Fake COVID credentials flourish on the dark web

Security Researchers at CheckPoint found faked COVID-19 negative test results and vaccine certifications for sale on dark web marketplaces, for around $25 and $250, respectively. Ads for these false credentials have increased 300% over the last three months. Researchers also found vaccine doses for sale on the illicit marketplaces, with doses from AstraZeneca, Sputnik, SINOPHARM and Johnson & Johnson ranging in price from $500 to $1000. 

(Security Affairs)

Mamba ransomware gang abusing open source tools

The FBI issued a warning that the ransomware group is using the DiskCryptor tool to encrypt the drives of victims. DiskCryptor claims to offer a better alternative to OS encryption like Microsoft’s BitLocker, able to encrypt all disk drives, including the system partition. The FBI noted that DiskCryptor itself is not malicious by nature, but that Mamba has used it to extort targeted victims. The FBI notes that once installed, DiskCryptor saves encryption keys to a myConf.txt file, which is accessible until a machine restarts twice. 

(Security Week)

An analysis of COVID-19 vaccine websites

The Markup’s Jon Keegan and Colin Lecher analyzed the privacy, performance, and accessibility of COVID-19 vaccine websites across US states and territories. Nevada led all states with 24 ad trackers and 45 third-party cookies, with an average of 2.8 ad trackers and 3.4 third-party cookies per state. Texas, New York, Kentucky, West Virginia, New Hampshire, and Puerto Rico sites had no trackers or cookies. Sites averaged 5.9 second load times, with Puerto Rico loading in 1.4 seconds, with Nevada the slowest at 15.7 seconds.  

(The Markup)

Zuckerberg discusses reforms to Section 230

In written testimony submitted ahead of the US House hearing regarding misinformation online, Facebook’s Mark Zuckerberg included suggestions for reforming Section 230, the US safe harbor law that prevents platforms from being liable for most things posted by its users. Zuckerberg suggests a platform should have to demonstrate an adequate system for identifying unlawful content and removing it in order to qualify for section 230, with the system proportionate to platform size. 

(Axios)

Thanks to our episode sponsor, Trend Micro

Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.

QNAP warns of brute force attacks against NAS devices

The company warned that threat actors are using automated tools to login into Internet-exposed NAS devices using passwords generated dynamically or from lists of previously compromised credentials. Once access is gained, attackerss gain full access to steal sensitive documents or deploy malware. QNAP recommends changing the default access port number, using strong passwords for their accounts, enabling password policies, and disabling the admin account targeted in these ongoing attacks. Users can also block access to specific IP addresses after several failed login attempts. The NAS maker also saw a ransomware campaign against its devices back in 2019. 

(Bleeping Computer)

Cloudflare launches Page Shield

The company launched the new web security feature to prevent Magecart-style card skimming attacks. Part of Page Shield is Script Monitor, which checks third-party JavaScript dependencies and records any new additions over time. Cloudflare found that many sites struggled identifying Magecart because by default they trust third-party JavaScript to function as intended. Page Shield will add a Content-Security-Policy-Report-Only header to content passing through Cloudflare’s network, with customers alerted if there are any changes to JavaScript for further investigation. Cloudflare is also working with cybersecurity partners to obtain Magecart JavaScript samples to further improve the tool. 

(ZDNet)

Arizona law on app store payments doesn’t get a vote

The Arizona State Senate was scheduled to vote on HB2005 on March 24th, which would have required Android and iOS to allow alternative in-app payment systems, but never came up for a vote. It’s unclear why the bill was pulled. The Verge reached out to the bill’s sponsor Representative Regina Cobb and the Arizona governor’s office but they did not respond to requests for comment. 

(The Verge)

Security engineer reports data leak, hears from police

Earlier this month, security engineer Rob Dyke discovered an exposed GitHub repository exposing passwords, API keys, and sensitive financial records which belonged to the Apperta Foundation. Dyke subsequently reported the leak, which had been open since 2019, to the Foundation, who initially thanked him for the disclosure. However on March 9th, he received a notice from Apperta’s legal team, followed by an email by the Northumbria Police cyber investigator in relation to a report of “Computer Misuse.” Dyke had previously worked with Apperta and said he followed their established disclosure policies when reporting the leak. 

(Bleeping Computer)