Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Sinwindie, Andy74, Prasanna, Devesh Chande, Guise Bule and Gurkirat Singh.

In this edition, we have news articles, blog posts, and learning.

News

Spy Operations Target Vietnam with Sophisticated RAT

Researchers said the FoundCore malware represents a big step forward when it comes to evasion.

Read more at threatpost.com
Curated by Tony Kelly

Nearly 500 million LinkedIn users' details posted for sale online

The hacker included 2 million records as proof that they have what they claim.

Read more at computing.co.uk
Curated by Ross Moore

Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France

Tracking ID placed on mobile device without informed consent, says campaign group.

Read more at theregister.com
Curated by Ross Moore

Dark web hitman identified through crypto-analysis

Europol supported the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) in arresting an Italian national suspected of hiring a hitman on the dark web. The hitman, hired through an internet assassination website hosted on the TOR network, was payed about €10 000 worth in Bitcoins to kill the ex-girlfriend of the suspect.

Read more at europol.europa.eu
Curated by Sinwindie

There's Another Facebook Phone Number Database Online

Analysis by Motherboard and a security researcher indicate the database is separate from the recently reported cache of 500 million accounts.

Read more at vice.com
Curated by Tony Kelly

Everyone's favorite remote browser isolation startup WEBGAP recently unveiled a new logo based on the scientific neutral gap sign, check it out!

Read more on Twitter.
Curated by Guise Bule

Mozilla flooded with requests after Apple privacy changes hit Facebook

Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL)  due to recent privacy changes brought forth by Apple's iOS 14.5.

Read more at bleepingcomputer.com
Curated by Tony Kelly

Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.

Read more at bleepingcomputer.com and thehackernews.com
Curated by Tony Kelly and Andy74

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

Exploit Released For Unpatched RCE Bug Affecting Chrome, Opera, and Brave Browsers.

Read more at thehackernews.com
Curated by Andy74

New DNS vulnerabilities have the potential to impact millions of devices

Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK.

Read more at helpnetsecurity.com
Curated by Andy74

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors.

Read more at securelist.com
Curated by Tony Kelly

FBI nuked web shells from hacked Exchange Servers without telling owners

A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners.

Learn more at bleepingcomputer.com
Curated by Prasanna

100,000 Google Sites Used to Install SolarMarket RAT

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

Learn more at threatpost.com
Curated by Prasanna

Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.

Learn more at bleepingcomputer.com
Curated by Andy74

New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

This new WhatsApp bug could have allowed attackers to hack into your phone remotely.

Learn more at thehackernews.com and welivesecurity.com
Curated by Andy74

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Hackers can now use a JavaScript exploit to trigger Rowhammer attacks remotely on modern DDR4 RAM cards.

Learn more at thehackernews.com
Curated by Andy74

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

Hackers Flood the Internet With 100,000 Malicious PDF Documents.

Learn more at thehackernews.com
Curated by Andy74

LinkedIn Data Leak: Hundreds of Thousands of Spam Emails Flood...

Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads.

Learn more at hotforsecurity.bitdefender.com
Curated by Andy74

Security Bug Allows Attackers to Brick Kubernetes Clusters

The vulnerability is triggered when a cloud container pulls a malicious image from a registry.

Learn more at threatpost.com
Curated by Andy74

Multiple one-click vulnerabilities have been discovered across a variety of popular software applications.

Learn more at thehackernews.com
Curated by Andy74

Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever

A gang nicknamed Cl0p, FIN11, and TA505 has been hacking and extorting hundreds of companies for years.

Learn more at vice.com
Curated by Tony Kelly

High-Level Organizer of Notorious Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards

A Ukrainian national was sentenced today in the Western District of Washington to 10 years in prison for his high-level role in the criminal work of the hacking group FIN7.

Learn more at justice.gov
Curated by Devesh Chande


Blogs

Clop Ransomware operators plunder US universities

Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California.

Read more at securityaffairs.co
Curated by Tony Kelly

How ransomware gangs are connected, sharing resources and tactics

New research by Analyst1 sheds light on the cooperation between some of the ransomware gangs dominating the cybersecurity news.

Read more at blog.malwarebytes.com
Curated by Tony Kelly

Why some jobseekers have turned to cyber crime during the pandemic

Research shows that many people have been seeking cyber crime-related work on the dark web, but why?

Read more at computerweekly.com
Curated by Tony Kelly

The Power of Being a Misfit: Speaking with Fredrik Alexandersson STÖK

Candid interview with STÖK about expressing creativity through different outlets, power of being a misfit and about what is behind his success as one of the biggest cybersecurity influencers.

Read more at securitytrails.com
Curated by Tony Kelly

New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)

CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry.

Learn more at unit42.paloaltonetworks.com
Curated by Andy74

Airstrike Attack - FDE bypass and EoP on domain joined Windows workstations (CVE-2021-28316)

By default, domain joined Windows workstations allow access to the network selection UI from the lock screen.

Learn more at shenaniganslabs.io
Curated by Tony Kelly

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)

In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard).

Learn more at census-labs.com
Curated by Gurkirat Singh


Learning

Wireshark Tutorial: Identifying Hancitor, Followup Malware

Learn how to examine activity from Hancitor infections with Wireshark and get tips on identifying Hancitor and its followup malware.

Learn more at unit42.paloaltonetworks.com
Curated by Tony Kelly

Digital Forensics, Incident Response, OSINT, Malware Analysis, Reverse Engineering, Cybersecurity, Linux, Networking, Programming, Cloud, CTFs.

Learn more at freetraining.dfirdiva.com
Curated by Tony Kelly

List of Vulnerable Apps

Learn more at cloudsecwiki.com
Curated by Tony Kelly

Welcome to the Blue Teaming Free Training

Learn more at blueteamsacademy.com
Curated by Tony Kelly

List of Metasploit Linux Exploits (Detailed Spreadsheet)

List of all 570+ Metasploit Linux exploits in an interactive spreadsheet allowing you to search by affected product, CVEs or do pattern filtering.

Learn more at infosecmatter.com
Curated by Tony Kelly

Reverse Shell Generator

Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.

Learn more at revshells.com
Curated by Tony Kelly

The awesome image used in this article was created by Ayman Abbas.