Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Prasanna, and Mars Groves.

Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 2

Combining Part 1’s information leak vulnerability with a pool overflow vulnerability to obtain code execution via grooming the kLFH.

Learn more at connormcgarr.github.io

Security flaws could allow an attacker to receive free vehicle charges, or lock up the charging station completely.

Read more at portswigger.net

15 Yr-Old Linux Netfilter Bug Let Hackers Bypass All Security Mitigations

Security expert Andy Nguyen has recently detected a 15-Year-Old Linux Netfilter Bug that allows any attackers to bypass all the modern security measures.

Read more at gbhackers.com

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability.

Read more at thehackernews.com

An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.

Read more at threatpost.com

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

Learn more at thehackernews.com

Google Patched Another Actively Exploited Chrome Zero-Day

Alongside this zero-day exploited actively, Google also fixed 7 other vulnerabilities with the release of Chrome 91.0.4472.164. Update now.

Read more at latesthackingnews.com

Researchers Found Zero-Day Bugs In Safari, Chrome, Internet Explorer

These zero-day bugs were exploited in three different campaigns targeting Chrome, Safari (iOS), and Internet Explorer users.

Read more at latesthackingnews.com

New Windows 10 vulnerability allows anyone to get admin privileges

Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files.

Read more at bleepingcomputer.com

Umbraco flags pending security patch for RCE vulnerability in forms package – updated

‘No indication that this vulnerability is being exploited in the wild’

Read more at portswigger.net

Evade Sandboxes With a Single Bit

Unit 42 has discovered a specific single bit (Trap Flag) in the Intel CPU register that can be abused by malware to evade sandbox detection.

Read more at unit42.paloaltonetworks.com

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Hundreds of thousands of HP, Samsung, and Xerox printers are affected by a 16 year-old security issue.

Read more at thehackernews.com

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Researchers warn about a new malware that hides among Windows Defender's exclusions to evade detection by the antivirus program.

Read more at thehackernews.com

Shlayer Malware: Continued Use of Flash Updates

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

Read more at crowdstrike.com

Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks

A vulnerability affecting Rockwell Automation’s MicroLogix 1100 controllers can be exploited for remote DoS attacks that cause the device to enter a persistent fault condition.

Read more at securityweek.com

Nasty Linux systemd security bug revealed

Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible. (213 kB)

Read more at zdnet.com

Fortinet fixes bug letting unauthenticated hackers run code as root

Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.

Read more at bleepingcomputer.com

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

The XLoader Windows infostealer malware has now been upgraded to attack macOS users.

Read more at thehackernews.com

NPM package steals Chrome passwords on Windows via recovery tool

New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access.

Read more at bleepingcomputer.com

New Windows and Linux Flaws Give Attackers Highest System Privileges

New Linux flaws and an unpatched privilege escalation flaw in Windows could let attackers gain the highest system privileges.

Read more at thehackernews.com

Oracle Releases July 2021 CPU With 342 Security Patches

Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU).

Read more at securityweek.com

Atlassian asks customers to patch critical Jira vulnerability

Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI.

Read more at bleepingcomputer.com

Dell Patches Critical Vulnerabilities in OpenManage Enterprise

Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.

Read more at https://www.securityweek.com/dell-patches-critical-vulnerabilities-openmanage-enterprise

To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials.

Read more at welivesecurity.com

HTA Files Distributed as Fake Chrome Patches for CVE-2021-30554

With new vulnerabilities come new updates and patches. Organizations have complex environments making it difficult to roll out patches quickly and often find themselves in a race to patch systems before threat actors can exploit them. (106 kB)

Read more at https://cofense.com/blog/hta-fake-chrome-patches/

Researchers find new attack vector against Kubernetes clusters via misconfigured Argo Workflows instances

The report notes that other security teams have discovered large-scale cryptocurrency mining attacks against Kubernetes clusters.

Read more at https://www.zdnet.com/article/researchers-find-new-attack-vector-against-kubernetes-clusters-via-misconfigured-argo-workflows-instances/

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Nasty macOS Malware XCSSET has once again been updated in order to steal sensitive data from a variety of apps, including Chrome and Telegram.

Read more at thehackernews.com

Cyber attack disrupts major South African port operations

A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said.

Read more at reuters.com

No cyberattack in sprawling internet outage, Akamai says

A global internet outage on Thursday downed tens of thousands of websites, including those of giant corporations like McDonald’s and Delta Airlines, according to companies that track web statistics. But the company at the center of it says the downtime was not the result of a hack, data breach or other kind of malicious attack. Internet infrastructure company Akamai said it has fixed the issue that it began investigating shortly after noon EST. The specific problem was with Akamai Edge DNS, a service that touts its ability to provide constant Domain Name System availability. “Akamai can confirm this was not a cyberattack against Akamai’s platform,” the company said in a statement.

Read more at cyberscoop.com

Pegasus spyware seller: Blame our customers, not us, for hacking

NSO Group tells BBC News: "The finger-pointing should be at the customer."

Read more at bbc.com

‘If You’re Not A Criminal, Don’t Be Afraid’—NSO CEO On ‘Insane’ Hacking Allegations Facing $1 Billion Spyware Business

The Israeli entrepreneur behind the Pegasus surveillance tool says it is “insane” to link a leak of 50,000 potential spyware targets to his company.

forbes.com

The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t…

I’ve talked about ransomware and extortion attacks on organizations for about a decade.

Read more at doublepulsar.com

The awesome image used in this article was created by Ankur Patar.