Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Ross Moore, Tony Kelly, Miguel Calles, Andy74, Muhammad Luqman, Prasanna, Sinwindie, discreti, Alesanco, and hatless1der.
In this edition, we have news articles, blog posts, and tools.
China Hijacked an NSA Hacking Tool—and Used It for Years
The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.
Web hosting provider shuts down after cyberattack
Two other UK web hosting providers also suffered similar hacks over the weekend, although it's unconfirmed if the attacks are related.
Server "fault" at online casino 32Red exposes partial customer card details
A server “fault” at online casino 32Red meant some of its customers were able to view other customers’ account balance and partial card details.
Nearly 30,000 Macs reportedly infected with mysterious malware
Nearly 30,000 Macs worldwide have been infected with mysterious malware, according to researchers at security firm Red Canary.
Remote Work May Transform Higher Education. But Will Printers and Alexa Undermine Its Privacy?
An “uber trend” of remote work for higher education information security is coming, at a time when more connections are being forged between higher ed and other state data. Plus: printers, smart speakers and privacy (oh my!).
Virtual passport app presents real data risk, experts warn
Canadian privacy experts are concerned the federal government's plan to develop an online passport application process could put personal information at risk and open a new angle of attack for fraudsters.
Experts Find a Way to Learn What You're Typing During Video Calls
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed.
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems.
Twitter removes accounts of Russian government-backed actors
Twitter has removed dozens of accounts connected to Russian government-backed actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance.
Hackers Tied to Russia's GRU Targeted the US Grid for Years
A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos.
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
Whistleblowers say they were forced out after flagging problems with e-commerce giant’s data security and compliance.
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
A new Chinese hacking attack aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.
Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance
A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data.
How Hackers Exploit Struts2 on Linux and Windows Servers
The Jakarta Multipart Parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 126.96.36.199 has incorrect exception handling and error-message generation during file-upload attempts.
Caught by a CAPTCHA?
Be aware of being involved in malicious CAPTCHA solving.
Be on the Watch for W-2 Phishing Scams!
With tax season just around the corner, this simple, yet effective social engineering theme is perfect to get users to respond to phishing attacks exactly the way the bad guys want.
CyberheistNews Vol 11 #08 [Eye Opener] Major Video Game Maker Refuses to Negotiate With Ransomware Cyber Criminals
Video game studio CD Projekt Red, makers of The Witcher series and Cyberpunk 2077, have disclosed a ransomware attack, WIRED reports.
Physical cyber threats: What do criminals leave when they break in?
While orgs continued to fortify their networks against remote invaders, most have overlooked potential cyber threats from physical intruders.
I’m an ethical hacker. Here’s how I could use social media to scam you.
Be careful about what you’re oversharing online, because it makes it easier for (unethical) hackers to target you.
Popular Node.js package vulnerable to command injection attacks
Developer of ‘systeminformation’ library addresses moderate severity flaw in security update.
Part of Github Just Went Private
Social Networks want to be found, so they make some information – most notably, profiles – public, visible to search engines.
Who's hacking your smart home?
What can the average user do to secure their smart gadgets from attacks by cybercriminals?
CISOs report that ransomware is now the biggest cybersecurity concern in 2021
This blog was written by an independent guest blogger. As the number of remote working arrangements rose substantially in the last year, cybercriminals were quick to take advantage of these new opportunities. Spam and phishing emails increased in number even more rapidly than telecommuting, and company cybersecurity officers found themselves struggling to keep up. Phishing emails often came with a sinister sidekick - a ransomware attack.
FalconFriday — Recognizing Beaconing Traffic
In today’s edition, we’ll share a method of detecting beaconing C&C traffic from large data sets of proxy traffic.
Web Application Testing: An Essential Component of Red Team Activities
Web application vulnerabilities are a significant consequence of our current digital ecosystem. Check out CBI's ATS Team Technical Brief.
SpiderFoot: OSINT Automation
Automate your OSINT for better reconnaissance, investigations and perimeter monitoring. Open source or SpiderFoot HX.