Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Prasanna, Ross Moore, Andy74, Miguel Calles, Sinwindie, Alesanco.
In this edition, we have news articles, blog posts, and learning.
DDoS attack takes down EXMO cryptocurrency exchange servers
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack.
China Appears to Warn India: Push Too Hard and the Lights Could Go Out
As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.
Ryuk Ransomware Updated With 'Worm-Like Capabilities'
Prolific Ryuk ransomware has a new trick up its sleeve. The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network.
LastPass Android App Has Seven Trackers That Chase Users On Web
LastPass has no idea what these trackers in the Android app do. They emphasize the app shares no data with third-parties.
Malicious NPM packages target Amazon, Slack with new dependency attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.
First Fully Weaponized Spectre Exploit Discovered Online
A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month.
European e-ticketing platform Ticketcounter extorted in data breach
A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
Hackers release a new jailbreak tool for almost every iPhone
The jailbreak group said it used its "own exploit" for a vulnerability that Apple said was "actively exploited" by hackers.
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.
Cybersecurity firm Qualys likely latest victim of Accellion hacks
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.
Right to repair moves forward for your broken devices. But campaigners want to go much further
New rules mean certain electrical goods sold in Europe need to be repairable for at least 10 years. But smartphone and laptop owners can't celebrate just yet.
Cryptocurrency Fraudster Pleads Guilty to Securities Fraud and Money Laundering Charges in Multi-Million Dollar Investment Scheme
A citizen of Sweden pleaded guilty to securities fraud, wire fraud, and money laundering charges that defrauded more than 3,500 victims of more than $16 million.
AdGuard names 6,000+ web trackers that use CNAME chicanery: Feel free to feed them into your browser's filter
CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's (first-party) domain and tracking scripts on that site that call a server on an advertiser's (third-party) domain. Such domain cloaking – obscuring who controls a domain – undoes privacy defenses, like the blocking of third-party cookies, by making third-party assets look like they're associated with the first-party domain.
Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)
The vulnerabilities (CVE-2021-26708) could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.
Cyberattack shuts down online learning at 15 UK schools
The cyberattack also took email, phone, and website communication offline.
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
New ransomware only decrypts victims who join their Discord server
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.
Phishing Attack Uses Fake Google reCAPTCHA
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.
Samsung fixes critical Android bugs in March 2021 updates
This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel in Intel Coffee Lake and Skylake processors.
Microsoft Exchange Cyber Attack — What Do We Know So Far?
Recent flaw in Microsoft Exchange servers believed to have infected tens of thousands of businesses, government entities.
Brit cybercops issue tender to rip and replace their formerly flaw-ridden CyberAlarm tool
Police have issued a tender to replace their CyberAlarm tool following reporting by The Register and infosec researchers revealing security flaws in the logging software.
GitHub Informs Users of 'Potentially Serious' Authentication Bug | SecurityWeek.Com
GitHub informs users about an “extremely rare but potentially serious” security bug related to the handling of authenticated sessions.
Lawmakers introduce legislation to allow Americans to take foreign hackers to court
A group of bipartisan House lawmakers on Monday introduced legislation that would allow Americans to hold foreign governments and their employees accountable in court for malicious cyber activity.
Flaws in Apple Location Tracking System Could Lead to User Identification
An adversary could perform a location correlation attack and access location history, thus de-anonymizing users.
Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild
A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.
Researchers Unveil New Linux Malware Linked to Chinese Hackers
A new sophisticated backdoor, RedXOR, targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware
Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks
Microsoft releases security patches for 89 flaws as part of its Patch Tuesday updates, including fixes for an actively exploited zero-day flaws.
ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals.
Fixing the Weakest Link — The Passwords — in Cybersecurity Today
Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations.
Microsoft Exchange Server Exploit Code Posted to GitHub
Exploit code for two Microsoft Exchange Server vulnerabilities under attack was published to GitHub earlier today. The Microsoft-owned platform quickly took down the proof-of-concept (PoC).
Microsoft Exchange Servers Face APT Attack Tsunami
Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers.
The UK is secretly testing a controversial web snooping tool
For the last two years police and internet companies across the UK have been quietly building and testing surveillance technology that could log and store the web browsing of every single person in the country.
Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days.
Researchers Spotted Malware Written in Nim Programming Language
Cybersecurity researchers have unwrapped a campaign distributing a new malware written in Nim programming language.
Hackers Are Targeting Microsoft Exchange Servers With Ransomware
Cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."
Digging for files with Velociraptor
One of the most common questions in digital forensics is: Is a file with a specific filename currently present on this system or was it in the past?
Ransomware: Beware of 13 Tactics, Tools and Procedures
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. So, defenders across every type of targeted organization - including government agencies and private businesses - would do well to have more effective defenses in place.
Botnet Abusing Bitcoin Blockchain To Evade Detection
Akamai has published new research explaining techniques used by the operators of a cryptocurrency mining botnet campaign to evade detection in which cybercriminals are abusing Bitcoin transactions to carry out illegal crypto mining operations while staying under the radar.
PyPI and npm Flooded with over 5,000 Dependency Confusion Copycats
Both PyPi and npm are being inundated with malicious dependency confusion packages.
I see you: your home-working photos reveal more than you think!
Beware of sensitive data lurking in the background of your video calls and social pictures.
Three Top Russian Cybercrime Forums Hacked
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.
Zero-day vulnerabilities in Microsoft Exchange Server
The four vulnerabilities inside Microsoft Exchange Server allow an attacker to gain access to all registered email accounts, or to execute arbitrary code (RCE) within the Exchange Server context.
Incident Response Series: Collecting And Analyzing Logs In Azure Ad
Today, I’m going to start my incident response series. Where I will focus on Azure Active Directory and Office 365. What are the steps, that we have to take when doing an IR engagement in a Cloud environment?
Creating a Red & Blue Team Homelab
Over the years of penetration testing, red teaming, and teaching, I (and I’m sure a lot of others) are often asked how to get started in infosec. More specifically, how to become a pentester/red teamer or threat hunter/blue teamer. One of the things I always recommend is to build out a lab so you can test TTPs (techniques, tactics, procedures) and generate IOCs (indicators of compromise) so that you can understand how an attack works and what noise it generates, with the aim of being either to detect that attack or modify it so it’s harder to detect.
Guide To Using Reverse Image Search For Investigations
Reverse image search is one of the most well-known and easiest digital investigative techniques, with two-click functionality of choosing “Search Google for image” in many web browsers. This method has also seen widespread use in popular culture, perhaps most notably in the MTV show Catfish, which exposes people in online relationships who use stolen photographs on their social media.