Fake COVID credentials flourish on the dark web
Security Researchers at CheckPoint found faked COVID-19 negative test results and vaccine certifications for sale on dark web marketplaces, for around $25 and $250, respectively. Ads for these false credentials have increased 300% over the last three months. Researchers also found vaccine doses for sale on the illicit marketplaces, with doses from AstraZeneca, Sputnik, SINOPHARM and Johnson & Johnson ranging in price from $500 to $1000.
Mamba ransomware gang abusing open source tools
The FBI issued a warning that the ransomware group is using the DiskCryptor tool to encrypt the drives of victims. DiskCryptor claims to offer a better alternative to OS encryption like Microsoft’s BitLocker, able to encrypt all disk drives, including the system partition. The FBI noted that DiskCryptor itself is not malicious by nature, but that Mamba has used it to extort targeted victims. The FBI notes that once installed, DiskCryptor saves encryption keys to a myConf.txt file, which is accessible until a machine restarts twice.
An analysis of COVID-19 vaccine websites
The Markup’s Jon Keegan and Colin Lecher analyzed the privacy, performance, and accessibility of COVID-19 vaccine websites across US states and territories. Nevada led all states with 24 ad trackers and 45 third-party cookies, with an average of 2.8 ad trackers and 3.4 third-party cookies per state. Texas, New York, Kentucky, West Virginia, New Hampshire, and Puerto Rico sites had no trackers or cookies. Sites averaged 5.9 second load times, with Puerto Rico loading in 1.4 seconds, with Nevada the slowest at 15.7 seconds.
Zuckerberg discusses reforms to Section 230
In written testimony submitted ahead of the US House hearing regarding misinformation online, Facebook’s Mark Zuckerberg included suggestions for reforming Section 230, the US safe harbor law that prevents platforms from being liable for most things posted by its users. Zuckerberg suggests a platform should have to demonstrate an adequate system for identifying unlawful content and removing it in order to qualify for section 230, with the system proportionate to platform size.
Thanks to our episode sponsor, Trend Micro
QNAP warns of brute force attacks against NAS devices
The company warned that threat actors are using automated tools to login into Internet-exposed NAS devices using passwords generated dynamically or from lists of previously compromised credentials. Once access is gained, attackerss gain full access to steal sensitive documents or deploy malware. QNAP recommends changing the default access port number, using strong passwords for their accounts, enabling password policies, and disabling the admin account targeted in these ongoing attacks. Users can also block access to specific IP addresses after several failed login attempts. The NAS maker also saw a ransomware campaign against its devices back in 2019.
Cloudflare launches Page Shield
Arizona law on app store payments doesn’t get a vote
The Arizona State Senate was scheduled to vote on HB2005 on March 24th, which would have required Android and iOS to allow alternative in-app payment systems, but never came up for a vote. It’s unclear why the bill was pulled. The Verge reached out to the bill’s sponsor Representative Regina Cobb and the Arizona governor’s office but they did not respond to requests for comment.
Security engineer reports data leak, hears from police
Earlier this month, security engineer Rob Dyke discovered an exposed GitHub repository exposing passwords, API keys, and sensitive financial records which belonged to the Apperta Foundation. Dyke subsequently reported the leak, which had been open since 2019, to the Foundation, who initially thanked him for the disclosure. However on March 9th, he received a notice from Apperta’s legal team, followed by an email by the Northumbria Police cyber investigator in relation to a report of “Computer Misuse.” Dyke had previously worked with Apperta and said he followed their established disclosure policies when reporting the leak.