Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Sinwindie, Andy74, Prasanna, Devesh Chande, Guise Bule and Gurkirat Singh.
In this edition, we have news articles, blog posts, and learning.
Spy Operations Target Vietnam with Sophisticated RAT
Researchers said the FoundCore malware represents a big step forward when it comes to evasion.
Nearly 500 million LinkedIn users' details posted for sale online
The hacker included 2 million records as proof that they have what they claim.
Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France
Tracking ID placed on mobile device without informed consent, says campaign group.
Dark web hitman identified through crypto-analysis
Europol supported the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) in arresting an Italian national suspected of hiring a hitman on the dark web. The hitman, hired through an internet assassination website hosted on the TOR network, was payed about €10 000 worth in Bitcoins to kill the ex-girlfriend of the suspect.
There's Another Facebook Phone Number Database Online
Analysis by Motherboard and a security researcher indicate the database is separate from the recently reported cache of 500 million accounts.
WEBGAP Announces A Sweet New Logo
Everyone's favorite remote browser isolation startup WEBGAP recently unveiled a new logo based on the scientific neutral gap sign, check it out!
Mozilla flooded with requests after Apple privacy changes hit Facebook
Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL) due to recent privacy changes brought forth by Apple's iOS 14.5.
Attackers deliver legal threats, IcedID malware via contact forms
Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
Exploit Released For Unpatched RCE Bug Affecting Chrome, Opera, and Brave Browsers.
New DNS vulnerabilities have the potential to impact millions of devices
Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK.
Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors.
FBI nuked web shells from hacked Exchange Servers without telling owners
A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners.
100,000 Google Sites Used to Install SolarMarket RAT
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
Capcom: Ransomware gang used old VPN device to breach the network
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.
New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely
This new WhatsApp bug could have allowed attackers to hack into your phone remotely.
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Hackers Flood the Internet With 100,000 Malicious PDF Documents.
LinkedIn Data Leak: Hundreds of Thousands of Spam Emails Flood...
Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads.
Security Bug Allows Attackers to Brick Kubernetes Clusters
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications.
Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever
A gang nicknamed Cl0p, FIN11, and TA505 has been hacking and extorting hundreds of companies for years.
High-Level Organizer of Notorious Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards
A Ukrainian national was sentenced today in the Western District of Washington to 10 years in prison for his high-level role in the criminal work of the hacking group FIN7.
Clop Ransomware operators plunder US universities
Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California.
How ransomware gangs are connected, sharing resources and tactics
New research by Analyst1 sheds light on the cooperation between some of the ransomware gangs dominating the cybersecurity news.
Why some jobseekers have turned to cyber crime during the pandemic
Research shows that many people have been seeking cyber crime-related work on the dark web, but why?
The Power of Being a Misfit: Speaking with Fredrik Alexandersson STÖK
Candid interview with STÖK about expressing creativity through different outlets, power of being a misfit and about what is behind his success as one of the biggest cybersecurity influencers.
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)
CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry.
Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)
By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard).
Wireshark Tutorial: Identifying Hancitor, Followup Malware
Learn how to examine activity from Hancitor infections with Wireshark and get tips on identifying Hancitor and its followup malware.
Free DFIR Related Training
Digital Forensics, Incident Response, OSINT, Malware Analysis, Reverse Engineering, Cybersecurity, Linux, Networking, Programming, Cloud, CTFs.
List of Vulnerable Apps
Welcome to the Blue Teaming Free Training
List of Metasploit Linux Exploits (Detailed Spreadsheet)
List of all 570+ Metasploit Linux exploits in an interactive spreadsheet allowing you to search by affected product, CVEs or do pattern filtering.
Reverse Shell Generator
Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.