Stolen COVID Data Were Altered Before Leak; FBI Vishing Warning; Apache Vulnerability

The hackers who stole COVID-19-related data from the European Medicines Agency (EMA) altered it before posting it on the dark web. The data pertain to the BNT162b2 vaccine, which was jointly developed by Pfizer and BioNTech. According EMA's most recent update on the cyberattack, "some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines." Amsterdam-based EMA evaluates applications for medicines to be marketed in the European Union.

Read more in

The FBI has issued a TLP:WHITE Private Industry Notification (PIN) warning that cyber threat actors are using Voice over Internet Protocol (VoIP) platforms to contact employees at companies around the world and try to trick them into visiting a webpage that harvests their personal data. The threat actors have used the account credentials they collect to access companies' networks. The FBI's recommended mitigations include implementing multi-factor authentication, a least-privilege policy, network segmentation, and providing admins with two accounts: one for system changes and another for email, generating reports, and deploying updates.

Read more in

Apache was notified of a cross-site scripting vulnerability in its Velocity Java-based template engine in October 2020; a publicly visible fix was posted to GitHub in early November, but Apache Velocity Tools has not yet formally disclosed the issue.

Read more in

The Scottish Environment Protection Agency (SEPA) has acknowledged that its network was infected with ransomware; the agency says it does not intend to pay the ransomware operators' demand. The attack began in late December 2020. The attackers have reportedly stolen more than 1GB of data. The attack has affected SEPA's "contact centre, internal systems, processes and internal communications." SEPA's critical services, including monitoring and flood forecasting and warning, are operational.

Read more in

The Monetary Authority of Singapore (MAS) has revised its Technology Risk Management Guidelines to include directing financial institutions to ensure that third-party service providers are adequately securing data. The guidelines also call for increased security controls and strong risk mitigation for cloud technologies and APIs.

Read more in

Numerous vulnerabilities, including at least 28 backdoor accounts, have been found in the firmware of FiberHome FTTH ONT routers. The routers are used mainly in South America and Southeast Asia. The researcher who detected the vulnerabilities also noted that the devices' firewall is active on the IPv4 interface, but not on the IPv6 interface.

Read more in

On January 15, the Bugtraq mailing list announced it would be shutting down on January 31, 2021. Bugtraq was established in November 1993. A day later, Bugtraq wrote, "based on the feedback we've received both from the community-at-large and internally, we've decided to keep the Bugtraq list running."

Read more in

Organizations that have not yet patched the Microsoft Zerologon vulnerability are being urged to do so before February 9, 2021. As of that date, Microsoft "will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices." Microsoft released a fix for the Zerologon vulnerability in its August 2020. In September 2020, the US Department of Homeland Security (DHS) issued an emergency directive instructing agencies to patch systems against the flaw.

Read more in

A hacker breached an admin account on the OpenWRT forum. The account was protected by a password, but did not have two-factor authentication implemented. According to an OpenWRT security notice, "the intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum." All forum passwords have been reset and API keys have been flushed. The breach occurred on Saturday, January 16.

Read more in

Excellus Health Plan has agreed to pay a $5.1 million fine to the US Department of Health and Human Services (HHS) Office for Civil Rights for violations of the Health Insurance Portability and Accountability Act (HIPAA). The hackers breached the Excellus network in December 2013 and maintained access until at least mid-May 2015. The breach exposed personally identifiable information of more than 9.3 million patients. The exposed data included names, bank account information, and clinical treatment information. Excellus filed a breach report in September 2015.

Read more in