Welcome to the 19th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week (most of the time—we took a few break the past few weeks). We are transitioning to a new format this week. This week's volume compiled by Secjuice writers Miguel Calles, Mike Peterson, Bhumish Gajjar, and Sinwindie.
Hackers are using DNS-Hijacking to Get Users to Install Malicious COVID-19 Apps
Beware downloading mobile apps designed for COVID-19. Hacker brute forcing the router passwords to implement DNS-hijacking techniques against D-Link and Linksys routers. These attacks redirect users to phony sites that advertise malicious COVID-19 apps.
Troubles with Zoom in an age of remote work and play
We probably don't need to tell you about all of the vulnerabilities, privacy issues and other blunders discovered about video conferencing app Zoom over the past week. Many took up arms against the app, and in some opinions, justifiably so.
Whether or not the outrage was warranted is really up to you. Many Infosec professionals on Twitter pointed out that not everyone's threat model will be the same. Zoom is hardly perfect, but for the average user, the riskiness of the platform is relatively low. But, some food for tought: Instead of just telling not to use the app, explain why. Get them to think about their security risk models. Offer better alternatives.
Saudi Arabia exploited cell network flaw to track its citizens in the U.S.
A whistleblower told The Guardian that elements of the Saudi government may be exploiting vulnerabilities in global messaging system SS7 to spy on citizens as they traveled around the U.S. A cache of data given to the publication found that were were "millions" of secret tracking requests emanating from Saudi Arabia between November 2019 and February 2020.
There have long been concerns about SS7, which is a set of protocols that the telecom industry uses to route and direct calls between networks. But the system also has weaknesses that allow nation state actors to "weaponize" flaws to track citizens. More than that, U.S. carriers have historically done little to track the flaws, despite security experts and lawmakers sounding the alarm for years.
Digital wallet app leaks nearly 44 million images of cards
A digital wallet app used by millions of users across North America has leaked images of cards stored on its platform. Like many other careless data leaks, the app developers appeared to have stored customer data in five unsecured Amazon Web Services (AWS) S3 buckets – which were then discovered by researchers at vpnMentor.
While most users only stored low-risk cards on Key Ring, such as membership or loyalty cards, some used the platform to keep much more sensitive ones. Some of the exposed cards, for example, included state-issued IDs, credit cards with all relevant details, medical insurance cards, and medical marijuana ID cards.
Spearphishers continue to use COVID-19 to spread malware and infostealers
Phishing and malware campaigns related to the 2019 Novel Coronavirus have become a common theme over the past few months, but a recent example is worth singling out because of its use of the World Health Organization Trademark. The COVID-19-themed campaign is spread via email, as many similar scams are, according to security researchers at FortiGuard labs.
Worringly for the average user, the messages are filled with "legitimate characteristics." As you might expect, the emails contain an attachment that downloads the LokiBot infostealer if executed. There are some signs that it's not legitimate, such as grammatical errors and an unfactual linking of the WHO with the U.S.-based CDC. But still, now is as good of a time as any to inform the non-security professionals in your life to be extremely skeptical.