Shadow Brokers-Like Site Called SolarLeaks Sells Data Purportedly Stolen During SolarWinds Hack, Other Top Infosec Developments for 1/13/21

Parler's substandard security made it easy pickings for hackers, Video metadata obtain by a hacker from Parler shows rioters made it deep into capital, German police take down major darknet operation

Jan 13

Metacurity is now offering premium subscriptions to organizations at a 50% discount. Sign up today for our bulk subscription offer or email us at info@metacurity.com.

Get 50% off for 1 year

A new website called SolarLeaks is selling data purported to have been stolen from Microsoft, Cisco, FireEye, and SolarWinds in the SolarWinds’ hack.

The site, reminiscent of the Shadow Brokers efforts during the last presidential election, says it sells Microsoft source code and repositories for $600,000 and claims to have the source code for multiple Cisco products, including the company's internal bug tracker. (Lawrence Abrams / Bleeping Computer)

Jake Williams @MalwareJake

Someone claiming to be the attackers behind the SolarWinds breach are "offering" to sell data from their exploits. This looks a lot like the Shadow Brokers TTP of offering to sell data and Guccifer 2.0 as an attribution bluf. 1/2 solarleaks.net

Metadata linked to videos posted on hard-right social media site Parler obtained by the hacker who goes by the Twitter handle @donk_enby shows that hordes of rioters managed to penetrate deep into the U.S. Capitol on January 6.

Gizmodo has mapped nearly 70,000 geo-located Parler posts and isolated hundreds published on January 6 near the Capitol. (Dell Cameron / Gizmodo)

Related: VICE News, The Verge, Slashdot

Hard-right social media site Parler lacked basic cybersecurity hygiene measures, including the “cardinal sin” of an insecure direct object reference that allowed hackers to guess the pattern an application uses to refer to its stored data.

Parler also didn’t require authentication to view public posts and didn’t use any "rate-limiting" that would cut off anyone accessing too many posts too quickly. (Andy Greenberg / Wired)

Related: VICE News

A German-led police sting took down the “world’s-largest” darknet operation and arrested an Australian man who allegedly used it to facilitate the sale of drugs, stolen credit card data, and malware.

The site had nearly 500,000 users and more than 2,400 sellers, and a total of at least 320,000 transactions were carried out via the marketplace, with more than 4,650 bitcoin and 12,800 monero transacted on the site. (AFP)

Europol @Europol

DarkMarket: world's largest illegal dark web marketplace has been taken offline in an international operation involving 🇩🇪🇦🇺🇩🇰🇲🇩🇺🇦🇬🇧🇺🇸. #DarkMarket had 500 000 users, 2 400 sellers and 320 000 transactions. We supported the takedown with operational analysis and coordination.

The European Medicines Agency (EMA) said that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December were leaked online.

The agency also said that the European medicines regulatory network is fully functional, and COVID-19 evaluation and approval timelines are not affected by the incident. (Sergiu Gatlan / Bleeping Computer)

Microsoft issued its monthly Patch Tuesday security updates, address more than 80 security holes in its Windows operating systems and other software, while Adobe also issued Patch Tuesday updates that fix seven critical bugs that can lead to remote code execution.

Of most urgent concern is a critical bug (CVE-2021-1647) in Microsoft’s default anti-malware suite Windows Defender that is currently actively exploited. (Brian Krebs / Krebs on Security and Charlie Osborne / ZDNet)

Sophos threat researchers discovered new Android spyware sold on hacking forums targeting users in Pakistan by masquerading as Muslim prayer apps.

The spyware includes the ability to covertly exfiltrate sensitive data like the user's contact list and the full con’ full contents. (Ravie Lakshmanan / The Hacker News)

Related: TechDator, Sophos News

Email security firm Mimecast said hackers hijacked its product by compromising a digital certificate it issued and then used it to spy on select customers.

The certificate was used by about 10 percent of Mimecast’s customer base, or about 36,100 customers. (Dan Goodin / Ars Technica)

Researchers at Check Point say the 'Rogue' remote administration tool (RAT), a combination of two types of older Android malware, is for sale on underground forums for as little as $29.99.

The malware infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps to steal usernames and passwords, and financial data. (Danny Palmer / ZDNet)

According to a six-part report published by Google, a sophisticated Windows and Android hacking operation was carried out against Android and Windows devices.

Two exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. (Catalin Cimpanu / ZDNet)

French IT company Atos SE signed a deal to acquire Canada-based cybersecurity consulting firm In Fidem for an undisclosed amount.

The company plans to expand its portfolio in Canada. (Olivia Bugault / Marketwatch)

Can’t-Miss Conference

Last year’s PancakesCon, held at the very outset of the coronavirus to educate and entertain con-crazy cybersecurity folks who might be suffering from cabin fever, is back again this year, with no doubt another stellar series of talks. Like the first PancakesCon, developed on the fly by Dragos’ Lesley Carhart, this year’s PancakesCon is totally free-of-charge.

PancakesCon 2: The Vaccinationing @PancakesCon

I'm thrilled to announce that #PancakesCon 2 will be Sunday, March 21, 2021. It will once again be 100% free and virtual. Call for volunteers (logistics, CFP review) will be posted soon.

Photo By NASA/SDO (AIA) - http://sdo.gsfc.nasa.gov/assets/img/browse/2010/08/19/20100819_003221_4096_0304.jpg, Public Domain, https://commons.wikimedia.org/w/index.php?curid=11348381