INFOSEC

Secjuice Squeeze 72

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.

Tony Kelly, Ross Moore, Andy74, Prasanna

Jul 18, 2021 • 5 min read

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Andy74, Prasanna, and Mars Groves.

Zloader With a New Infection Technique

This blog was written by Kiran Raj & Kishan N. Introduction In the last few years, Microsoft Office macro malware using social engineering as a means

Active Directory Fundamentals (Part 1)- Basic Concepts

Active Directory penetration dojo by ScarredMonk - Blogs on AD security and Windows tips and tricks.

PowerShell Empire for Pentester: Mimikatz

This article will showcase various attacks and tasks that can be performed on a compromised Windows Machine which is a part of a Domain Controller.

Understanding and stopping 5 popular cybersecurity exploitation techniques

Effectively cybersecurity exploitation techniques requires deep system knowledge and constant monitoring of all applications.

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Kaneya releases patch to address flaws exploited by a wide-spread ransomware attack.

Read more at thehackernews.com and securityweek.com

Flaw in preprocessor language Less.js causes website to leak AWS secret keys

Issues in plugin feature can leave users at risk.

Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems

Mitsubishi Electric patches critical and high-severity vulnerabilities affecting many of its air conditioning systems.

Malware hits Hive OS cryptomining users; steals funds from wallets

Hackers disabling Macro security warnings in new malspam campaign

Level Up InfoSec - Free Resources

I personally believe that learning should cost as little as possible and over the years I have curated a lot free resources and content available on the internet. I created this page on my website to organize and share that collection.

What I have learned from doing a year of Cloud Forensics in Azure AD

Today I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where logs are stored and what kind of information it contains.

During this blog post, I will share some of my experience. This includes the challenges that I’ve faced, but also the things I have learned. Last, but not least. I will share my methodology on doing Cloud forensics in Azure AD.

Malicious Android App Posed As QR Scanner To Launch Joker Malware

Researchers uncovered a new wave of Android malware campaign " Joker" which posed as a QR scanner to target Android users.

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack

CISA warns of critical vulnerability in ForgeRock OpenAM RCE exploited in the wild.

Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Trickbot malware has returned with a new VNC module to spy on its victims.

WordPress File Management Plugin Riddled with Critical Bugs

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.

Adobe updates fix 28 vulnerabilities in 6 programs

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.

DLL Side-Loading Technique Used in the Recent Kaseya Ransomware Attack

FortiGuard Labs examines the ransomware used in the recent Kaseya attack and seeing what happens when a machine is infected by this ransomware by looking at some of the visible Indicators of Compromise.

Chinese hackers use new SolarWinds zero-day in targeted attacks

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws.

Cybercriminals using Marvel's Black Widow movie to spread malware

Microsoft fixes Windows Hello authentication bypass vulnerability

Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

VMware Patches Vulnerabilities in ESXi, ThinApp

The issues could be abused to bypass authentication, cause a denial of service condition, or elevate privileges to administrator.

Hackers Move to Extort Gaming Giant EA

After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.

HelloKitty ransomware now targets VMware ESXi servers

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms.

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group.

Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability

Microsoft warns of unpatched vulnerability (CVE-2021-34481) in Windows Print Spooler service.

Critical Vulnerabilities Spotted In WordPress Plugin Frontend File Manager

As much as six different vulnerabilities existed in the Frontend File Manager plugin having over 2000 active installations. Patches released.

Remote code execution in cdnjs of Cloudflare

Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published with the permission of the Cloudflare security team. So this article is not intended to recommend you to perform an unauthorized vulnerability assessment. If you found any vulnerabilities in Cloudflare’s product, please report it to Cloudflare’s vulnerability disclosure program.

US offers up to $10 million reward for information on cyberattacks against critical infrastructure by foreign states

The US government is offering up to $10 million for information that can identify or locate malicious cyber actors working on behalf of a foreign government to target critical US infrastructure, the US State Department announced Thursday.

Cybersecurity bills gain new urgency after rash of attacks

Bipartisan bills aimed at strengthening U.S. cybersecurity after a string of major attacks are making headway in both the House and Senate.

FBI Issues Warning to Crypto Stakeholders About Potential Cyber Attacks

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are increasingly targeting crypto exchanges, third-party payment platforms as well as private owners of digital assets.