INFOSEC

Secjuice Squeeze 64

Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.

Gurkirat Singh, Prasanna, Tony Kelly, Nishith K, Andy74, Ross Moore

May 16, 2021 • 5 min read

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Gurkirat Singh, Prasanna, Tony Kelly, Andy74, Nishith K, Ross Moore, Mars Groves.

In this edition, we have news articles, blog posts, and learning.

News

Russian state hackers switch targets after US joint advisories

Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.

Criminal group originating from Russia believed to be behind pipeline cyberattack

A criminal group originating from Russia named "DarkSide" is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official.

AirTag hacked for the first time by security researcher [Video]

A German security researcher was able to hack the AirTag, modifying its NFC URL for Lost Mode. Here's the video of the modified item tracker.

Learn more at 9to5mac.com

Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability

Flawed password reset system opened the door to full account takeover.

Google Patches 19 Vulnerabilities With Chrome 90 Update

Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.

GitHub shifts away from passwords with security key support for SSH Git operations

Support has been added to bolster defense against account compromise.

Experts warn of a new Android banking trojan stealing users' credentials

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.

Read more at thehackernews.com

SQL Injection Vulnerability In CleanTalk AntiSpam WordPress Plugin

Exploiting the time-based blind SQL injection vulnerability in CleanTalk AntiSpam plugin could allow stealing data from website's database.

Finance Giant Plaid Paid People $500 for Their Employer Payroll Logins

The offer was part of an internal test at Plaid. If people’s employers didn't provide permission, Plaid may run afoul of U.S. hacking laws.

Fake Android and iOS apps disguise as trading and cryptocurrency apps

Recently, we were tipped off to a fraudulent mobile trading application that masqueraded as one tied to a well-known Asia-based trading company. As we investigated, we uncovered several other count…

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft has released several updates to its Windows operating system that fix dozens of security flaws.

Read more at thehackernews.com

AWS configuration issues lead to exposure of 5 million records

Misconfigurations led to potential exposure of 5 million documents with PII and credit card transactions on more than 3,000 documents.

Insurance giant CNA fully restores systems after ransomware attack

Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations.

Apple's Find My network can be abused to leak secrets to the outside world via passing devices

You gotta work hard for those three-bytes-a-second transfers.

Microsoft: Threat actors target aviation orgs with new malware

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.

Microsoft fixes four critical vulnerabilities, none exploited in the wild

Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.

Read more at thehackernews.com

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Cybercriminals are distributing malicious web shells disguised as favicons in online shopping platforms.

Read more at thehackernews.com

FBI, CISA publish alert on DarkSide ransomware

The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Irish Healthcare Service Shuts Down IT Systems After Ransomware Attack

Hospitals canceled appointments and turned to paper and pen after the attack, which used Conti ransomware, shut down IT systems.

Trailer maker Utility targeted in ransomware attack

An apparent ransomware attack has targeted Utility Trailer Manufacturing, one of the largest U.S. manufacturers of trailers for commercial trucks.

Ransomware attack targets City of Tulsa, causing technical difficulties

The Communications Director for the City of Tulsa says the city is experiencing technical difficulties due to a ransomware attack.

Blogs

Rclone Wars: Transferring leverage in a ransomware attack

Defenders can sabotage double extortion ransomware schemes by detecting unusual file transfer utilities such as Mega and Rclone.

Foxit Patches Vulnerability Allowing Attackers to Execute Malware Via PDF Files

The Foxit Reader high-severity vulnerability allowed threat actors to execute arbitrary code via precise memory control.

The Need to Protect Public AWS SSM Documents - What the Research Shows

AWS Systems Manager automates operational tasks across AWS resources by creating SSM documents. The SSM documents, created in JSON or YAML, contain the operations that an AWS Systems Manager will perform on the cloud assets. By default, SSM documents are private, but can be configured to be shared with other AWS accounts or publicly.

CVE-2021-27075: Microsoft Azure Vulnerability

Vulnerability in Microsoft Azure VM Extension would allow privilege escalation and leak of private data.

Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware

The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users.

WiFi devices going back to 1997 vulnerable to new Frag Attacks

A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.

10 years of '10 Steps to Cyber Security'

The NCSC's landmark cyber security guidance refreshed ahead of its 10th anniversary.

Simple Data Exfiltration Through XSS

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Update your Dell devices now! SentinelLabs discover five high severity flaws in Dell firmware update driver impacting desktops, laptops, notebooks and more.

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator

FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc.

Learning

LTR101: Writing or Receiving Your First Pentest Report

ZeroSec Blog: Featuring Write-Ups, Projects & Andy Gill's Security Adventures.

Learn more at blog.zsec.uk