Secjuice Squeeze 54

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Miguel Calles, Ross Moore, Andy74, Muhammad Luqman, Prasanna, Mike Peterson, Tony Kelly, and Sinwindie.

In this edition we have news articles, blog posts, and events.

News

SonicWall Confirms Critical Flaw In Secure Mobile Access Tool

SonicWall confirmed its Secure Mobile Access 100 tool has a critical zero-day flaw a day after researchers said the vulnerability was being exploited in the wild.

Learn more at crn.com
Curated by Ross Moore

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

New cryptojacking malware is targeting cloud infrastructures using Apache, Oracle, Redis vulnerabilities.

Learn more at thehackernews.com
Curated by Andy74

Pay-or-Get-Breached Ransomware Schemes Take Off

In 2020, ransomware attackers moved quickly to adopt so-called double extortion schemes, with more than 550 incidents in the fourth quarter alone.

Learn more at darkreading.com
Curated by Muhammad Luqman

Ransomware gangs made at least $350 million in 2020

The figure represents a 311% increase over ransomware payments recorded the previous your, in 2019.

Learn more at zdnet.com
Curated by Mike Peterson

Microsoft Defender now detects macOS system, app vulnerabilities

Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.

Learn more at bleepingcomputer.com
Curated by Ross Moore

3 New Severe Security Vulnerabilities Found In SolarWinds Software

3 New Severe Security Vulnerabilities Found In SolarWinds Orion and Serv-U FTP Server Software.

Learn more at thehackernews.com
Curated by Andy74

Vendor Responsible for Goodwin Breach Has Some Other Big Law Clients

Accellion, a Palo Alto-based cybersecurity company, was responsible for the breach at Goodwin Procter, sources confirmed.

Learn more at law.com
Curated by Ross Moore

Why Human Error is #1 Cyber Security Threat to Businesses in 2021

Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.

Learn more at thehackernews.com
Curated by Tony Kelly

Instagram Unmasks High Profile 'OG' Account Stealers, Threatens to Sue

The action centres around the OGUsers community. It is highly unusual for social media companies to publicly announce that it has identified the real names of pseudonymous users.

Learn more at vice.com
Curated by Sinwindie

Instagram bans hundreds of accounts in OGUsers takedown

Instagram has banned hundreds of accounts tied to the notorious “OGUsers” forum, where members buy and sell stolen social media accounts.

Learn more at engadget.com
Curated by Sinwindie

Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security

Older commercial machines rely on insecure Mifare Classic payments

Learn more at theregister.com
Curated by Ross Moore

Microsoft Office 365 Attacks Sparked from Google Firebase

A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.

Learn more at threatpost.com
Curated by Tony Kelly

Hackers intercepted a Covid-19 vaccination appointment hotline in Pennsylvania

At some point "mid-afternoon," the Allegheny County health department and the 2-1-1 service became aware that a hacker was intercepting callers and diverting them away from the help line without their knowledge, officials said.

Learn more at cnn.com
Curated by Sinwindie

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users.

Learn more at threatpost.com
Curated by Andy74

Hackers post detailed patient medical records from two hospitals to the dark web

The files, which number in at least the tens of thousands, includes patients’ personal identifying information.

Learn more at nbcnews.com
Curated by Andy74

This old form of ransomware has returned with new tricks and new targets

Cerber was once the most common form of ransomware - and now it's back, years after it's heyday.

Learn more at zdnet.com
Curated by Andy74

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Cisco has rolled out patches for multiple critical vulnerabilities in the web-based management interface of Small Business routers.

Learn more at thehackernews.com
Curated by Andy74

Spotify Hit With Another Credential-Stuffing Attack

This marks the second credential-stuffing attack to hit the streaming platform in the last few months.

Learn more at darkreading.com
Curated by Muhammad Luqman

Blogs

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

Learn more at blog.qualys.com
Curated by Prasanna

Microsoft repo secretly installed on all Raspberry Pi's Linux OS

Microsoft repo secretly installed on all Raspberry Pi's Linux OS by Raspberry foundation's official OS, and many Linux/FOSS users are upset.

Learn more at cyberciti.biz
Curated by Tony Kelly

Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style

On December 9, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery (CSRF) to Stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites.

Learn more at wordfence.com
Curated by Ross Moore

How to decrypt files encrypted by Fonix

The authors of Fonix ransomware published the master key, so we released a tool to decrypt files.

Learn more at kaspersky.com
Curated by Tony Kelly

Evading Antivirus with Encrypted Payloads using Venom

Venom uses Msfvenom from Metasploit to generate shellcode in different formats such as "c", "python", "ruby", "dll", "msi", "hta-psh" to inject the shellcode generated into one template and work with encrypted payloads.

Learn more at neoslab.com
Curated by Tony Kelly

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

We observed an exploit of the WordPress File Manager RCE vulnerability CVE-2020-25213, which was used to install Kinsing, a malicious cryptominer.

Learn more at paloaltonetworks.com
Curated by Andy74

Events

Out in the Wild: How OSINT Supports Proactive Defense

Thursday, February 11th | 12:45 - 1:30 PM EST

In the SOC, defenders are often true to their name-playing defense to manage detections, assess risk, and protect the network from an ever-evolving barrage of threats. However, attacks don't start with alerts-they start with the infrastructure that attackers set up to deliver the attack. Proactive open-source investigations and external hunting practices can help shift your security posture from reactive to proactive.

Learn how you can use real-world attacks and open-source data to:

• Identify high-risk infrastructure associated with threat actor activity
• Rapidly investigate infrastructure associations to identify patterns and TTPs, and
• Create profiles that you can use to hunt externally for threats relevant to your organization-moving left in attack detection by finding threats before they find you

Learn more at sans.org
Curated by Miguel Calles

Open-Source Intelligence (OSINT) Summit | SANS Cyber Security and OSINT Training

Summit: February 11-12 | Training: February 8-10 & 15-20

The OSINT Summit & Training will bring together leading security practitioners and investigators to share proven techniques and tools that can be applied to OSINT gathering and analysis. Learn how to collect information across the Internet, analyze the results, and utilize key data to reach your objectives.

Learn more at sans.org
Curated by Sinwindie