Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Andy74, Tony Kelly, Prasanna, Ross Moore.

In this edition, we have news articles, blog posts, and learning.

News

Critical code execution vulnerability fixed in Adobe ColdFusion

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.

Read more at bleepingcomputer.com
Curated by Andy74

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

Critical RCE Vulnerability Found in Apache OFBiz Enterprise Resource Planning (ERP) system.

Read more at thehackernews.com
Curated by Andy74

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers.

Read more at thehackernews.com
Curated by Andy74

Multiple Bugs In TikTok Android App Could Allow 1-Click RCE Attacks

An attacker could chain the bugs while exploiting to achieve 1-click RCE in TikTok Android app. TikTok deployed the fixes for it.

Read more at latesthackingnews.com
Curated by Andy74

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts.

Read more at theregister.com
Curated by Tony Kelly

Ransomwared Bank Tells Customers It Lost Their SSNs

A data breach that already hit bank employees just got much worse.

Read more at www.vice.com
Curated by Andy74

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks.

Read more at thehackernews.com
Curated by Andy74

CNA insurance firm hit by a cyberattack, operations impacted

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.

Read more at bleepingcomputer.com
Curated by Prasanna

Microsoft Exchange servers now targeted by Black Kingdom ransomware

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

Read more at bleepingcomputer.com
Curated by Tony Kelly

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.

Read more at threatpost.com
Curated by Tony Kelly

Purple Fox malware worms its way into exposed Windows systems

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks.

Read more at bleepingcomputer.com and itpro.co.uk
Curated by Andy74 and Tony Kelly

Hobby Lobby exposes of 138GB of customer and payment data

American arts and crafts giant Hobby Lobby has exposed a large amount of customer data, including names, phone numbers, physical and email addresses, and the last four digits of payment cards, and the source code for the company's app, according to a security researcher known as boogeyman, who discovered the leak.

Read more at securitymagazine.com
Curated by Andy74

Hackers Target Russian Cybercrime Forums

Maza becomes latest Russian cybercrime forum to be hacked.

Read more at infosecurity-magazine.com
Curated by Tony Kelly

CNA insurance firm hit by a cyberattack, operations impacted

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.

Read more at bleepingcomputer.com
Curated by Tony Kelly

Microsoft fixes Windows PSExec privilege elevation vulnerability

Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices.

Read more at bleepingcomputer.com
Curated by Andy74

REvil Ransomware Can Now Reboot Infected Devices

The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.

Read more at govinfosecurity.com
Curated by Andy74

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.

Read more at thehackernews.com
Curated by Andy74

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS.

Read more at thehackernews.com
Curated by Andy74

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.

Read more at bleepingcomputer.com
Curated by Tony Kelly

Critical netmask networking bug impacts thousands of applications

Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads.

Read more at bleepingcomputer.com
Curated by Ross Moore

Suez Canal: Satellite Clues on a Stricken Cargo Ship

At 400m, the Ever Given is hard to miss. That makes satellite imagery ideal in understanding more about the cargo ship's predicament.

Read more at bellingcat.com
Curated by Tony Kelly

Misconfiguration Resulted in Exposure of the PHI of 65,000 Mobile Anesthesiologists Patients

Mobile Anesthesiologists, Haven Behavioral Healthcare, and Heart of Texas Community Health Center have announced breaches of patient data.

Read more at hipaajournal.com
Curated by Ross Moore

MobiKwik investigating data breach after 100M user records found online

TechCrunch has learned that MobiKwik asked Amazon for logs last month after it found user data had been exfiltrated.

Read more at techcrunch.com
Curated by Tony Kelly

Open Threat Exchange

Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's latest threats.

Read more at otx.alienvault.com
Curated by Ross Moore

US DOJ: Phishing attacks use vaccine surveys to steal personal info

The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.

Read more at bleepingcomputer.com
Curated by Prasanna

533 million Facebook users’ phone numbers leaked on hacker forum

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.

Read more at bleepingcomputer.com
Curated by Tony Kelly

Blogs

Resident Evil 8 just the latest game plagued by fake demos and early access scams

There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts?

Read more at blog.malwarebytes.com
Curated by Andy74

A passport to freedom? Fake COVID-19 test results and vaccination certificates offered on Darknet and hacking forums

Check Point Research highlights new trend of forged negative COVID-19 test results and fake vaccine certificates offered on the Darknet and various hacking forums for people seeking to board flights, cross borders, attend events or start new jobs.

Read more at blog.checkpoint.com
Curated by Andy74

We're open sourcing Protocol Fuzzer Community Edition!

GitLab is releasing an open source protocol fuzz testing repository.

Read more at about.gitlab.com
Curated by Ross Moore

Second independent audit of SecureDrop Workstation completed

We are pleased to announce that Trail of Bits has completed the second independent audit of the SecureDrop Workstation, directly funded by The New York Times.

Read more at securedrop.org
Curated by Tony Kelly

SAML Raider Release 1.4.0

SAML Raider [0] is a Burp Suite [1] extension for testing SAML infrastructures. The last two releases contain several new features. This blog post describes the most important changes.

Read more at blog.compass-security.com
Curated by Tony Kelly

Hidden OAuth attack vectors

The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, and more. In this post, however, we're going to present three brand new OAuth2 and OpenID Connect vulnerabilities: "Dynamic Client Registration: SSRF by design", "redirect_uri Session Poisoning", and "WebFinger User Enumeration". We'll go over the key concepts, demonstrate these attacks on two open-source OAuth servers (ForgeRock OpenAM and MITREid Connect), and provide some tips on how you can detect these vulnerabilities yourself.

Read more at portswigger.net
Curated by Tony Kelly

How I Found My First Ever ZeroDay (In RDP)

Up until recently, I’d never tried the bug hunting part of vulnerability research. I’ve been reverse engineering Windows malware for over a decade, and I’d done the occasional patch analysis, but I never saw a point in bug hunting on a major OS.

Read more at malwaretech.com
Curated by Tony Kelly

Update on campaign targeting security researchers

An update on a hacking campaign targeting security researchers.

Read more at blog.google
Curated by Tony Kelly

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

How attackers use the Background Intelligent Transfer Service (BITS), techniques for detecting attacker activity, and the public release of our BitParser tool.

Read more at fireeye.com
Curated by Tony Kelly

Hunting for Lateral Movement using Event Query Language

In this blog, we explore some examples of techniques and leverage the capabilities of Elastic’s Event Query Language (EQL) to design behavioral hunts and detections.

Learn more at elastic.co
Curated by Tony Kelly

39% of businesses suffered cyber attacks in the past year

Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the Cyber Security Breaches Survey 2021.

Learn more at itgovernance.co.uk
Curated by Tony Kelly

Learning

What is Footprinting and Website Reconnaissance

Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.

Learn more at neoslab.com
Curated by Tony Kelly

Microsoft Portals Site

An aggregation of all of the Microsoft Portals we could find.

Learn more at msportals.io
Curated by Tony Kelly

Getting Into Cyber Cheatsheet

This cheat sheet is designed to augment the aspiring cybersecurity professional and provide them with the tips, resources ,and advice needed to help improve their chances of finding a role in cybersecurity.

Learn more at noxcyber.co.uk
Curated by Tony Kelly

EZ Tools | Digital Forensics Tools from SANS

Learn to quickly identify and mitigate cyber threats with our open source "EZ Tools" an easy to use set of digital forensics tools provided by SANS and Eric Zimmerman. Our command line tools include an amcache.hve parser, jump list parser and registry viewer.

Learn more at digital-forensics.sans.org
Curated by Tony Kelly

The awesome image used in this article was created by Anna Petrakova.