Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Mars Groves, Ross Moore, Andy74, Nishith K, Tony Kelly, Gurkirat Singh and Prasanna.

Military infosec SNAFUs: What WhatsApp and bears in the woods can teach us

One can’t spell shit without IT, but for Pete's sake it doesn't need to be in your endpoints.

Read more at theregister.com

Malware family naming hell is our own fault

EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?

Read more at gdatasoftware.com

WordPress force installs Jetpack security update on 5 million sites

Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in.

Read more at bleepingcomputer.com

Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software

Users urged to migrate to alternative application, with open source project long since abandoned.

Read more at portswigger.net

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

GitHub‌ ‌updates its policy to remove malware and exploit code used in active attacks.

Read more at thehackernews.com

New Kubernetes malware backdoors clusters via Windows containers

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.

Read more at bleepingcomputer.com

US recovers most of Colonial Pipeline's $4.4M ransomware payment

The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.

Read more at bleepingcomputer.com

FBI and Australian police ran an encrypted chat platform to catch criminal gangs | The Record by Recorded Future

The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years.

Read more at therecord.media

Inside The ‘World’s Largest’ Video Game Cheating Empire

The cheat-making group known as "Chicken Drumstick" made more than $70 million selling cheats for PUBG Mobile. This is the story of its rise and fall.

Read more at vice.com

OSINT: how to find anything on the internet

"The best place to hide a dead body is page two of Google." You’ve probably seen this meme floating around the internet a while ago. An ironic nod to a rather surprising fact: 90 percent of the clicks on search engines are concentrated on the first page of results.

Read more at substack.com

RockYou2021: largest password compilation of all time leaked online – 8.4 billion entries | Black Hat Ethical Hacking

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

Read more at blackhatethicalhacking.com

Modify HTTP request headers with Transform Rules

HTTP request headers can now be modified with Cloudflare Transform Rules.

Read more at cloudflare.com

Four Security Vulnerabilities were Found in Microsoft Office - Check Point Software

Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft

Read more at checkpoint.com

STEM & Twitter: Verified Bias

Over the past few years, people have gotten louder and louder about Twitter's apparent bias in who they verify.

Read more at dev.to

BloodHound versus Ransomware: A Defender’s Guide

You don’t need me to tell you how dangerous and destructive ransomware is. It seems like every week there is a new headline, with the same story: an organization was hit by ransomware, disrupting their operations, and causing plenty of monetary and personal loss through downtime, damage to the company brand, and individuals losing their jobs.

Read more at specterops.io

Gootkit: the cautious Trojan

Gootkit is complex multi-stage banking malware capable of stealing data from the browser, performing man-in-the-browser attacks, keylogging, taking screenshots and lots of other malicious actions. Its loader performs various virtual machine and sandbox checks and uses sophisticated persistence algorithms.

Read more at securelist.com

Picture this: Hiding Malware in Images

A previously unreported method of hosting malware abuses the popular gaming platform Steam to hide malware in an unusual place: Profile pictures.

Read more at gdatasoftware.com

Fujifilm refuses to pay ransomware demand, relies on backups

Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan and is using backups to restore operations.

Read more at verdict.co.uk

Google Patches Critical Android RCE Bug

Google's June security bulletin addresses 90+ bugs in Android and Pixel devices.

Read more at threatpost.com

Security researchers have revealed the details of two vulnerabilities in Joomla – the popular content management system – which, if chained together, they said could be used to achieve full system compromise.

Read more at portswigger.net

Microsoft patches six Windows zero-days, including a commercial exploit | The Record by Recorded Future

Microsoft has released today its monthly batch of security updates, known in the industry as Patch Tuesday.

Read more at therecord.media

Intel fixes 73 vulnerabilities in June 2021 Platform Update

Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors.

Read more at bleepingcomputer.com

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.

Read more at thehackernews.com

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Microsoft warns of a large-scale cryptocurrency mining malware campaign that targets Kubernetes clusters through Kubeflow machine learning instances.

Read more at thehackernews.com

Hackers Steal Wealth of Data from Game Giant EA

Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned.

Read more at vice.com

Malware disguised as Minecraft mods on Google Play, continued

We found more malicious apps in Google Play disguised as Minecraft mods, social media ad-management apps, and a file recovery utility.

Read more at kaspersky.co.uk

Microsoft Office MSGraph vulnerability could lead to code execution

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.

Read more at bleepingcomputer.com

WSJ News Exclusive | McDonald’s Hit by Data Breach

The hack exposed some U.S. business information and customer data in South Korea and Taiwan, the company said.

Read more at wsj.com

Hackers can exploit bugs in Samsung pre-installed apps to spy on users

Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.

Read more at bleepingcomputer.com

Google fixes actively exploited Chrome zero‑day | WeLiveSecurity

Google has updated its Chrome web browser to fix several security flaws, including a zero-day that is known to be actively exploited by threat actors.

Read more at welivesecurity.com

Linux system service bug lets you get root on most modern distros

Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.

Read more at bleepingcomputer.com

Microsoft Announce Powerful New Threat Detection Solution in Azure - Latest Hacking News

Microsoft has announced new ‘seamless’ integration between their two services: Azure Firewall and Azure Sentinel.

Read more at latesthackingnews.com

Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass

In my first personal blog post in 2018 I wrote about Active Directory forest trusts and how they work under the hood. Part two of the series was since then promised but never delivered. I researched this topic again in 2019 and ended up finding a logic flaw which allowed the bypassing of the SID filtering mechanism and compromise hosts in a trusted forest. This flaw was patched in February 2020 and given CVE-2020-0665. Because of a global pandemic that cancelled most in-person conferences in 2020 I didn’t really get around to talk about this much even though it is one of my favorite finds to date. Under the motto “better late than never”, here is part 2 of the forest trust series, with the knowledge I’ve learned since then. Part of this content is also available as video on my YouTube channel.

Read more at dikjanm.io

Abusing Firefox in Enterprise Environments

In this blogpost, we will describe a technique that abuses legacy Firefox functionality to achieve command execution in enterprise environments.

Read more at mdsec.co.uk

U.S. Army Hacked By 40 Military And Civilian Hackers In Six Weeks

During six weeks at the start of 2021, the U.S. Army was hacked by a crack team of 40 top-tier operatives.

Read more at forbes.com

EA: Gaming giant hacked and source code stolen

Game data and source code were both stolen by hackers, but no player data, EA said in a statement.

Read more at bbc.com

The Debate Over Hacking Ransomware Hackers

The recovery of ransom paid by the Colonial Pipeline operator allays some worries about cryptocurrency — but worries others.

Read more at nytimes.com

McDonald's hit by data breach

McDonald's is the latest high-profile company to be affected by a data breach, leading to the exposure of private information of customers and employees in South Korea and Taiwan.

Read more at cnn.com

Hackers breach gaming giant Electronic Arts, steal game source code

Gaming giant Electronic Arts (EA) has been hacked and threat actors claim to have stolen roughly 750 GB of data, including game source code and debug tools.

Read more at bleepingcomputer.com

This weeks images were provided by Nina Z's digital art collection.