Hacker Gained Access to Parler's Content Before AWS Shut-Down, More Top Infosec News for 1/11/21

Researchers find a flaw that could have exposed 100K UN employees' records, Kaspersky ties SolarWinds' malware to Russian threat group Turla, Bank of New Zealand sensitive information accessed, more

Metacurity is proud to announce 50% discounts to our bulk and organizational subscribers. Please consider sending a link to Metacurity to the office in your organization that arranges for subscriptions. Thank you.

Get 50% off for 1 year

A hacker who goes by the name Crash Override and uses the Twitter handle @donk_enby claims to have hacked into the now-defunct hard-right website Parler’s login API and gained access to all content. She is now leaking some of the content online.

Parler, which experienced a surge in user sign-up requests after Twitter banned the accounts of Donald Trump and associated violent insurrectionists, went offline last night following the decision by Amazon to no longer host its content.

@donk_enby began her task intending to catalog the posts of Parler users before the site went offline.

Related: Gizmodo, ParlerWatch/r/

Researchers Jackson Henry, Nick Sahler, John Jackson, and Aubrey Cottle of Sakura Samurai disclosed a security vulnerability that could have allowed hackers to access over 100,000 private employee records of the United Nations Environmental Programme (UNEP).

The flaw was in exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with over 100k employees. (Ax Sharma / Bleeping Computer)

Related: Security AffairsTechNaduInfosecurity Magazine

Researchers at Kaspersky Lab report they have discovered some code overlap between the SUNBURST malware used in the SolarWinds hack and Kazuar, a backdoor used by the Turla Advanced Persistent Threat (APT) group.

Turla (aka Snake, Venomous Bear, Waterbug, or Uroboros) is a Russian-speaking threat actor known since 2014. (GEORGY KUCHERIN, IGOR KUZNETSOV, COSTIN RAIU / Securelist)

Related: ComputerWeekly: IT securityReddit - cybersecurity

End-to-end encrypted messaging app Signal suffered some user verification delays after an onslaught of WhatsApp users flocked to the more secure service.

The defection to Signal from WhatsApp was spurred by WhatsApp's new mandatory policy that users agree to share their data with parent company Facebook. (Lawrence Abrams / Bleeping Computer)

Related: The SunGadgets NowThe South AfricanWindows CentraliNews, Telecomlive.comNewsBytes AppPogoWasRight.org, DNA IndiaTechJuiceDAILYSABAHThe Mac ObserverEntrepreneur.comDevdiscourse News DeskGulf News TechnologyMediaNamaCyberNews, fossBytesTom's GuideIBTimes IndiaNDTV Gadgets360.comGadgets NowHow-To GeekMacRumorsBleeping ComputerAndroid Central, TechDator

The U.K.’s Competition and Markets Authority (CMA) is investigating Google’s plan to end support for third-party cookies in the Chrome browser and Chromium engine.

This move follows a complaint lodged in November by a coalition of digital marketing companies that urged the CMA to block Google’s implementation of the self-styled “Privacy Sandbox.” (Natasha Lomas / TechCrunch)

Related:ComputerWeekly: IT securityNeowinAppleInsiderFinancial TimesSan Jose Business NewsAndroid CentralGizmodoFortuneTechnology | International Business TimesET newsCNBC TechnologyPYMNTS.com, EngadgetAppleInsiderCNBC TechnologyWSJ.com: WSJDDaily MailSlashdot

Share Metacurity

The Reserve Bank of New Zealand said that a third-party file sharing service used by the Bank to share and store some sensitive information had been illegally accessed.

The bank said the system has been secured and taken offline (New Zealand Herald)

Related: Deutsche WelleBloombergNew Zealand Herald - Top StoriesNew Zealand Herald - Top StoriesSydney Morning HeraldAFPChannel News AsiaPerthNowJapan TodayReuters: World NewsBusiness StandardAssociated Press TechnologyTelegraphTechJuiceThe Mainichi, Scoop NZBleeping ComputerReddit - cybersecurityNewsChainPerthNowSecurity AffairsPYMNTS.comSiliconANGLESecureReadingTIMESecurity AffairsTechnology | International Business Times, SecurityWeekDataBreaches.net, South China Morning Post

Hackers with access to Google Titan's two-factor authentication keys can use $12,000 worth of equipment and custom software, plus an advanced background in electrical engineering and cryptography to clone the key, meaning that such a security breach would likely only be available to nation-states, according to researchers from security firm NinjaLab.

This complex task begins with using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which stores cryptographic secrets. (Dan Goodin / Ars Technica)

Related: TechNaduHacken.ioZDNetSlashdotInformation Security Newspaper | Hacking NewsReddit - cybersecurityNinja Lab

Researchers at Check Point say that Emotet malware was used in a spam campaign that targeted over 100,000 users a day over Christmas and New Year.

The research also shows that Emotet was used to target 7% of organizations worldwide during December. (Danny Palmer / ZDNet)

Related: Check PointInfosecurity Magazine

NVIDIA released security updates to address six security vulnerabilities that can expose Windows and Linux machines to attacks leading to a denial of service, escalation of privileges, data tampering, or information disclosure.

The flaws are found in Windows and Linux GPU display drivers and ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.  (Sergiu Gatlan / Bleeping Computer)

Related: ZDNet SecurityTechDatorInfosec Cert, TechTargetET news

Dassault Falcon Jet, the U.S. subsidiary of French aerospace company Dassault, which designed and builds military and business jets as well as space systems, disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.

The company discovered the breach on December 6th, 2020, and sent a data breach notification letter to impacted current and former employees on December 31st. (Sergiu Gatlan / Bleeping Computer)

Share

Chrome, Firefox, and Edge browsers urge users to patch critical vulnerabilities that, if exploited, allow hackers to hijack systems running the software.

Mozilla had a separate bug which the Cybersecurity and Infrastructure Security Agency (CISA) urged users of Mozilla’s Firefox browser to patch and rated it critical. (Tom Spring / Threatpost)

Related:PCMag.comSensors Tech ForumE Hacking NewsReddit - cybersecurity

A new trend among ransomware groups is to steal data from workstations used by top executives and managers to obtain high-value information that can later be used to extort top ransomware payouts.

Victims of the Clop ransomware gang appear to be particularly vulnerable. (Catalin Cimpanu / ZDNet)

The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes.

Users of the Bluetooth-controlled Qiui Cellmate chastity device were locked into their ChastityLocks last year by hackers who gained remote control over the devices. (Ionut Ilascu / Bleeping Computer)

Related: Reddit - cybersecurity

Image: Original: ParlerVectorized: Jayvee Enaguas (HarvettFox96), Public domain, via Wikimedia Commons