BioNTech has disclosed, according to the Guardian, that information related to the COVID-19 vaccine the German firm has been developing with Pfizer was accessed in a cyberattack against the European Medicines Agency. The Agency simply says, SecurityWeek reports, that it was attacked, without offering so far any information on targets, losses, or attribution. Dutch national police are investigating.
Avast yesterday reported sighting Emissary Panda (also known as APT27 or Lucky Mouse). The campaign, whose first interest seems to be the government of Mongolia, is phishing with a weaponized document exploiting CVE-2017-11882.
Guardicore says that a relatively simple ransomware campaign they’re calling Please_Read_Me has been attacking SQL databases since this past January.
ZDNet reports that criminals are ransoming stolen databases for roughly $550 per database (prices fluctuating with Bitcoin exchange rates). Over eighty-five-thousand SQL databases are for sale back to their owners in what appears to be a secondary ransomware market. The market also seems largely automated. And there’s no particular reason to think that the databases won’t also be sold to third-parties in the criinal-to-criminal market.
There’s considerable breathlessness in reactions to the FireEye breach, but both Qualys and Hurricane Labs offer more measured, less alarmist advice. Qualys observes that some of the stolen tools may appear in commodity attacks. Hurricane Labs sensibly points out that organizations should pay attention to the vulnerabilities FireEye has said the tools incorporate, and apply the available patches and mitigations. Both note that FireEye has shared details useful for protection in its GitHub repository.