Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Hartoyo Wahyu, Prasanna, Sinwindie, Muhammad Luqman, and Thunder-Son.


Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung hacked at Tianfu Cup 2020.

Source & Link: thehackernews.com
Curator: Hartoyo Wahyu

Npm Package Caught Stealing Discord & Browser Files

Malicious code was found hidden inside a JavaScript library named Discord.dll.

Source & Link: zdnet.com
Curator: Prasanna

Former Microsoft Engineer Sentenced To Nine Years

The former software engineer used other employees' accounts to steal digital gift cards among other crimes.

Source & Link: zdnet.com
Curator: Prasanna

Millions of Hotel Guests Caught Up in Mass Data Leak

A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing.

Source & Link: threatpost.com

Chrome Block JavaScript Redirects On Web Page URL Clicks

Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.

Source & Link: chromium.org, bleepingcomputer.com

Your Cop-Friendly Spy Device Could Burst Into Flames

After receiving 85 reports of doorbells catching fire, Ring has issued a recall of some second-generation Ring doorbells (the one with the blue ring) for igniting and causing "minor property damage."

Source & Link: gizmodo.com
Curator: Sinwindie

Binance Grants $200,000 to Investigators for Identifying Exchange Hackers

Binance announced today that it has awarded $200,000 to investigators for providing information about attackers and for the details about the attack.

Source & Link: financemagnates.com
Curator: Sinwindie

Microsoft Beg Users To Stop Using SMS based MFA

Microsoft recommends using app-based authenticators and security keys instead.

Source & Link: zdnet.com

Microsoft Teams Users Under Attack in 'FakeUpdates' Malware Campaign

Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.

Source & Link: threatpost.com
Curator: Muhammad Luqman

2 New Chrome 0-Day Vulnerabilities Under Active Attacks

Recently, Google has released two new patches for two new actively exploited vulnerabilities in Google Chrome. read more here.

Source & Link: cybersecuritynews.com
Curator: Muhammad Luqman

Facebook sues Turkish software developer who ran 20+ Instagram clone sites

Facebook says the Turkish developer operated Instagram clone sites like jolygram.com, imggram.com, imggram.net, finalgram.com, pikdo.net, and ingram.ws.

Source & Link: zdnet.com
Curator: Prasanna

How the U.S. Military Buys Location Data from Ordinary Apps

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.

Source & Link: zdnet.com
Curator: Thunder-Son

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

A Bug in Facebook Messenger App for Android Could've Let Hackers Listen to the Person You Are Calling Before Even They Pick Up.

Source & Link: thehackernews.com
Curator: Thunder-Son

Massive, China-state-funded hack hits companies around the world, report says

Attacks are linked to Cicada, a group believed to be funded by the Chinese state.

Source & Link: arstechnica.com
Curator: Sinwindie

DeFi Protocol Pickle Finance Hacked For $20 Million

The coffers of Pickle Finance, a decentralized finance (DeFi) protocol, were drained today of $20 million in what appears to be a hack.

Source & Link: decrypt.co
Curator: Sinwindie

How an Online Attack ‘Brought Twitter to Its Knees’

A teenager from Florida is accused of breaching one of the most high-profile internet platforms in the world. Watch how Twitter was hacked in a new Times documentary airing tonight on FX at 10 p.m. and streaming on Hulu.

Source & Link: nytimes.com
Curator: Sinwindie

Cryptocurrency exchange Liquid confirms hack

An investigation is underway to see if hackers accessed documents that users submitted to verify their information with the exchange.

Source & Link: techcrunch.com
Curator: Sinwindie

Hackaday Podcast 094: Fake Sun, Hacked Super Mario, Minimum Viable Smart Glasses, And 3D Printers Can’t Do That

Hackaday editors Elliot Williams and Mike Szczys traverse the hackerscape looking for the best the internet had to offer last week.

Source & Link: hackaday.com
Curator: Sinwindie

Nintendo sues more hack sellers, ‘a worsening international problem’

Another lawsuit filed in Seattle court.

Source & Link: polygon.com
Curator: Sinwindie

IBM Works With Cisco to Exorcise Ghosts From Webex Meetings

IBM found openings in Webex Meetings that could let 'ghosts' listen in. Now patched, the vulnerabilities show the importance of securing remote work tools.

Source & Link: securityintelligence.com
Curator: Sinwindie

Hackers Dupe GoDaddy Into Helping Them Take Down Cryptocurrency Sites

Roughly one year after a data breach at GoDaddy compromised 28,000 customer accounts, the world’s largest internet domain registrar is once again at the center of a security scandal. Hackers brought down several cryptocurrency services using GoDaddy domains in recent weeks, and apparently the company’s own staff unwittingly helped in these attacks.

Source & Link: gizmodo.com
Curator: Sinwindie

Upcoming Events, Webcasts, Conferences, etc.

BIG List of Virtual Cybersecurity Conferences

Source & Link: https://github.com/santosomar/virtualseccons
Curator: Guise Bule

The image used in this article was created by artist Spencer Tunick.

About The Artwork Used In This Article
You may have noticed that we often like to break the norm where an article's image must be relevant to the article's subject, we find it liberating. In this issue, we push the boundaries a little more with some thought-provoking imagery and by showcasing a specific artist. We like to showcase the work of illustrators, designers, and artists when choosing our images, but have never really showcased the work of a photographer before. We thought it was time to change that. True to our form, we chose a subject matter completely unrelated to infosec.

Welcome to the wonderful world of Spencer Tunick, an artist who has been documenting the live nude figure in public since 1992. Tunick has been arrested five times while attempting to work outdoors, the charges were later dropped but the threat of arrest haunted him constantly.

Determined to create his artwork on the streets, he filed a civil rights lawsuit to protect him and his participants from arrest. In May 2000, the Second US district court sided with Tunick, recognizing that his work was protected by the First Amendment of the US Constitution.

In response to New York city's final appeal to the US Supreme Court, Justice Ruth Bader Ginsburg ruled in favor of Tunick by remanding the case back down, allowing the lower court decision to stand and the artist to freely organize his work on the streets of New York City.

Learn more about Spencer Tunick and his art using the links below:

Website - Instagram - LinkTree - YouTube