Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Nishith K, Prasanna, Ross Moore, and Mars Groves.

The relatives frozen in time on Google Street View

People are sharing ways in which the mapping tool has accidentally connected them with dead relatives.

Read more at bbc.com

Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site

Hackers could have stolen your secrets for any site through a Microsoft Edge bug.

Read more at thehackernews.com

Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware

Hackers tricked Microsoft into digitally signing a malicious "Netfilter" driver linked to a Windows rootkit malware.

Read more at thehackernews.com and hackread.com

DMARC: The First Line of Defense Against Ransomware

DMARC is also known as the first line of defense against Ransomware.

Read more at thehackernews.com

New malware in pirated games disables Windows Updates, Defender

Crackonosh malware has been around since at least June 2018 and has infected more than 222,000 systems around the world.

Read more at hackread.com

Official Python repositories plagued with cryptomining malware

Researchers at security firm Sonatype have uncovered six malicious typosquatting packages in the official Python programming language’s PyPI repository, laced with cryptomining malware.

Read more at hackread.com

NFC smartphones enabled researchers to hack point of sale systems and ATMs

Smartphones with NFC enabled allowed researchers to hack point of sale systems and ATMs, gaining custom code execution on some of them.

Read more at xda-developers.com

Windows 11 will let you run Android apps directly on the desktop

With Microsoft's announcement of Windows 11 today, they also revealed that users would soon be able to run Android apps directly on the desktop. (145 kB)

Read more at bleepingcomputer.com

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again – with big security ramifications. (567 kB)

Read more at threatpost.com, latesthackingnews.com, and https://9to5mac.com/2021/06/29/linkedin-breach/

REvil ransomware's new Linux encryptor targets ESXi virtual machines

The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines. (145 kB)

Read more at bleepingcomputer.com

Experts developed a free decryptor for the Lorenz ransomware

Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

Read more at securityaffairs.co and latesthackingnews.com

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

Virtual machines on Google Compute Engine are affected by an unpatched bug.

Read more at thehackernews.com

New API Lets App Developers Authenticate Users via SIM Cards

How to Go Passwordless: New API Lets You Use the SIM Card for Mobile Identity Verification.

Read more at thehackernews.com

Google now requires app developers to verify their address and use 2FA

Google now requires that app developers verify their addresses and enable two-factor authentication.

Read more at thehackernews.com

Deep Dive into AWS Penetration Testing

Getting Started into AWS Penetration Testing: Part 1.

Read more at infosecwriteups.com

SolarWinds hackers remained hidden in Denmark’s central bank for months

Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months. The security breach is the result of the SolarWinds supply chain attack.

Read more at securityaffairs.co

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Researcher Accidentally Leaks PoC Exploit For Critical Windows RCE Vulnerability.

Read more at thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html

Multiple vulnerabilities in WordPress plugin pose website remote code execution risk

Quartet of critical web security flaws plague CMS software.

Read more at portswigger.net

Universal XSS Vulnerability In Microsoft Edge Allowed Targeting Any Site

The universal XSS flaw affected the automatic translation feature of Microsoft Edge browser. Microsoft patched it with Edge v.91.0.864.59.

Read more at latesthackingnews.com

Leaked print spooler exploit lets Windows users remotely execute code as system on your domain controller

Kill this service immediately.

Read more at theregister.com

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities have arrested a Romanian hacker who is wanted in the U.S. for distributing Gozi virus that infected more than million computers.

Read more at thehackernews.com

Major Linux RPM problem uncovered

Red Hat has used RPM for software package distribution for decades, but we now know RPM contained a nasty hidden security bug since Day One. It's now been unveiled and a repair patch has been submitted.

Read more at zdnet.com

Microsoft adds second CVE for PrintNightmare remote code execution

While PrintNightmare has been known as CVE-2021-1675 this week, Microsoft has now thrown CVE-2021-34527 into the mix.

Read more at zdnet.com

NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs

Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.

Read more at darkreading.com

PoC Exploit Circulating for Critical Windows Print Spooler Bug

The "PrintNightmare" bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code execution attacks.

Read more at threatpost.com

The Most Prolific Ransomware Families: A Defenders Guide

In this article, DomainTools researchers provide a look at the three most prolific ransomware families and their toolsets.

Read more at domaintools.com

Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked

LineStar Integrity Services was hacked around the same time as Colonial Pipeline, but radical transparency activists have brought the attack to light.

Read more at wired.com

The possible reasons Google is moving away from APKs on Android

Google has announced it is moving away from the APK format for Android apps. Jack Wallen offers his opinion on why this could be happening.

Read more at techrepublic.com

OSWE Exam Review and Tips (ft. No Developer Background Candidate)

Read more at infosecwriteups.com

Exploiting Insecure Deserialization Vulnerabilities Found in the Wild

Deserialization is the process of converting a byte stream back into an object so that it can be used by the web application the way it was intended. The importance of serialization and deserialization of data is it ensure that the object remain a replica of the original object before it was serialized. Insecure deserialization comes when unsanitized user-controlled data is passes to a unserialize call, it can cause an attacker to leverage the vulnerability which in turn leads to code execution or arbitrary file read on any system.

Read more at macrosec.tech

HTTP Parameter Pollution (HPP)

HPP is a type of injection attack that occurs when a target system accepts multiple parameters with the same name and handles them in a manner that might be insecure or unexpected. This type of vulnerability can be found on both the server-side and client-side. HPP tests the applications response to receiving multiple HTTP parameters with the same name; for example, if the parameter username is included in the GET or POST parameters twice.When multiple parameters with the same name are sent to a server, different languages and frameworks handle these parameters in a different way.

Read more at macrosec.tech


Write-ups of various rooms I have completed on the TryHackMe platform - synackodes/TryHackMe

Learn more at github.com

Diavol - A New Ransomware Used By Wizard Spider?

FortiGuard Labs identified a new ransomware family, Diavol. Learn about the inner workings of Diavol and its possible attribution to the criminal group known as Wizard Spider.

Rear more at fortinet.com

Babuk ransomware is back, uses new version on corporate networks

After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks.

Read more at bleepingcomputer.com

REvil ransomware executes supply chain attack via malicious Kaseya update

The REvil ransomware gang appears to have gained access to the infrastructure of Kaseya, a provider of remote management solutions, and is using a malicious update for the VSA software to deploy ransomware to companies across the world.

Read more at therecord.media

Parameter Tampering Vulnerability Using 3 Different Approaches

Read more at cobalt.io

Pink and Black Spiral Illusion on Yolanda Caporn