Secjuice Squeeze Volume 33

Welcome to the 33rd edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers pirateducky, Sinwindie, Hartoyo Wahyu, Prasanna, Mike Peterson, and Miguel Calles.

Articles

CVE-2020-13379

Unauthenticated Full-Read SSRF in Grafana - While doing some security research on Grafana for bug bounty, I discovered that by chaining together some redirects and a URL Parameter Injection bug, it is possible to achieve a full-read, unauthenticated, SSRF on any Grafana instance.

Source & Link: rhynorater.github.io
Curator: pirateducky

Interpol: Lockbit ransomware attacks affecting American SMBs

American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world.

Source & Link: bleepingcomputer.com
Curator: Sinwindie

What Just Blew Up In Beirut?

Shortly before 6 PM Beirut time reports began flooding Twitter of a fire and a series of explosions in Beirut. It rapidly became evident that event was far more than a small industrial fire. Shortly after, videos and images of a vast explosion flooded onto social media.

Source & Link: bellingcat.com
Curator: Hartoyo Wahyu

Twitter Hack Zoom Court Hearing Interrupted by Ass-Eating Porn Video

“Zoombombers” interrupt the bond hearing for the alleged Twitter hack mastermind with loud music and a Pornhub video.

Source & Link: vice.com
Curator: Prasanna

Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative.

Source & Link: wired.com
Curator: Sinwindie

Black Hat: How your pacemaker could become an insider threat to national security

Implanted medical devices are an overlooked security challenge that is only going to increase over time.

Source & Link: zdnet.com
Curator: Mike Peterson

Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors

Anonymous hacker promises more to come soon, too.

Source & Link: tomshardware.com
Curator: Sinwindie

Upcoming Events, Webcasts, Conferences, etc.

SANS@MIC -Large Scale Honeypotting: The SANS Internet Storm Center

When: Monday, August 10, 2020 at 8:30 PM EDT (2020-08-11 00:30 UTC)
Location: Virtual
Cost: Free
Source & Link: sans.org
Curator: Miguel Calles

Tech Tuesday Workshop - Threat Hunting with OSSEC

When: Tuesday, August 11, 2020 at 1:00 PM EDT (2020-08-11 17:00:00 UTC)
Location: Virtual
Cost: Free
Source & Link: sans.org
Curator: Miguel Calles

Ai4 2020

When: September 1-2, 2020
Location: MGM Grand, Las Vegas
Cost: $595 (early registration)
Source & Link: ai4.io
Curator: Miguel Calles

Open Source Digital Forensics Conference

When: October 20-22, 2020
Location: Herndon, VA
Cost: $0-$350 + $499 optional training
Source & Link: osdfcon.org
Curator: Hartoyo Wahyu

BIG List of Virtual Cybersecurity Conferences

Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule