Skip to content

Daily Cyber Alert – Discover the latest in cyber threat news directly from the Silobreaker platform Learn More +

  • Request demo
Menu
  • Request demo
  • Product
        • Platform
          • Cyber Threat Intelligence Platform
          • Physical Risk Intelligence
          • Strategic and Political Intelligence
          • Brand Threat Protection
        • Industries
          • Financial Services
          • Tech & Telecoms
          • Government & Defence
          • Critical Infrastructure
          • Service Providers
          • Healthcare & Pharma
  • Alerts
    • Financial Services Threat Alert
    • Ransomware Rewind
    • Russia-Ukraine Insights Alert​
    • Daily Cyber Alert
    • US Politics Media Watch​
    • Weekly Cyber Digest
    • COVID-19 Threat Alert​
  • Resources
    • Events
    • Webinars
    • Customer Stories
  • Partners
    • Integration Partners
    • Channel Partners
  • Company
    • About
    • News
    • Careers
    • Contact
  • Free Trial
  • Login

Weekly Cyber Digest

Home – Alerts – Weekly Cyber Digest: 03 – 09 March 2023

09 March 2023

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Deep & Dark Web
Name Heat 7
Microsoft Word
OpenSSH
Bitcoin Core
Microsoft Windows Defender
Google Android
Open Source
Name Heat 7
XWiki Platform
Moodle
Trusted Platform Module
Snapchat App
Xen Software

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
GunAuction (US) Hackers breached the company’s website, exposing sensitive personal data including names, home addresses, email addresses, plaintext passwords, and telephone numbers. The data allegedly makes it possible to link a particular individual with the sale or purchase of a specific weapon. 550,000
Hatch Bank (US) Hackers exploited a vulnerability in the company’s Fortra GoAnywhere MFT secure file-sharing platform on January 29th, 2023. Compromised information includes names and Social Security numbers. 139,493
Chick-fil-A (US) Customer accounts were compromised in a credential stuffing attack. This allowed the hackers to use stored rewards balances and access personal information, including names, email addresses, masked payment card numbers, and more. Unknown
College of the Desert (US) A July 2022 malware attack may have led to unspecified personal data being subject to unauthorised access. ~800
Modesto Police Department (US) A ransomware attack on February 3rd, 2023, may have compromised the personal information of some individuals, including Social Security and driver’s license numbers. Unknown
Vesuvius (UK) The Vice Society ransomware group claimed responsibility for an attack and published allegedly stolen files on their leak site. Unknown
Zurcal Group (Spain) Stormous ransomware claimed to have targeted the company, naming it in its Telegram channel on February 24th, 2023. The attackers initially leaked images showing invoices and plans, before leaking further files as proof, including tax identification numbers. Unknown
Associação de Advogados de São Paulo (Brazil) After the organisation denied any data exfiltration in a January 2023 breach, Ragnar Locker ransomware leaked 200GB of allegedly stolen files, some which contain personal information. Unknown
Multiple (South Africa) The Public Service Co-ordinating Bargaining Council, the General Public Service Sector Bargaining Council, and the Safety and Security Sector Bargaining Council experienced a ransomware attack between February 24th and February 28th, 2023. Unknown
City of Oakland (US) Play ransomware added the city to their leak site on March 1st, 2023, and began leaking the allegedly stolen data on March 4th, 2023. Potentially compromised data includes identity documents, personal data, information that allegedly proves human rights violations, and more. Unknown
Denver Public Schools (US) An unauthorised actor stole data from the school district’s network between December 2022 and January 2023. Potentially compromised data includes names and Social Security numbers, fingerprints, bank account or pay card numbers, student identification numbers, driver’s license numbers, passport numbers, and more. Unknown
Tennessee State University (US) On March 1st, 2023, the university notified students that it had been affected by a ransomware attack. Whilst the incident led to the university shutting down all internet access on campus, students were still able to access their email accounts and campus computer labs.  Unknown
Medavie Blue Cross (Canada) Customer data was impacted in a cyberattack in November 2022, in which attackers gained access to servers belonging to their subsidiary, Managed Health Care Services Inc. Unknown
Preferred Home Care of New York (US) The care provider reached a settlement relating to a 2021 breach involving the personal data of patients and employees, which included sensitive health information and identifiers such as Social Security numbers. The REvil ransomware group previously claimed it was linked to the attack on the company. 92,283
The Chautauqua Center (US) An error during a system upgrade exposed protected health information and made it accessible to other entities. Compromised data includes names, primary diagnosis and related cause information, secondary insurance information, and more. The data has since been secured.  747
Verizon (US) A publicly available data dump, containing information allegedly stolen in January 2023, was advertised on the clear web. Potentially compromised information includes first names, customer hashes, usage statistics, contract status, device types, and more. ~9,000,000
Hamburg University of Applied Sciences (Germany) The Vice Society ransomware group added the university to their leak site. The university stated ‘significant amounts of data’ were copied, including usernames, ‘cryptographically secure’ passwords, email addresses, and mobile phone numbers. Unknown
City of Waynesboro (US) The BianLian ransomware group claims to have infiltrated the local government network, acquiring around 350GB of data. Potentially compromised data includes files relating to the police department, which is said to include reports, criminal investigations, the personal data of staff, and more. Unknown
HDFC Bank (India) A hacker posted 7.5GB of allegedly stolen data on an underground forum. The data is said to include full names, dates of birth, phone numbers, email addresses, physical addresses, financial information, and more. Unknown
Hospital Clinic de Barcelona (Spain) A ransomware attack on March 5th, 2023, took computer systems offline, with all written work being completed on paper and operations and appointments cancelled. The Ransom House group is said to be behind the attack, but no demands have been made. Unknown
Northeast Surgical Group (US) BianLian ransomware added the company to its leak site in January 2023, with data leaked in February 2023. Potentially compromised data includes names, addresses, Social Security numbers, dates of birth, and medical and treatment information. 15,298
Attent Zorg en Behandeling (Netherlands) The Qilin ransomware group claimed to have breached the organisation via an unpatched vulnerability, stealing hundreds of gigabytes of data, with some published on their leak site. Compromised information includes confidential internal communication, salary statements, non-disclosure agreements and passport copies. Unknown
Toyota (Japan) A authentication bypass vulnerability allowed access to the personal information of customers in Mexico. Potentially compromised data includes names, addresses, phone numbers, email addresses, tax IDs, and vehicle ownership history. The vulnerability has since been fixed. Unknown
Council of Granada GhostSec alleged they had gained access to a 7GB database via an SQLi attack, which they subsequently sold. A data sample provided by the hackers included personal and work-related information of some individuals, as well as usernames and passwords. Unknown
Minneapolis Public Schools (US) Medusa ransomware added the school district to its leak site, threatening to leak stolen data if a $1 million ransom is not paid. The attackers have since posted a video showing them accessing personal staff and student data, including employee tax forms, HSA withdrawals, vendor contracts, and job applicant resumes. Unknown
HDB Financial Services (India) A hacker posted 7.5GB of customer data on the Breached forum consisting of loan information from May 2022 to February 2023. Potentially compromised data includes names, dates of birth, phone numbers, email addresses, and more. Unknown
Black & McDonald (Canada) The engineering company was targeted in a ransomware attack in February 2023. Ontario Power Generation stated there is no evidence that the incident compromised sensitive information. Black & McDonald have not publicly confirmed the attack.  Unknown
Voskhod Research (Russia) A threat actor may have infiltrated a database used to process personal data and biometrics, and issue electronic passports. The hacker may have accessed ‘tens of percent’ of the passport database. The allegedly stolen information also impacts some citizens from Kazakhstan and Belarus. Unknown
DC Health Link (US) Sensitive personal data of persons connected to the US Senate and House of Representatives was listed for sale on a hacking forum following a breach at the company. The database reportedly includes names, dates of birth, addresses, email addresses, phone numbers, Social Security Numbers, and more. 170,000

Attack Type mentions in Healthcare

This chart shows the trending attack types related to Healthcare within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Government
ESET researchers analysed a new custom backdoor, named MQsTTang, attributed to Mustang Panda. The backdoor is part of an ongoing campaign that dates back to early January 2023. Victims of the campaign include unknown entities in Bulgaria and Australia and a governmental institution in Taiwan, and possibly political and governmental organisations in Europe and Asia. The malware is distributed via RAR archives, likely via spear phishing. The attacker is able to execute arbitrary commands on the victim machine, with persistence achieved by creating a registry Run key.
Banking & Finance
Metabase Q researchers analysed a new strain of malware, dubbed FiXS, targeting the ATMs of banks in Mexico in order to steal funds. Whilst the initial infection vector is unknown, FiXS is believed to use a similar attack methodology to the Ploutus malware, whereby the attacker connects an external keyboard to the ATM. FiXS can be used to target any ATM which supports CEN XFS APIs. Whilst the origin of FiXS is unknown, it contains metadata which suggests it originates from Russia.
Technology
Researchers at Mandiant and SonicWall identified suspected Chinese threat actor UNC4540 targeting SonicWall SMA100 devices with credential stealing malware. The malware was likely deployed in 2021, with the attacker believed to have persistent access through multiple firmware updates. The initial access vector is currently unknown. A bash script is used to execute a SQL command to steal credentials and execute further components, including the TinyShell backdoor. Persistence is achieved by constantly checking for a new firmware update and backdooring the ZIP file, as well as modifying appliance binaries.
Retail & Hospitality
Trend Micro researchers discovered a spear phishing campaign targeting the hospitality industry with RedLine Stealer. The phishing emails lure victims into clicking a Dropbox link, with Bitly-shortened URLs that redirect to the Dropbox links also used. A downloaded ZIP file triggers a four-stage execution chain consisting of padded cabinet files, PowerShell scripts, and MSIL, PE, and image files. RedLine Stealer is ultimately injected into an executable, where it collects system information, as well as data from browsers, cryptocurrency wallets, VPN applications, and other installed applications such as Discord.
Cryptocurrency
Cado Labs researchers discovered a novel cryptojacking campaign targeting unsecure deployments of Redis with XMRig. The campaign leverages the free and open-source command line file transfer service transfer service, transfer[.]sh. Unsecure deployments of Redis are exploited for initial access, with a cron job exploit then used to achieve arbitrary code execution. The script conducts preparatory actions to ensure the hardware can be effectively utilised before retrieving the binaries for pnscan and XMRig, writing a custom XMRig configuration to disk. Tactics and techniques used in this campaign have previously been associated with cloud-focused groups WatchDog and TeamTNT.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Get started today

Ready to try it for yourself? Request a demo of Silobreaker today.

Request demo
Silobreaker
Linkedin-in Twitter Facebook-f

Product

  • Platform
  • Industries
  • Platform
  • Industries

Log in

Resources

  • Alerts
  • Webinars
  • Glossary
  • Alerts
  • Webinars
  • Glossary

Partners

  • Integration Partners
  • Channel Partners
  • Integration Partners
  • Channel Partners

Company

  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy
  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy

Contact

  • Sales
  • Support
  • Offices
  • Sales
  • Support
  • Offices
Copyright © 2023 by Silobreaker Limited. All rights reserved.
Manage consent
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc30 minutesHubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie1 yearLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie1 yearLinkedIn sets this cookie to store performed actions on the website.
langsessionLinkedIn sets this cookie to remember a user's language setting.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_uetsid1 dayBing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid1 year 24 daysBing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B1 year 24 daysUsed by Microsoft Advertising as a unique ID for visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__hstc5 months 27 daysThis is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1737047_91 minuteSet by Google to distinguish users.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk5 months 27 daysHubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
ANONCHK10 minutesThe ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID1 year 24 daysBing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_clck1 yearNo description
_clsk1 dayNo description
AnalyticsSyncHistory1 monthNo description
CLID1 yearNo description
li_gc5 months 27 daysNo description
SMsessionNo description available.
SAVE & ACCEPT
Powered by CookieYes Logo