Welcome to the 33rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers pirateducky, Sinwindie, Hartoyo Wahyu, Prasanna, Mike Peterson, and Miguel Calles.
Unauthenticated Full-Read SSRF in Grafana - While doing some security research on Grafana for bug bounty, I discovered that by chaining together some redirects and a URL Parameter Injection bug, it is possible to achieve a full-read, unauthenticated, SSRF on any Grafana instance.
Interpol: Lockbit ransomware attacks affecting American SMBs
American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world.
What Just Blew Up In Beirut?
Shortly before 6 PM Beirut time reports began flooding Twitter of a fire and a series of explosions in Beirut. It rapidly became evident that event was far more than a small industrial fire. Shortly after, videos and images of a vast explosion flooded onto social media.
Twitter Hack Zoom Court Hearing Interrupted by Ass-Eating Porn Video
“Zoombombers” interrupt the bond hearing for the alleged Twitter hack mastermind with loud music and a Pornhub video.
Facebook’s ‘Red Team’ Hacks Its Own AI Programs
Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative.
Black Hat: How your pacemaker could become an insider threat to national security
Implanted medical devices are an overlooked security challenge that is only going to increase over time.
Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors
Anonymous hacker promises more to come soon, too.