Cybersecurity Weekly: COVID ransomware truce, Sodinokibi selling data, Windows EoS delayed

March 23, 2020 by Sam Fay

A hacking group promises to stop attacking medical units until COVID-19 cools down. Sodinokibi ransomware data leaks are now sold on hacker forums. Microsoft delays Windows 10 1709 end of service due to pandemic. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Hacking group promises to stop attacking medical units until COVID-19 cools down

The Maze Team ransomware gang, infamous for shutting down hospitals and clinics with ransomware, said it will stop attacking the healthcare sector until the Coronavirus crisis is under control. They’re going so far as to offer discounts for some victims while completely halting targeted attacks against the healthcare industry.
Read more »


2. Sodinokibi ransomware data leaks now sold on hacker forums

Ransomware victims who have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums. Following in Maze’s footsteps, several new ransomware operators are beginning to release stolen files for purchase on dark web marketplaces.
Read more »


3. Microsoft delays Windows 10 1709 end of service due to pandemic

To help ease the transition to the updated version of its operating system, Microsoft is pushing back the scheduled end of service date of Windows 10, version 1709 to October 2020. Originally scheduled for end of service in April 2020, version 1709 will receive monthly security updates from May to October.
Read more »


4. Security flaws found in popular password managers

According to security researchers, several popular password managers contain security vulnerabilities that could be exploited to breach the tools. They uncovered a total of four new vulnerabilities, including a flaw in the 1Password and LastPass Android applications that made them susceptible to phishing attacks.
Read more »


5. Cyberattacks ramp up amid pandemic, work from home prep uneven

A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working. While most respondents said they feel prepared from a security standpoint for this transition, 40 percent of those companies reported seeing increased cyberattacks as they enable remote working.
Read more »


6. Rogers data breach exposed customer info in unsecured database

In a data breach notification posted to their site, Rogers states that they learned on February 26th that a vendor database containing customer information was unsecured and publicly exposed to the Internet. Included in the data breach were addresses, account numbers, email addresses and telephone numbers.
Read more »


7. Phishing emails push fake government stimulus checks

Last week, the FBI warned of an ongoing phishing campaign that uses fake government economic stimulus checks as bait to steal personal information from victims. Similar campaigns might also ask potential victims for donations to various charities, promise general financial relief and airline carrier refunds as well as try to push fake COVID-19 testing kits.
Read more »


8. Misconfigured Elasticsearch instance exposes over five billion records

An open Elasticsearch instance exposed over five billion records in an incident discovered on March 16. The data in that instance appears to be information on data breaches collected by a UK-based research firm from 2012 to 2019. The data was taken offline by the owner within an hour of being notified by security researchers.
Read more »


9. Security breach disrupts fintech firm Finastra

Finastra, a company that provides technology solutions to banks worldwide, shut down key systems in response to a security breach discovered late last week. The company’s public statement does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.
Read more »


10. TrueFire guitar tutoring website suffers Magecart-like credit card breach

Online guitar tutoring website TrueFire has reportedly suffered a Magecart style data breach incident. The data breach notification reveals that an attacker gained unauthorized access to the company’s web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months.
Read more »

Posted: March 23, 2020
Sam Fay
View Profile