Hackers leak stolen Pfizer COVID-19 vaccine data online

The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. EMA is a decentralized agency responsible for reviewing and approving COVID-19 vaccines, as well as for evaluating, monitoring, and supervising any new medicines introduced to the EU. On December 31st, there were media reports of threat actors leaking what they claimed was the stolen EMA data on several hacker forums. EMA also said that European medicines regulatory network is fully functional and COVID-19 evaluation and approval timelines are not affected by the incident.

(Bleeping Computer)

Social media’s big terrible week

Facebook staff are being warned to avoid wearing company branded apparel for their safety. House Democrats are planning to look into the role of social media as a source of disinformation relating to events preceding and including the January 6 riot. German Chancellor Angela Merkel, as well as a Minister for the Government of France have publicly objected to the ban on President Trump’s accounts, and alternative private chat apps such as Signal, Telegram and MeWe are topping app store downloads for the first time. GoFundMe has banned Trump rally travel fundraisers. Although not appearing as strictly cybersecurity issues, these stories all have a great deal to do with privacy and they also have to do with security as the media in question have been outed as a means to incite groups to do malicious acts.

(The Information, Washington Post, Bloomberg, TechCrunch, Buzzfeed)

Parler archived due to “mind-numbing” mistake

As we reported here yesterday, a hacker succeeded in archiving 99.9 percent of Parler’s content before it when offline. Analysis of what made this possible shows that Parler lacked the most basic security measures to prevent scraping, and even ordered its posts by number in the site’s URLs, which helped in programmatically downloading its millions of posts. Kenneth White, a security engineer for MongoDB refers to this as an insecure direct object reference. Parler also did not use any sort of “rate limiting” to cut off anyone accessing too many posts too quickly, making it easy for the hacker to write a script to download everything in the order they were posted. White called this “mind-numbing – like a Computer Science 101 bad homework assignment.”


Sunspot malware used to insert backdoor into SolarWinds supply chain attack

CrowdStrike has shared details about another piece of the SolarWinds’ Orion puzzle. A piece of malware named Sunspot was used to inject the previously analyzed Sunburst backdoor into the Orion product without being detected. CrowdStrike revealed that the hackers deployed Sunspot on SolarWinds systems. Sunspot is designed to check every second for the presence of processes associated with the compilation of the Orion product on the compromised system. If such a process is detected, Sunspot replaces a single source code file to include the Sunburst backdoor.

(Security Week)

Thanks to our episode sponsor,  IT Asset Management Group

Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.  Is it clear who is responsible for the performance of your data disposition practice?   IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners.      
Download the program guide today at 

Biden to appoint cybersecurity veteran Anne Neuberger to NSC

The incoming President of the U.S. has plans of appointing Anne Neuberger to the newly formed National Security Council (NSC). She will be departing from her current role as the director of cybersecurity of NSA. Her previous roles included leading the NSA’s Election Security effort, and serving as Assistant Deputy Director of NSA’s Operations Directorate, where she led NSA’s foreign intelligence and cybersecurity operations. Prior to joining government service, Anne was Senior Vice President of Operations at American Stock Transfer & Trust Company.


Ponemon Institute says SOCs and their teams suffering

The Ponemon Institute has stated in its second annual “Economics of Security Operations Centers,” a growing majority of companies consider their security operations center (SOC) to be essential or important to their ability to secure their business and data, but the challenges in maintaining SOCs have expanded in the past year. 51% of respondents consider SOCs to be less valuable, despite the number of breaches increasing. This comes as unwelcome news to security teams struggling to secure remote employees while simultaneously focusing on nation states and criminal organizations attacking their companies. The report states that 75% of security workers find the stress and repetitive work are leading to lead to burnout, and 85% of  security analysts consider their job working in a SOC as painful or very painful.


Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day

Microsoft states that they have fixed a zero-day Microsoft Defender remote code execution vulnerability fixed in Microsoft Malware Protection Engine version 1.1.17700.4 or later. It has also patched a publicly disclosed Elevation of Privilege vulnerability and has released fixes for 83 vulnerabilities, with ten classified as critical and 73 as important. Other manufacturers releasing yesterday included Adobe for Photoshop, Illustrator, Animate, and more, Android, Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software, and SAP released its January 2021 security updates. Apple released iOS 12.5.1, on January 11.

(Bleeping Computer)

IoT manufacturer Ubiquiti urges password change following breach

Ubiquiti, a major vendor of IoT devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication following an incident at a third-party cloud provider that may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. This warning carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.

(Krebs ON Security)