[SANS ISC] Thanks to COVID-19, New Types of Documents are Lost in The Wild, (Wed, Oct 20th)

In many countries, citizens are vaccinated and authorities are now implementing new rules when you need to attend some events or travels. For example, in Brussel (BE), you must prove that you’re completely vaccinated by showing your “COVID Safe Ticket” to go to a restaurant or a bar. The document name changes across countries but it’s basically the same document for everybody with a QR-code.

Some people are against the vaccin and look for “solutions” to attend events. They try to find or to fake such certificates (which is of course illegal). A few weeks ago, the French president Emmanual Macron had his QR code stolen and re-used by some people[1]. This means that people are looking for QR-code and data! Behind this story, there seems to be a new type of data leak, many people exchange certificates which contain a lot of sensitive information.

For a few days, I run a hunting search on VT to try to find interection documents and I found some nice PDF files:

Be careful when you exchange documents like these on a cloud service or if you exchange them via tools that automatically feed VT! Once uploaded, they should be considered as “lost”!

[1] https://www.rfi.fr/en/france/20210924-health-officials-identify-suspects-behind-macron-s-qr-data-leak-health-pass-digital-security

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[BleepingComputer] Japanese insurer Tokio Marine discloses ransomware attack

Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. […] Source: Read More (BleepingComputer)

Read More

[NCSC-FI News] Asustor NAS owners hit by DeadBolt ransomware attack

Owners of Asustor NAS drives have woken up to discover that data they believed was safe and sound on their network storage devices has instead been encrypted by ransomware, and that cybercriminals are demanding a ransom. Source: Read More (NCSC-FI daily news followup)

Read More

[SecurityWeek] Google Android Security Update Patches 40 Vulnerabilities

All posts, Security Week

Google on Tuesday published the Android Security Bulletin for September 2021 with patches for a total of 40 vulnerabilities, including seven that are rated critical. read more Source: Read More (SecurityWeek RSS Feed)

Read More