Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mars Groves, Ross Moore, Andy74, Nishith K, Tony Kelly, and Prasanna.

Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data

Even when you pay for a decryption key, your files may still be locked up by another strain of malware.

Read more at wired.com

Here's how we got persistent shell access on a Boeing 747

In-flight entertainment system ran Windows NT4 – and almost defied access attempts.

Read more at theregister.com

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Read more at wired.com

Microsoft: This new open source tool helps you test your defences again hacker attacks

Microsoft has released an open source tool that helps defenders simulate attacks used in real world attacks.

Read more at zdnet.com

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

Details‌ ‌have been revealed about security vulnerabilities affecting Nagios IT monitoring software.

Read more at thehackernews.com

Wormable Windows HTTP vulnerability also affects WinRM servers

A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.

Read more at bleepingcomputer.com

The OSI Model and You Part 1: Stopping Threats on the OSI Physical Layer

Check out how to secure the physical layer in OSI model standards. We'll examine the seven different layers in the OSI model.

Read more at https://securityintelligence.com/articles/osi-model-physical-layer/

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices

Hackers can impersonate legitimate Bluetooth devices with new Bluetooth flaws.

Read more at thehackernews.com

Evolution of JSWorm ransomware

There are times when a single ransomware family has evolved from a mass-scale operation to a highly targeted threat – all in the span of two years. In this post we want to talk about one of those families, named JSWorm.

Read more at securelist.com

TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack

We have found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters.

Read more at trendmicro.com

Report: how cybercriminals abuse API keys to steal millions

Our researchers found that criminals are able to abuse API keys and steal crypto from their victims without being granted withdrawal rights.

Read more at cybernews.com

Apple fixes three zero-days, one abused by XCSSET macOS malware

Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections.

Read more at bleepingcomputer.com

Patch me if you can: Microsoft, Samsung, and Google win appeal over patent on remote updating

Iron Oak fails to convince the Feds that Patent Board misinterpreted key phrase in the patent.

Read more at theregister.com

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!

A critical vulnerability has been found in VMware vCenter Server that could let attackers execute arbitrary code on the targeted servers.

Read more at thehackernews.com

Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

24 out of 26 tools vulnerable – with bonus JavaScript attack for Adobe.

Read more at theregister.com

M1RACLES bug impacts Apple M1 chips, but no need to panic

A security researcher has discovered the first-ever vulnerability in Apple M1 chips that cannot be fixed without a silicon redesign.

Read more at therecord.media

CERT/CC Vulnerability Note VU#667933

Pulse Connect Secure Samba buffer overflow.

Read more at kb.cert.org

Code Execution Flaw in Checkbox Survey Exploited in the Wild

A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild.

Read more at securityweek.com

BazaLoader Masquerades as Movie-Streaming Service

The website for “BravoMovies” features fake movie posters and a FAQ with a rigged Excel spreadsheet for “cancelling” the service, but all it downloads is malware.

Read more at threatpost.com

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Researchers Uncover Bugs in VSCode Extensions That Could Lead to Supply Chain Attacks.

Read more at thehackernews.com

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Trojanized AnyDesk installers were distributed through Google advertisements.

Read more at thehackernews.com

SolarWinds hackers are back with a new mass campaign, Microsoft says

Kremlin-backed group uses hacked account to impersonate US aid agency.

Read more at arstechnica.com

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

We provide an update on our investigation into compromised Pulse Secure devices by suspected Chinese espionage operators.

Read more at fireeye.com

The FBI will feed hacked passwords directly into Have I Been Pwned

Australian security researcher Troy Hunt announced today that he granted the US Federal Bureau of Investigation a direct line to upload new content into Have I Been Pwned, a website that indexes data from security breaches.

Read more at therecord.media

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS.

Read more at googleprojectzero.blogspot.com

The Full Story of the Stunning RSA Hack Can Finally Be Told

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Read more at wired.com

If you follow me, I’ll OSINT you

I tend to have a look at the profiles following me on Twitter or trying to connect on LinkedIn. On LinkedIn I’ve become a little picky on whom to connect with and they have to match my career interests. On Twitter I just look for reds flags in general. If your profile promotes racism and hate speech, deliberately spreads disinformation or supports Borussia Dortmund, I will block you (just kidding on the last one). Of course, I can’t do a deep dive into each and every follower on Twitter. But today I would like to show you what kind of red flags I look for and how these can lead to further investigations.

Read more at keyfindings.blog

Beware: Walmart phishing attack says your package was not delivered

A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks.

Read more at bleepingcomputer.com

How Ransomware Adversaries Reacted to the DarkSide Attack

Learn how the notorious ransomware operators have responded to the DarkSide pipeline attack and the effect it's had on the ransomware-as-a-service landscape.

Read more at crowdstrike.com

PoC published for new Microsoft PatchGuard (KPP) bypass

A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel.

Read more at therecord.media

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

Siemens PLCs have a memory protection bypass bug that gives attackers the ability to run malicious code.

Read more at thehackernews.com

Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia

Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time.

Read more at threatpost.com

EPUB vulnerabilities: Electronic reading systems riddled with browser-like flaws

Read on for page-turning pwnage.

Read more at portswigger.net

XSS Vulnerability In ReDi Restaurant Reservation WordPress Plugin

Exploiting the XSS vulnerability in the ReDi Restaurant Reservation plugin could let an attacker steal customers' data making reservations.

Read more at latesthackingnews.com

Asian cybercrime takedown leads to intercept of $83 million in financial theft

Police intercepted funds that were on their way to the accounts of financial fraudsters.

Read more at zdnet.com

DOJ Seizes 2 Domains Linked to USAID Phishing Campaign

The Department of Justice announced Tuesday that it has seized two domains that were used during a recent phishing campaign that targeted a marketing firm.

Read more at databreachtoday.com

Mass. Steamship Authority Hit by Ransomware Attack; Ferries Delayed

A ransomware attack on the Steamship Authority of Massachusetts hampered operations Wednesday morning. The largest ferry service to the islands of Martha’s Vineyard and Nantucket, the Steamship Authority issued a statement warning that traveling customers may be delayed as a result.

Read more at necn.com

Backdoor malware found on the Myanmar president's website, again

A cyber-espionage hacking group is believed to have hacked the website of the Myanmar president's office and planted a backdoor trojan inside a localized Myanmar font package available for download on the site's front page.

Read more at therecord.media

Amazon Rolls Out Massive Data-Sharing Program—Users Have One Week to Opt Out

Amazon smart home system users have until June 8 to opt out.

Read more at observer.com

Protect your children and homes from cybersecurity threats this Internet Safety Month

In June, businesses and companies across the U.S. recognize and address the possible dangers of internet use during Internet Safety Month.

Read more at cleburnetimesreview.com

Vulnerability Spotlight: Multiple vulnerabilities in Accusoft ImageGear

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.

Read more at blog.talosintelligence.com

Vulnerability Spotlight: Use-after-free vulnerability in WebKit

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.

Read more at blog.talosintelligence.com

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.

Read more at blog.talosintelligence.com

Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

Read more at reuters.com

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

Read more at thehackernews.com

The awesome images used in this weeks edition were created by Felix Hernandez.