Welcome to the first edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles curated for your reading enjoyment in case you missed them! This weeks volume was created by Secjuice leadership member Miguel Calles.

Disney+ Accounts on Sale for $1

Shortly after the public launch of the Disney+ streaming service accounts were compromised and became available for sale on darknet markets. Some of these compromised accounts can be attributed to users reusing passwords, but it did not help that Disney+ made account takeovers fairly easy for miscreants to exploit too.

https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
https://www.infosecurity-magazine.com/news/hacked-disney-accounts-on-sale-for/

Ransomware Continues to Strike

Ransomware affected a Texas high school, 400 veterinary hospitals, and a French hospital. The high school paid the ransom, whereas the hospitals might not decide to pay it. Ransomware attacks are becoming more aggressive and sophisticated. To learn more ransomware, consider reading "Ransomware Revealed: A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks" by Secjuice writer Nihad A. Hassan.

https://www.beaumontenterprise.com/news/article/PN-G-pays-ransom-to-regain-access-to-district-14844446.php
https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
https://www.theregister.co.uk/2019/11/21/french_hospital_rouen_ransomware/

Microsoft Updates Patch UAC Flaw

Windows Secure Desktop has a User Access Control (UAC) flaw that allows a malicious actor to launch a web browser with elevated user privileges. Apply the November updates to patch this flaw.

https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege

Google Offers $1.5M Hacking Reward

Google claims its Titan M secure chip is pretty secure. Google's confidence led them to offer a $1.5 million reward for a complex remote code execution exploit.

https://www.zdnet.com/article/google-will-pay-bug-hunters-up-to-1-5m-if-they-can-hack-its-titan-m-chip/
https://www.msn.com/en-us/news/technology/google-is-offering-a-2415-million-reward-to-anyone-who-can-pull-off-a-complex-android-hack/ar-BBXaRuP

The awesome GIF used in this article and the STARFOX name, including all related images, are registered trademarks and copyright of Nintendo of America Inc. Use of this material is covered in our 'fair use' notice.