Weekly Cyber Digest

07 July 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Deep & Dark Web
Name Heat 7
TikTok
MapleStory
phpMyAdmin
Debian
Discord VoIP
Open Source
Name Heat 7
Tenda
Microsoft IIS
Chrome V8 JavaScript Engine
Google Chrome Browser
Google Chrome OS

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Clairsol Inc (US) Hacker DarkFox claims to have stolen sensitive patient information from Trenton Psychiatric Hospital, Ancora Psychiatric Hospital, Greystone Park Psychiatric Hospital and two unnamed facilities. They reportedly gained access to these records using plaintext login credentials discovered for the client portal of the New Jersey health information management vendor Clairsol Inc. Unknown
Macmillan (US) A security incident on June 25th, 2022, likely involved ransomware. It remains unclear which group was responsible, or whether any data was stolen. Unknown
Professional Finance Company Inc (US) An unauthorised third party accessed and disabled some of the company’s computer system during a ransomware attack on Februrary 26th, 2022. The incident is believed to have affected 663 healthcare providers. Potentially compromised data includes names, addresses, dates of birth, Social Security numbers, and more. Unknown
OrthoNebraska (US) An unauthorised actor gained access to an email account in early December 2021. Potentially compromised information includes driver’s licence numbers, state identification card numbers, usernames and passwords, Social Security numbers, and more. Unknown
Community of Hope D.C. (US) An unauthorised individual may have had access to certain files and data within an employee’s email account between January 27th and February 7th, 2022. Possibly compromised patient information includes Social Security numbers, driver’s license numbers, financial information, health insurance information, and health diagnostic information.  Unknown
Charlotte Radiology (US) An unauthorised actor gained access to the company’s network between December 17th and December 24th, 2021. Potentially exposed information includes names, addresses, health insurance information, medical record numbers, and more. Unknown
ATC Healthcare Services (US) Company email accounts were accessed without authorisation at various times between February 9th and December 22nd, 2021. Possibly compromised information includes names, Social Security numbers, driver’s licences, financial account information, electronic or digital signatures, and employer-assigned identification numbers. Unknown
Shanghai Police (China) Unknown hackers claimed to have stolen the personal data of Chinese residents after breaching a Shanghai police database. The attackers offered to sell over 23TB of the data for $200,000 worth of Bitcoin. The stolen data allegedly includes names, addresses, birthplaces, national IDs, phone numbers, and criminal case information. 1,000,000,000
Covenant Care California (US) On February 24th, 2022, an unauthorised actor gained access to an employee email account that contained data such as health insurance and medical information, along with select birthdates, driver’s license numbers, and Social Security numbers. Unknown
Bergen’s Promise (US) Between November 15th and 18th, 2021, the company experienced unauthorised access to six employee accounts. Compromised information includes names, medical information, Social Security number, health insurance information, and more. 6,948
Gol Tours Ltd (Israel) Iranian hackers recently hacked into multiple Israeli travel booking sites operated by the company and obtained personal information of Israelis. Leaked information includes telephone numbers, addresses, dates and locations of booked vacations, and sensitive medical information. 300,000
The People Concern (US) An unauthorised individual accessed employee email accounts on varying occasions between April 6th and December 9th, 2021. Potentially exposed information includes names, dates of birth, Social Security numbers, health insurance information, and medical information. Unknown
Advocates Inc (US) An unknown actor gained access to the company’s network between September 14th and September 18th, 2021. Potentially compromised information includes names, addresses, Social Security numbers, dates of birth, client identification number, health insurance information, and medical diagnosis. 68,236
Arkansas County (US) On April 18th, 2022, the county’s 9-1-1 Call Center was targeted in a Bozon ransomware attack that affected the systems of the Revcord Call Logger. The infection was reportedly stopped quickly. Unknown
Kokikai Yasue Hospital (Japan) A data breach occurred following unauthorised access to the internal computer system. Potentially compromised information includes names, dates of birth, addresses, telephone numbers, medical information, vaccination history, and more. 112,706
WeWork (India) A bug in the check-in app allowed access to the check-in record of any visitor. Included in the exposed data were names, phone numbers, email addresses, and selfies. Unknown
Multiple Schools (UK) Thousands of British school pupils have had their private data leaked online by the threat actor Vice Society. The stolen data was leaked on Vice Society’s dark web page and includes photocopies of passports, disciplinary records, and child protection reports relating to vulnerable pupils. Unknown
BWI Airport Marriott (US) A threat actor claimed to have breached the company and exfiltrated 20GB of data. A sample of the data contained information on hotel guests and personnel, and data on flight crew members. This includes names, flight numbers, assigned room numbers, and corporate credit card numbers. ~400
Proud Makatizen (Philippines) A misconfigured Amazon Web Services S3 bucket belonging to the official government website exposed 39.7GB of data.The data is from May 2020 to April 2022 and includes ID cards which feature names, photos, and addresses, as well as private medical and financial information. ~300,000
Tutu (Russia) On July 2nd, 2022, personal data of customers of the ticketing service was uploaded to a public domain. The file contains names and surnames, 2.29 million unique phone numbers, and around 2 million unique email addresses. Unknown
Cetera Financial Group (US) The company determined that personal information of two Maine residents was compromised, including name and Social Security number. Additional individuals might have been affected by the breach, specifically regarding access to their Social Security number. 2,190
Southwest Health Center (US) Certain protected health information may have been accessed or acquired without authorisation on or before January 11th, 2022. Potentially compromised data includes names, dates of birth, Social Security numbers, financial account numbers, medical information, and health insurance information. Unknown
VCU Health (US) Information about transplant donors had accidentally been included in files for other transplant recipients and vice versa since at least January 4th, 2006. A limited amount of protected health information may have been viewable between March 29th and May 27th, 2022, as a result of this incident. Potentially compromised data includes names, Social Security numbers, lab results, medical record number, dates of service, and dates of birth.  4,441

Malware mentions in Technology

Time Series

This chart shows the trending malware related to Technology within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Cryptocurrency The 8220 Mining Gang has updated its methods to target Linux servers and deploy a new version of the pwnRig cryptominer. The group exploits critical remote code execution vulnerabilities in Atlassian Confluence and Oracle WebLogic, tracked as CVE-2022-26134 and CVE-2019-2725, for initial access. The Chinese-speaking actor has been active since 2017 and has previously performed Monero mining.
Critical Infrastructure Russian-speaking hacking group XakNet claimed to have breached DTEK Group’s networks and posted screenshots of allegedly stolen data as proof on their Telegram channel. While it is unclear what computer systems may have been breached, there have been no reports on outages caused by the attack. According to the firm, the attack was in retaliation for its owner’s opposition to Russia’s war in Ukraine. DTEK added that the goal of the attack was to destabilise the technological processes of its distribution and generation firms, spread propaganda, and to disrupt electricity supply. The attack also coincided with Russia’s shelling of a thermal power plant owned by DTEK in central Ukraine. 
Healthcare Multiple United States agencies released a joint cybersecurity advisory warning that North Korean state-sponsored actors have been using Maui ransomware to target the healthcare and public health sector since at least May 2021. Multiple incidents have been observed in which attackers use Maui ransomware to encrypt servers responsible for healthcare services. These include electronic health record servers, as well as diagnostic, imaging, and intranet services. The initial access vectors used remain unknown. 
Government CloudSEK researchers discovered an advanced phishing campaign targeting individual jobseekers as well as government and corporate entities in the Middle East. The threat actors impersonate the Ministry of Human Resources of the United Arab Emirates and target immigrant workers looking for jobs, or businesses through business email compromise scams. A fake website impersonating the legitimate ministry domain was used. The researchers also identified around 120 phishing domains connected to this campaign.
Technology The United States Cybersecurity and Infrastructure Security Agency re-added a critical Windows LSA spoofing vulnerability, tracked as CVE-2022-26925, to its list of exploited vulnerabilities. The flaw was previously confirmed to be an actively exploited attack vector for the PetitPotam attack. Despite releasing a security update to address the vector, exploitation in the wild remains ongoing as not all PetitPotam vectors have been blocked.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal