Welcome to the 34th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Sinwindie, Mike Peterson, Miguel Calles, Muhammad Luqman, and Prasanna.
Homeland Security details new tools for extracting device data at US borders
The agency says it can now obtain details including your phone's location history, social media information, and photos and videos.
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
SANS infosec training org suffers data breach after phishing attack
The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack.
Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Microsoft Patch Tuesday Reveals A Few Innocent Ways to Get Hacked
NSA, FBI expose Russian intelligence hacking tool: report
The U.S. National Security Agency and Federal Bureau of Investigation have exposed a sophisticated Russian hacking tool, they said on Thursday in a rare public report offering new insight on Russia's arsenal of digital weapons.
North Korean Hacking Group Attacks Israeli Defense Industry
Israel says the attack was thwarted, but a cybersecurity firm says it was successful. Some officials fear that classified data stolen by North Korea could be shared with Iran.
Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon's Alexa
“Please lower the temperature of the AC, it’s getting humid in here,” said Eric to Alexa, who turned the AC to a cooler temperature in the living room. No, Alexa is not Eric’s partner, wife or friend. Alexa is his virtual assistant.
Global Disruption of Three Terror Finance Cyber-Enabled Campaigns
The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS). This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia. These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context.
Chrome extensions that lie about their permissions - Malwarebytes Labs
Users have learned to review the list of permissions Chrome extensions require before installing them. But what's the use if they lie to you?