Secjuice Squeeze 56

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Sinwindie, Ross Moore, Prasanna, hatless1der, Alesanco, Muhammad Luqman, and Miguel Calles

In this edition, we have news articles, blog posts, and events.

News

Egregor ransomware operators arrested in Ukraine

Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.

Read more at zdnet.com
Curated by Tony Kelly

Is it time to ban ransomware insurance payments?

The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track?

Read more at computerweekly.com
Curated by Tony Kelly

Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises

VMware has patched a vulnerability in its vSphere Replication product that can facilitate attacks on enterprises.

Read more at securityweek.com
Curated by Andy74

Palo Alto firewall software vulnerability quartet revealed

Researchers unveil details of security flaws in enterprise firewall technology.

Read more at portswigger.net
Curated by Andy74

France identifies Russia-linked hackers in large cyberattack

Hackers breached software firm that listed Airbus, Orange and the French Ministry of Justice as its clients.

Read more at politico.eu
Curated by Sinwindie

Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack

As FireEye reveals how suspicious second phone signed up for 2FA gave the game away.

Read more at theregister.com
Curated by Ross Moore

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

A flaw in Telegram messaging app could have exposed users' secret messages, photos, and videos.

Read more at thehackernews.com
Curated by Andy74

Half of phishing attacks cause ransomware infections: report

Not only did bad actors ask for additional ransoms but more companies are also paying them.

Read more at cybersecuritydive.com
Curated by Ross Moore

CISA, FBI, and Treasury Expose Latest Tool in North Korea’s Cryptocurrency Theft Scheme: AppleJeus - Homeland Security Today

In most instances, the malicious application—seen on both Windows and Mac operating systems—appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it.

Read more at hstoday.us and us-cert.cisa.gov
Curated by Prasanna and hatless1der

14 million Amazon and eBay accounts sold online in new leak

The data of 14 million Amazon and eBay accounts are for sale on a popular hacking forum, for accounts active from 2014-2021 in 18 countries.

Read more at cybernews.com
Curated by Andy74

Three New Vulnerabilities Patched in OpenSSL

OpenSSL updates patch three vulnerabilities, including two DoS flaws and one incorrect SSL rollback protection issue.

Read more at securityweek.com
Curated by Andy74

Misconfigured Baby Monitors Allow Unauthorized Viewing

Hundreds of thousands of individuals are potentially affected by this vulnerability.

Read more at threatpost.com
Curated by Andy74

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

A vulnerability in a popular video calling software development kit (SDK) could have allowed attackers to spy on video and audio calls.

Read more at thehackernews.com
Curated by Andy74

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites.

Read more at thehackernews.com
Curated by Andy74

The M1 Malware Has Arrived

Now that Apple has officially begun the transition to Apple Silicon, so has malware.

Read more at gizmodo.com
Curated by Sinwindie

Discord: A New Paradise for Cybercrime

In a new report, Zscaler revealed the widespread use of Discord to host multiple payloads, including the Epsilon ransomware, Redline stealer, XMRig miner, and Discord token grabbers.

Read more at cyware.com
Curated by Andy74

Ninja Forms WordPress Plugin Opens Websites to Hacks

The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.

Read more at threatpost.com
Curated by Andy74

Tracker pixels in emails are now an ‘endemic’ privacy concern

Critics suggest the practice is marketing gone too far.

Read more at zdnet.com
Curated by Andy74

Jamaica’s immigration website exposed thousands of travelers’ data

Exclusive: Months of immigration documents and COVID-19 lab results were left on an unprotected server.

Read more at techcrunch.com
Curated by Tony Kelly and Prasanna

Hackers target Myanmar government websites in coup protest

Hackers attacked military-run government websites in Myanmar on Thursday as a cyber war erupted after authorities shut down the internet for a fourth straight night.

Read more at bangkokpost.com
Curated by Sinwindie

US charges two more members of the 'Lazarus' North Korean hacking group

The US DOJ described the North Korean hackers as "the world's leading bank robbers" and "a criminal syndicate with a flag."

Read more at zdnet.com
Curated by Sinwindie

Malaysia arrests 11 suspects for hacking government sites

A similar government website defacement campaign is also taking place this week in Myanmar, in support of the country's jailed elected leader.

Read more at zdnet.com
Curated by Sinwindie

Dutch police post 'friendly' warnings on hacking forums

Dutch police: "Hosting criminal infrastructure in The Netherlands is a lost cause."

Read more at zdnet.com
Curated by Sinwindie

France Ties Russia's Sandworm to a Multiyear Hacking Spree

A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.

Read more at wired.com
Curated by Sinwindie

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites.

Read more at thehackernews.com
Curated by Andy74

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

A new hack lets criminals bypass PIN for a Mastercard contactless card by tricking terminals into believing it to be a Visa card.

Read more at thehackernews.com
Curated by Andy74

White House now says 100 companies hit by SolarWinds hack, but more may be impacted

The attack is ‘likely of Russian origin.’

Read more at theverge.com
Curated by Muhammad Luqman

US announces charges against North Korean hackers for sweeping hacking scheme

DOJ expands its Sony Pictures hacking case.

Read more at theverge.com
Curated by Muhammad Luqman

Blogs

Let’s Encrypt completes huge upgrade, can now rip and replace 200 million security certs in ‘worst case scenario’

In brief Internet Security Research Group nonprofit Let’s Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours.

Read more at threatshub.org
Curated by Ross Moore

A warning to users of NurseryCam

This blog post is intended for a less technical audience – specifically parents and nurseries using the NurseryCam system.

Read more at cybergibbons.com
Curated by Tony Kelly

Endpoint Detection and Response: How Hackers Have Evolved

This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.

Read more at optiv.com
Curated by Tony Kelly

Here’s Why Quantum Computing Will Not Break Cryptocurrencies

Quantum computing isn't going to suddenly end the security of cryptocurrencies and bitcoin. Here's why.

Read more at forbes.com
Curated by Alesanco

Shining some light on Solarwinds and ICS

This blog discusses the Solarwinds breach and its impact on industrial control systems (ICS).

Read more at sans.org
Curated by Miguel Calles

Events

Cyber42 Game Day:  Vulnerability Management Simulation

Tuesday, February 23, 2021 at 10:30 AM EST (2021-02-23 15:30:00 UTC)

In this special session you will play to win the Cyber42 Vulnerability Management Simulation! In this 90-minute Game Day you will play as part of a team to improve the state of a fictional organization and more effectively handle the vulnerability management.

Register at sans.org
Curated by Miguel Calles

Think Red, Act Blue - Hacking Proprietary Protocols

Tuesday, February 23, 2021 at 10:30 AM EST (2021-02-23 15:30:00 UTC)

In this webinar, Douglas McKee and Ismael Valenzuela, using their combined 30 years of experience in cybersecurity, will walk through how an adversary can dissect and understand proprietary protocols on your network to find vulnerabilities or leak sensitive information.

Register at sans.org
Curated by Miguel Calles