Welcome to the 18th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week's volume compiled by Secjuice writers Mike Peterson, Manmeet Singh Bhatia, and Secprentice.
Numerous COVID-19 Related Sites Are Being Used As Bait
As the world halts to deal with the pandemic of 'Corona Virus,' hackers and threat actors continue to take advantage of the situation with the help of malware campaigns.
A report by the firm Check Point Research reveals a surge in the number of malicious corona-virus associated domains registered since the start of January.
Amid Global Pandemic, Governments Want To Start Tracking Citizens
It's during national or global crises that you begin to see all of the secret tracking programs come out. The Israeli internal security agency is tapping into a previously undisclosed database of cellphone data to trace the movements of citizens who may have contracted COVID-19 and the people they might have interacted with, according to a New York Times piece published on March 16.
That's an unprecedented move. And while it could help slow the spread of COVID-19 in the country, it does bring up some major concerns about privacy rights eroding during times of emergency. And it's not just Israel. The U.S. government is also holding discussions with major tech companies about the possibility of using user location data to track the coronavirus.
Hackers Promise Not To Target Healthcare Organizations
Hospitals and healthcare organizations have been a popular target for ransomware campaigns. But during severe outbreaks like COVID-19, a cyberattack could quickly become deadly. Luckily, many ransomware gangs have promised not to attack health organizations during the current 2019 Novel Coronavirus pandemic. Can we really trust them?
That interesting tidbit came from Bleeping Computer's Lawrence Abrams, who reached out to the operators of Maze, DoppelPaymer, Ryuk, PwndLocker, and other ransomware. Two of them, Maze and DoppelPaymer, responded. They said they wouldn't attack hospitals or nursing homes and will decrypt infected systems for free. The Maze operators, interestingly told that they'd only hold to that promise until "the stabilization of the situation with virus."
200 Million U.S. Citizen Records Leaked
Security researchers have come across what they dubbed "an absolute goldmine for cybercriminals," consisting of nearly 800GB of personal user information. The data was reportedly left on an unprotected database and contained identifiable information on nearly 200 million different users.
What was contained in the data is a bit more concerning. The data appeared to be profiles of U.S. users but included sensitive information like full names, home and mortgage real estate addresses, phone numbers, birthdates, tax records, personal interests and investments, and even political or religious donations.
Microsoft SMB V3 Wormable Vulnerability
On March 10th, 2020, the cybersecurity community noticed an accidental leak of a critical remote code execution vulnerability in Windows SMB v3. The vulnerability allows an unauthenticated, remote attacker to execute code on target systems. This vulnerability is very similar to the infamous EternalBlue exploit and proceeding WannaCry attacks. Proof of concept code is available, but thankfully no large scale weaponization in the wild as yet. Although based on previous experience, it is only a matter of time before we see wholesale destructive abuse of such a powerful vulnerability. System administrators should waste no time in applying the available patches.