Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Gurkirat Singh, Prasanna, Tony Kelly, Andy74, Nishith K, Ross Moore, Mars Groves.

In this edition, we have news articles, blog posts, and learning.

News

Russian state hackers switch targets after US joint advisories

Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.

Read more at bleepingcomputer.com

Criminal group originating from Russia believed to be behind pipeline cyberattack

A criminal group originating from Russia named "DarkSide" is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official.

Read more at cnn.com

AirTag hacked for the first time by security researcher [Video]

A German security researcher was able to hack the AirTag, modifying its NFC URL for Lost Mode. Here's the video of the modified item tracker.

Learn more at 9to5mac.com

Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability

Flawed password reset system opened the door to full account takeover.

Read more at portswigger.net

Google Patches 19 Vulnerabilities With Chrome 90 Update

Google this week announced yet another set of patches for Chrome, to address a total of 19 vulnerabilities affecting the web browser.

Read more at securityweek.com

GitHub shifts away from passwords with security key support for SSH Git operations

Support has been added to bolster defense against account compromise.

Read more at zdnet.com

Experts warn of a new Android banking trojan stealing users' credentials

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.

Read more at thehackernews.com

SQL Injection Vulnerability In CleanTalk AntiSpam WordPress Plugin

Exploiting the time-based blind SQL injection vulnerability in CleanTalk AntiSpam plugin could allow stealing data from website's database.

Read more at latesthackingnews.com

Finance Giant Plaid Paid People $500 for Their Employer Payroll Logins

The offer was part of an internal test at Plaid. If people’s employers didn't provide permission, Plaid may run afoul of U.S. hacking laws.

Read more at vice.com

Fake Android and iOS apps disguise as trading and cryptocurrency apps

Recently, we were tipped off to a fraudulent mobile trading application that masqueraded as one tied to a well-known Asia-based trading company. As we investigated, we uncovered several other count…

Read more at news.sophos.com

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.

Read more at securityweek.com

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft has released several updates to its Windows operating system that fix dozens of security flaws.

Read more at thehackernews.com

AWS configuration issues lead to exposure of 5 million records

Misconfigurations led to potential exposure of 5 million documents with PII and credit card transactions on more than 3,000 documents.

Read more at scmagazine.com

Insurance giant CNA fully restores systems after ransomware attack

Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations.

Read more at bleepingcomputer.com

Apple's Find My network can be abused to leak secrets to the outside world via passing devices

You gotta work hard for those three-bytes-a-second transfers.

Read more at theregister.com

Microsoft: Threat actors target aviation orgs with new malware

Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.

Read more at bleepingcomputer.com

Microsoft fixes four critical vulnerabilities, none exploited in the wild

Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.

Read more at scmagazine.com

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.

Read more at thehackernews.com

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Cybercriminals are distributing malicious web shells disguised as favicons in online shopping platforms.

Read more at thehackernews.com

FBI, CISA publish alert on DarkSide ransomware

The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Read more at zdnet.com

Irish Healthcare Service Shuts Down IT Systems After Ransomware Attack

Hospitals canceled appointments and turned to paper and pen after the attack, which used Conti ransomware, shut down IT systems.

Read more at wsj.com

Trailer maker Utility targeted in ransomware attack

An apparent ransomware attack has targeted Utility Trailer Manufacturing, one of the largest U.S. manufacturers of trailers for commercial trucks.

Read more at freightwaves.com

Ransomware attack targets City of Tulsa, causing technical difficulties

The Communications Director for the City of Tulsa says the city is experiencing technical difficulties due to a ransomware attack.

Read more at fox23.com


Blogs

Rclone Wars: Transferring leverage in a ransomware attack

Defenders can sabotage double extortion ransomware schemes by detecting unusual file transfer utilities such as Mega and Rclone.

Read more at redcanary.com

Foxit Patches Vulnerability Allowing Attackers to Execute Malware Via PDF Files

The Foxit Reader high-severity vulnerability allowed threat actors to execute arbitrary code via precise memory control.

Read more at heimdalsecurity.com

The Need to Protect Public AWS SSM Documents - What the Research Shows

AWS Systems Manager automates operational tasks across AWS resources by creating SSM documents. The SSM documents, created in JSON or YAML, contain the operations that an AWS Systems Manager will perform on the cloud assets. By default, SSM documents are private, but can be configured to be shared with other AWS accounts or publicly.

Read more at research.checkpoint.com

CVE-2021-27075: Microsoft Azure Vulnerability

Vulnerability in Microsoft Azure VM Extension would allow privilege escalation and leak of private data.

Read more at intezer.com

Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware

The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users.

Read more at mcafee.com

WiFi devices going back to 1997 vulnerable to new Frag Attacks

A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.

Read more at therecord.media

10 years of '10 Steps to Cyber Security'

The NCSC's landmark cyber security guidance refreshed ahead of its 10th anniversary.

Read more at ncsc.gov.uk

Simple Data Exfiltration Through XSS

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

Read more at trustedsec.com

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Update your Dell devices now! SentinelLabs discover five high severity flaws in Dell firmware update driver impacting desktops, laptops, notebooks and more.

Read more at labs.sentinelone.com

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator

FortiGuard Labs discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc.

Read more at fortinet.com


Learning

LTR101: Writing or Receiving Your First Pentest Report

ZeroSec Blog: Featuring Write-Ups, Projects & Andy Gill's Security Adventures.

Learn more at blog.zsec.uk

As part of our 'Dogs Of Infosec' special, for the next couple of weeks we are featuring the dogs of our readers and using their photos to head our articles with. The awesome pupper in this image is called Olive and she is the fearless and faithful companion of Lisa Johnson (source).