Security News

The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. Nitro is an application that helps create, edit, and sign PDFs and digital documents, an app that Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users.

The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in the E.U, similar to the FDA in the U.S. In December, the agency disclosed that threat actors broke into its server and accessed documentation about the vaccine from Pfizer and BioNTech. Specifically accessed were some documents relating to the regulatory submission for the companies' COVID-19 vaccine candidate, BNT162b2, which was stored on the EMA server, a Pfizer spokesperson confirmed to Threatpost.

The European Medicines Agency today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online. "The Agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access."

A development build of Windows Core Polaris was leaked online yesterday, proving that Microsoft was actively developing the operating system designed for low-performance devices. For those unaware, Microsoft has been secretly working on a modular version of the Windows platform codenamed "Windows Core OS." With Windows Core OS, Microsoft planned to offer different flavors/SKUs of Windows for various form factors, such as phones, 2-in-1s, dual-screen PCs, and collaboration devices.

Japan's Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices. "Because Kawasaki handles important sensitive information such as personal information and social infrastructure-related information, information security measures have been a top priority for the company," Kawasaki said.

Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. Since learning of the attack, Koei Tecmo released a data breach advisory stating that a forum on a UK subsidiary's website was compromised and the stolen data was leaked online.

A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan on compromised e-commerce sites. Researchers at Sansec, a security company focused on protecting e-commerce stores from web skimming attacks, said that the malware was delivered in the form of a 64-bit ELF executable with the help of a PHP-based malware dropper.

A software suite intended to let merchant ships' crews digitally communicate with the world ashore was riddled with security vulnerabilities including undocumented admin accounts with hardcoded passwords and widespread use of Adobe Flash. Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests.

In a newly released working paper [PDF], "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers," Guri, head of research and development at Ben-Gurion University of the Negev, Israel's Cyber-Security Research Center, describes a technique for turning DDR SDRAM buses into transmitters that can spew sensitive data. It's a method for sending data via Wi-Fi signals when the target device doesn't have Wi-Fi capability.

Google this week announced the launch of a knowledge base with information on a class of vulnerabilities referred to as cross-site leaks, or XS-Leaks. These vulnerabilities, Google explains, are rooted in the modern web applications' misuse of long-standing web platform behaviors, thus resulting in websites leaking information on the user or the information the user has entered in other web applications.