Secjuice Squeeze Volume 42

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Sinwindie, Prasanna, Miguel Calles, Muhammad Luqman.

Articles

US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks

The US Department of Justice has unsealed today charges against six GRU officers believed to be members of Sandworm, one of today's most advanced state-sponsored hacking groups.

Source & Link: zdnet.com
Curator: Sinwindie

GravityRAT Comes Back to Earth with Android, macOS Spyware

The espionage tool masquerades as legitimate applications and robs victims blind of their data.

Source & Link: threatpost.com
Curator: Prasanna

Mysterious 'Robin Hood' hackers donating stolen money

Experts and charities are puzzled by hackers who've started donating stolen money.

Source & Link: bbc.com
Curator: Prasanna

Activists Turn Facial Recognition Tools Against the Police

“We’re now approaching the technological threshold where the little guys can do it to the big guys,” one researcher said.

Source & Link: nytimes.com
Curator: Sinwindie

Dutch Ethical Hacker Logs into Trump’s Twitter Account

Last week a Dutch security researcher succeeded in logging into the Twitter account of the American President Donald Trump.

Source & Link: volkskrant.nl
Curator: Sinwindie

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.

Source & Link: threatpost.com
Curator: Miguel Calles

A massive spam attack is ruining public 'Among Us' games

Among Us is struggling to contain a spam attack that is affecting most of its community.

Source & Link: engadget.com
Curator: Sinwindie

RIAA blitz takes down 18 GitHub projects used for downloading YouTube videos

Main target of the takedown was the youtube-dl project, a Python library that had amassed more than 72k stars on GitHub and was used in many YouTube video ripping tools and services.

Source & Link: zdnet.com
Curator: Sinwindie

Botnet Infects Hundreds of Thousands of Websites

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

Source & Link: darkreading.com
Curator: Muhammad Luqman

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.

Source & Link: darkreading.com
Curator: Muhammad Luqman

Upcoming Events, Webcasts, Conferences, etc.

GrayHat (formerly the Texas Cyber Summit)

When: October 29, 2020
Location: Virtual
Cost: Free
Source & Link: https://grayhat.co
Curator: Miguel Calles

BIG List of Virtual Cybersecurity Conferences

Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule