At a glance.
- Printing service exposes database containing customer information.
- Privacy considerations for organizations as they cope with COVID-19.
- Trolls are intruding into poorly secured video conferencing.
- TrickBot evolves, beginning RDP brute-forcing.
Misconfigured AWS S3 bucket leaks printing company's customer information.
Researchers at vpnMentor have found a misconfigured AWS S3 bucket that's exposed the data of possibly one-hundred-thousand Doxzoo users. Doxzoo, based in the UK but operating globally, prints and binds documents for government organizations, businesses, and private individuals. A partial list of the data exposed includes: full names, addresses, and email addresses; passport scans; paycard data; order details, certifications, diplomas, and degrees; medical documents; and floor plans. The company has taken the database down.
Privacy considerations for organizations during the pandemic.
The COVID-19 pandemic presents the usual tension between health and safety on the one hand and privacy on the other. While there have been, in the US at least, some relaxation of privacy safeguards in order to facilitate telehealth communications, organizations should remain appropriately cautious about the way they handle personal information, especially information about an individual's health. Cooley has some advice for organizations working to strike the right balance:
- If an organization needs to collect information as part of an effort to control the virus, there's generally no requirement to get individuals' consent to collect relevant data, but companies should collect only that personal information they consider necessary to managing COVID-19 risk. That is, the information collected and retained should be clearly, explicably, and defensibly relevant to COVID-19 risk management.
- Use some dedicated means to collect health information, and store it in a dedicated location. Health data should be encrypted.
- Securely delete health information when it's no longer necessary for COVID-19 risk mitigation.
- Avoid naming an infected individual to others. A possible exception to this rule might occur when an organization needed to track the infected individual's contacts.
- Always verify the legitimacy of any links you share with employees to provide them with information about COVID-19.
- And refresh employees on the need to open email with caution--there's a great deal of COVID-19 phishing going around. Make it a policy never to ask employees for their credentials over email, and be sure employees know that policy. (And be sure the organization adheres to it.)
Zoom-bombing in the time of the pandemic.
With video-conferencing seeing heavy use as people work remotely, TechCrunch reports that "Zoom-bombing" is now a thing. That is, various skids are trolling Zoom virtual meetings and sharing unusually repellent violent or pornographic content as their screen, where other users can't avoid seeing it. It's done for the lulz, not for any serious purpose, but intruding into video conferences always poses a privacy risk.
Reuters offers corroborative detail, from a work-from-home happy hour intended as a collegial morale-booster. “I cannot unsee what just happened,” one of those who attended wrote. “Participants screamed and cringed while the hosts rushed to kick the troll out of the call. But they just re-entered under a new name and blasted the audience with more disgusting imagery.”
TrickBot begins brute-forcing RDP in Hong Kong and the US.
Bitdefender reports that TrickBot has a new module designed to brute-force Remote Desktop Protocol (RDP) for selected victims. It’s designated “rdpScanDll:,” and it’s apparently still under development. The RDP attack tool seems intended for use against targets in Hong Kong and the US.
TrickBot began its career in 2016 as a credential stealer focused mostly on financial targets. But its modular design has lent it steadily increasing levels of sophistication as criminals plug in new capabilities. The most recent enhancement, rdpScanDll, is being used mostly against telecommunications targets, with the other most-targeted verticals being education and research, and then financial services, including banks. The criminal campaign is being run from a dynamic set of command-and-control servers, most of them located in Russia.