Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Ross Moore, and Mars Groves.

A new research has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware.

Read more at thehackernews.com

Cybersecurity firm exposes 5 billion data breach records

In recent news, a cybersecurity analytics firm, Cognyte was found to be responsible for leaving a huge database unsecured which led to more than 5 billion records being exposed online.

Read more at hackread.com

Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors | SecurityWeek.Com

Eight vulnerabilities discovered in ODA’s Drawings SDK impact products from Siemens and likely other vendors.

Read more at securityweek.com

A security bug in Google’s Android app put users’ data at risk – TechCrunch

Until recently, Google’s namesake Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device.

Read more at techcrunch.com

XSS flaw in Wire messaging app allowed attackers to ‘fully control’ user accounts

The maintainers of the Wire secure messaging app have patched the software against two security vulnerabilities, one of which could have allowed an attacker to “fully control” user accounts.

Read more at portswigger.net

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature | Read latest news headlines on latest news and technical coverage on cybersecurity, infosec and hacking.

Read more at thehackernews.com

Tor Browser fixes vulnerability that tracks you using installed apps

The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.

Read more at bleepingcomputer.com

CSP bypass: How one Chrome XSS bug took 2.5 years and an HTML spec change to fix

The Chromium team has patched a 2.5-year-old bug that made it possible to stage cross-site scripting (XSS) attacks on web pages, even if they had been configured to prevent XSS attacks.

Read more at portswigger.net

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws

A total of 26 high-severity vulnerabilities affect NVIDIA Jetson chipsets.

Read more at thehackernews.com

Most Developers Never Update Third-Party Libraries in Their Software: Report | SecurityWeek.Com

Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals.

Read more at securityweek.com

Malicious PyPI packages hijack dev devices to mine cryptocurrency

This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.

Read more at bleepingcomputer.com

Darkside RaaS in Linux version

Executive summary AT&T Alien Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Key Points: Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible without the encryption key, if properly implemented.

Read more at att.com

SonicWall bug affecting 800K firewalls was only partially fixed

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.

Read more at bleepingcomputer.com

Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes

It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.

Read more at theregister.com

Zephyr RTOS fixes Bluetooth bugs that may lead to code execution

The Zephyr real-time operating system (RTOS) for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service (DoS) condition and potentially lead to remote code execution.

Read more at bleepingcomputer.com

DarkRadiation ransomware targeting RedHat, Debian Linux distributions

Trend Micro cybersecurity researchers have shared findings of a newly identified ransomware strain dubbed DarkRadiation. The ransomware strain is entirely written in Bash, and this aspect makes it difficult for most security software to detect it as a threat.

Read more at hackread.com

Comparitech finds 1 in 5 Google Play Apps for kids violates Children’s Online Privacy Protection Act

Recent research from security and privacy comparison and advice website Comparitech.com, which has looked at children’s apps available through Google Play  has found that 1 in 5 breach COPPA rules. Even more worrying is that half of the apps that violate the rules have received a “teacher-approved” badge.

Read more at itsecurityguru.org

VMware Patches Privilege Escalation Vulnerability in Tools for Windows | SecurityWeek.Com

A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges.

Read more at securityweek.com

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Attackers could have hacked any Atlassian account using a one-click exploit.

Read more at thehackernews.com

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

Researchers disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.

Read more at thehackernews.com

Remote Access Trojan now targeting schools with ransomware

A Remote Access Trojan is targeting schools and universities with ransomware attacks. Christened ChaChi by the BlackBerry Threat Research and Intelligence SPEAR team, the RAT is being used by operators of the PYSA ransomware, according to a report released by BlackBerry on Wednesday. Specifically, ChaChi has been discovered in data breaches of K-12 schools and higher education facilities in the U.S. as well as the U.K.

Read more at techrepublic.com

MITRE releases D3FEND, defensive measures complimentary to its ATT&CK framework - The Record by Recorded Future

The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.

Read more at therecord.media

From Word to Lateral Movement in 1 Hour

In May 2021, we observed a threat actor conducting an intrusion utilizing the IcedID payloads for initial access. They later performed a number of techniques from host discovery to lateral movement, using RDP and SMB to access the file servers within an enterprise domain.

Read more at thedfirreport.com

What you need to know about Microsoft Windows 11: It will run Android apps

Microsoft on Thursday announced Windows 11, or tried to as an uncooperative video stream left many viewers of the virtual event flummoxed by intermittent transmission gaps in the opening minutes.

Read more at theregister.com

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Storage-device maker advises customers to unplug My Book Lives from the Internet ASAP.

Read more arstechnica.com

The Ghosts of Mirai | FortiGuard Labs

As the number of installed IoT devices continues to explode, especially given the current lack of security standards available to protect them, IoT will be a hotbed for malware operations for the foreseeable future, as we have demonstrated in this article. And interestingly, Mirai variants are still very active in terms of attack and development.

Read more at fortinet.com

VMware Patches Critical Vulnerability in Carbon Black App Control | SecurityWeek.Com

VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines.

Read more at securityweek.com

Vulnerabilities Expose Fortinet Firewalls to Remote Attacks | SecurityWeek.Com

A vulnerability patched recently by Fortinet in its FortiWeb WAF can be exploited to execute arbitrary commands, and it can pose a more serious risk if it’s chained with a misconfiguration and another recently discovered flaw.

Read more at securityweek.com

Ransomware: Now gangs are using virtual machines to disguise their attacks | ZDNet

Ransomware operators are using virtual machines to avoid their unusual network activity being spotted before they deploy their malware.

Read more at zdnet.com

EU wants emergency team for 'nightmare' cyber-attacks

European Commission says recent ransomware attacks on US and Ireland have "focussed mind".

Read more at bbc.com

The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’

An Eastern European group known as Ryuk has hit at least 235 facilities, raking in more than $100 million.

Read more at wsj.com

OIG: Medicare Lacks Oversight of Cybersecurity for Medical Devices

An OIG study reveals that Medicare's hospital survey protocol does not address the cybersecurity of networked medical devices.

Read more at healthitsecurity.com