Secjuice Squeeze 58

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Prasanna, Ross Moore, Andy74, Miguel Calles, Sinwindie, Alesanco.

In this edition, we have news articles, blog posts, and learning.

News

DDoS attack takes down EXMO cryptocurrency exchange servers

The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack.

Learn more at bleepingcomputer.com
Curated by Tony Kelly

China Appears to Warn India: Push Too Hard and the Lights Could Go Out

As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.

Learn more at nytimes.com
Curated by Prasanna

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Prolific Ryuk ransomware has a new trick up its sleeve. The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network.

Learn more at inforisktoday.com
Curated by Andy74

LastPass Android App Has Seven Trackers That Chase Users On Web

LastPass has no idea what these trackers in the Android app do. They emphasize the app shares no data with third-parties.

Learn more at latesthackingnews.com
Curated by Andy74

Malicious NPM packages target Amazon, Slack with new dependency attacks

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.

Learn more at bleepingcomputer.com
Curated by Miguel Calles

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month.

Learn more at therecord.media
Curated by Ross Moore

European e-ticketing platform Ticketcounter extorted in data breach

A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.

Learn more at bleepingcomputer.com
Curated by Andy74

Hackers release a new jailbreak tool for almost every iPhone

The jailbreak group said it used its "own exploit" for a vulnerability that Apple said was "actively exploited" by hackers.

Learn more at techcrunch.com
Curated by Andy74

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.

Learn more at thehackernews.com
Curated by Andy74

Cybersecurity firm Qualys likely latest victim of Accellion hacks

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.

Learn more at bleepingcomputer.com
Curated by Prasanna

Right to repair moves forward for your broken devices. But campaigners want to go much further

New rules mean certain electrical goods sold in Europe need to be repairable for at least 10 years. But smartphone and laptop owners can't celebrate just yet.

Learn more at techrepublic.com
Curated by Sinwindie

Cryptocurrency Fraudster Pleads Guilty to Securities Fraud and Money Laundering Charges in Multi-Million Dollar Investment Scheme

A citizen of Sweden pleaded guilty to securities fraud, wire fraud, and money laundering charges that defrauded more than 3,500 victims of more than $16 million.

Learn more at justice.gov
Curated by Sinwindie

AdGuard names 6,000+ web trackers that use CNAME chicanery: Feel free to feed them into your browser's filter

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's (first-party) domain and tracking scripts on that site that call a server on an advertiser's (third-party) domain. Such domain cloaking – obscuring who controls a domain – undoes privacy defenses, like the blocking of third-party cookies, by making third-party assets look like they're associated with the first-party domain.

Learn more at theregister.com
Curated by Ross Moore

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)

The vulnerabilities (CVE-2021-26708) could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.

Learn more at helpnetsecurity.com
Curated by Andy74

Cyberattack shuts down online learning at 15 UK schools

The cyberattack also took email, phone, and website communication offline.

Learn more at zdnet.com
Curated by Andy74

Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.

Learn more at wired.com
Curated by Sinwindie

New ransomware only decrypts victims who join their Discord server

A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.

Learn more at bleepingcomputer.com
Curated by Andy74

Phishing Attack Uses Fake Google reCAPTCHA

A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zscaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.

Learn more at inforisktoday.com
Curated by Andy74

Samsung fixes critical Android bugs in March 2021 updates

This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

Learn more at bleepingcomputer.com
Curated by Andy74

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel in Intel Coffee Lake and Skylake processors.

Learn more at thehackernews.com
Curated by Andy74

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Recent flaw in Microsoft Exchange servers believed to have infected tens of thousands of businesses, government entities.

Learn more at thehackernews.com
Curated by Andy74

Brit cybercops issue tender to rip and replace their formerly flaw-ridden CyberAlarm tool

Police have issued a tender to replace their CyberAlarm tool following reporting by The Register and infosec researchers revealing security flaws in the logging software.

Learn more at theregister.com
Curated by Tony Kelly

GitHub Informs Users of 'Potentially Serious' Authentication Bug | SecurityWeek.Com

GitHub informs users about an “extremely rare but potentially serious” security bug related to the handling of authenticated sessions.

Learn more at securityweek.com
Curated by Andy74

Lawmakers introduce legislation to allow Americans to take foreign hackers to court

A group of bipartisan House lawmakers on Monday introduced legislation that would allow Americans to hold foreign governments and their employees accountable in court for malicious cyber activity.

Learn more at thehill.com
Curated by Andy74

Flaws in Apple Location Tracking System Could Lead to User Identification

An adversary could perform a location correlation attack and access location history, thus de-anonymizing users.

Learn more at securityweek.com
Curated by Andy74

Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild

A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.

Learn more at securityweek.com
Curated by Andy74

Researchers Unveil New Linux Malware Linked to Chinese Hackers

A new sophisticated backdoor, RedXOR, targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.

Learn more at thehackernews.com
Curated by Andy74

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.

Learn more at thehackernews.com
Curated by Andy74

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft releases security patches for 89 flaws as part of its Patch Tuesday updates, including fixes for an actively exploited zero-day flaws.

Learn more at thehackernews.com
Curated by Andy74

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals.

Learn more at thehackernews.com
Curated by Andy74

Fixing the Weakest Link — The Passwords — in Cybersecurity Today

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations.

Learn more at thehackernews.com
Curated by Andy74

Microsoft Exchange Server Exploit Code Posted to GitHub

Exploit code for two Microsoft Exchange Server vulnerabilities under attack was published to GitHub earlier today. The Microsoft-owned platform quickly took down the proof-of-concept (PoC).

Learn more at darkreading.com
Curated by Andy74

Microsoft Exchange Servers Face APT Attack Tsunami

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers.

Learn more at threatpost.com
Curated by Tony Kelly

The UK is secretly testing a controversial web snooping tool

For the last two years police and internet companies across the UK have been quietly building and testing surveillance technology that could log and store the web browsing of every single person in the country.

Learn more at wired.co.uk
Curated by Tony Kelly

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days.

Learn more at threatpost.com
Curated by Andy74

Researchers Spotted Malware Written in Nim Programming Language

Cybersecurity researchers have unwrapped a campaign distributing a new malware written in Nim programming language.

Learn more at thehackernews.com
Curated by Andy74

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

Cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."

Learn more at thehackernews.com
Curated by Andy74

Blogs

Digging for files with Velociraptor

One of the most common questions in digital forensics is: Is a file with a specific filename currently present on this system or was it in the past?

Read more at medium.com
Curated by Tony Kelly

Ransomware: Beware of 13 Tactics, Tools and Procedures

Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. So, defenders across every type of targeted organization - including government agencies and private businesses - would do well to have more effective defenses in place.

Read more at databreachtoday.com
Curated by Ross Moore

Botnet Abusing Bitcoin Blockchain To Evade Detection

Akamai has published new research explaining techniques used by the operators of a cryptocurrency mining botnet campaign to evade detection in which cybercriminals are abusing Bitcoin transactions to carry out illegal crypto mining operations while staying under the radar.

Learn more at hackread.com
Curated by Andy74

PyPI and npm Flooded with over 5,000 Dependency Confusion Copycats

Both PyPi and npm are being inundated with malicious dependency confusion packages.

Learn more at blog.sonatype.com
Curated by Miguel Calles

I see you: your home-working photos reveal more than you think!

Beware of sensitive data lurking in the background of your video calls and social pictures.

Learn more at nakedsecurity.sophos.com
Curated by Sinwindie

Three Top Russian Cybercrime Forums Hacked

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.

Learn more at krebsonsecurity.com
Curated by Sinwindie

Zero-day vulnerabilities in Microsoft Exchange Server

The four vulnerabilities inside Microsoft Exchange Server allow an attacker to gain access to all registered email accounts, or to execute arbitrary code (RCE) within the Exchange Server context.

Learn more at securelist.com
Curated by Alesanco

Learning

Incident Response Series: Collecting And Analyzing Logs In Azure Ad

Today, I’m going to start my incident response series. Where I will focus on Azure Active Directory and Office 365. What are the steps, that we have to take when doing an IR engagement in a Cloud environment?

Learn more at m365internals.com
Curated by Tony Kelly

Creating a Red & Blue Team Homelab

Over the years of penetration testing, red teaming, and teaching, I (and I’m sure a lot of others) are often asked how to get started in infosec. More specifically, how to become a pentester/red teamer or threat hunter/blue teamer. One of the things I always recommend is to build out a lab so you can test TTPs (techniques, tactics, procedures) and generate IOCs (indicators of compromise) so that you can understand how an attack works and what noise it generates, with the aim of being either to detect that attack or modify it so it’s harder to detect.

Learn more at hausec.com
Curated by Tony Kelly

Guide To Using Reverse Image Search For Investigations

Reverse image search is one of the most well-known and easiest digital investigative techniques, with two-click functionality of choosing “Search Google for image” in many web browsers. This method has also seen widespread use in popular culture, perhaps most notably in the MTV show Catfish, which exposes people in online relationships who use stolen photographs on their social media.

Learn more at bellingcat.com
Curated by Tony Kelly