Skip to content

The New Silobreaker Ransomware Report – An analysis of disclosure and messaging from open sources Learn More +

  • How it works
  • Solutions
        • Cyber Threat Intelligence
          • APT Monitoring
          • Asset Monitoring
          • Cyber Threat Landscape Intelligence
          • Data Breach Intelligence
          • Fraud Intelligence
          • Phishing Intelligence
          • Ransomware Intelligence
          • Supply Chain Threat Intelligence
          • Vulnerability Intelligence
        • Strategic and Political Intelligence
          • Competitor Benchmarking Intelligence
          • Conflict and Geopolitical Intelligence
          • Corporate Risk Intelligence
        • Physical Risk Intelligence
          • Areas of Operation Intelligence
          • Events and Activism Intelligence
        • Brand Threat Protection
        • Industries
          • Critical Infrastructure
          • Financial Services
          • Government and Defence
          • Healthcare and Pharma
          • Service Providers
          • Retail
          • Technology and Telecoms
  • Alerts
        • Silobreaker Demo

          See a demo of Silobreaker in action

          Request a demo +

        • Free Intelligence Email Alerts
          • COVID-19 Threat Alert​
          • Daily Cyber Alert
          • Weekly Cyber Digest
          • Financial Services Threat Alert
          • Ransomware Rewind
          • Russia-Ukraine Insights Alert​
          • US Politics Media Watch​
  • Resources
        • Silobreaker ROI

          Answer more intelligence use cases with a single tool

          Read our ROI Report +

        • Data SheetsDownload our product information
        • EventsMeet our team of experts
        • Customer StoriesLearn how customers reduce risk
        • ReportsIn-depth analysis and insights
        • WebinarsOnline events you don’t want to miss
  • Partners
  • Company
        • Customer Support

          Get product support from our experts

          Contact support +
        • AboutLearn about our people and awards
        • CareersIt’s a great time to join Silobreaker
        • PressAll the latest buzz on the company
        • Contact usGet in touch with sales and support
  • Free Trial
  • Login
  • Request demo
Menu
  • Request demo

Weekly Cyber Digest

Home – Alerts – Weekly Cyber Digest: 07 – 13 April 2023

13 April 2023

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Open Source
Name Heat 7
Windows Common Log File System
Apple iOS 16
macOS Ventura
Adobe Acrobat Reader
Apple iPadOS
Deep & Dark Web
Name Heat 7
Veeam Backup & Replication
Apple iOS
Ghostscript
MikroTik RouterOS
cURL project

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
Micro-Star International (Taiwan) The IT corporation suffered a cyberattack on part of its information systems. The attack was claimed by the Money Message ransomware gang, who claim to have stolen 1.5TB of files containing source code, BIOS firmware, and private keys. The group published screenshots of what they claim to be the company’s CTMS and ERP databases, threatening to publish the stolen data if a ransom is not paid. Unknown
Camden County Police Department (US) The police department experienced a ransomware attack on March 13th, 2023, that impacted criminal investigative files and day-to-day internal administration abilities. Around 80% to 85% of the affected files have reportedly been reopened. Unknown
Multiple Security researcher Mohammed Moiz Pasha discovered a misconfiguration on Atlassian Confluence Cloud that exposes internal and sensitive information belonging to hundreds of companies. The exposed data includes passwords, authentication tokens, ongoing project data, personally identifiable information of employees, security incidents reports, and more. Unknown
7×7 Dental Implant & Oral Surgery Specialists of San Francisco (US) Abyss ransomware group recently added the healthcare entity to its leak site. The group claimed to have stolen 114GB of data and posted a file tree showing 2,891 directories and 63,557 files as proof. Some filenames suggest the data contains internal documents, employee-related files, and patients’ protected health information. Unknown
PharMerica and BrightSpring Health Services (US) On April 8th, 2023, the Money Message ransomware group added the two companies to its leak site. The group uploaded screenshots as proof, including patient data like Social Security numbers and protected health information. On April 10th, 2023, the group leaked additional data, and claimed to be in possession of 2 million records. Unknown
Sonda SA (Chile) Medusa Locker ransomware actors added the IT company to their leak site along with file captures as proof, including data from Sonda Peru and Sonda Argentina. The group threatened to leak all stolen data by April 15th, 2023, if a ransom is not paid. Unknown
Mutual de Seguros de Chile On April 3rd, 2023, the BlackCat ransomware group added company to its leak site along with sample files as proof. These include files with personal information of policy holders. Unknown
Cadwalader, Wickersham & Taft (US) An unauthorised third party gained remote access to the law firm’s systems on November 15th, 2022. The hackers acquired sensitive information on customers, including names and Social Security numbers. 93,211
Throne Platform (US) A vulnerability in the platform allowed anyone to modify anyone else’s posts and access other users’ private messages. The flaw could ultimately be used to find the names and home addresses of thousands of online creators. Unknown
Neue Zürcher Zeitung (Switzerland) The newspaper was forced to shut down its central systems for production after being targeted in a cyberattack. Local media reports that a ransom has been demanded. Unknown
Elmbrook School District (US) The school district experienced a breach, resulting in files being removed from their systems between August 23rd and August 27th, 2022. The breach exposed the names and Social Security numbers of current and former employees. The attack also targeted other K-12 school districts across the United States. Unknown
Aspire Public Schools (US) The school district experienced unauthorised access to an Aspire email account at various times between February 2022 and August 2022. Personal information was stored in the affected account. Unknown
Stroud Area Regional Police Department (US) The police department identified a data security incident on its server infrastructure on June 29th, 2022. The incident may have impacted the personal information of certain individuals. Unknown
Tasmanian Department of Education Clop ransomware actors released 16,000 documents allegedly belonging to the government department on the dark web. The files reportedly contain financial statements and invoices revealing the names and addresses of school children and their parents. Unknown
Groupe Nordik (Canada) Suspicious activity was discovered on the company’s gift certificate system in late February 2023. The breach possibly affects users who purchased a gift certificate on the platform between November 4th, 2022, and February 27th, 2023. Compromised information includes full names, phone numbers, street addresses, and credit card information. Unknown
Proskauer Rose (UK) Data from the law firm was left on an unsecured Microsoft Azure cloud server for at least six months. This comprises around 184,000 files, including financial and legal documents, contracts, non-disclosure agreements, financial deals, and more. Unknown
Nykaa and Delhivery (India) An online user reported that Nykaa and its delivery partner Delhivery may be leaking customer data. This comes after the user received a spam call from a company posing as Nykaa, with the spam caller referring to personal details entered on the Nykaa site. Further users have since reported receiving similar spam calls after using Nykaa. Unknown
Unknown (India) Hundreds of parents of school children reported receiving spam messages and calls from actors posing as coaching institutes and colleges. This has raised suspicions of a potential data leak, or that private data is being shared from schools to third parties. The Department of School Education has denied that a data leak took place. Unknown
Kodi (US) The user forum of the media player software suffered a data breach which exposed the personal information of users. This includes names, email addresses, IP addresses, and passwords.Open University of Cyprus >400,000
FreshBooks (Canada) On January 20th, 2023, Cybernews researchers discovered a publicly accessible Amazon Web Services storage bucket containing sensitive data. This includes 121 user credentials for the company’s WordPress site, source code, and server backups. Unknown
Lürssen (Germany) The company was targeted in a ransomware attack during the 2023 Easter holiday period. The attack brought large parts of the company’s operations to a standstill. Unknown
Medicalodges and Petaluma Health Center (US) Karakurt threat actors added the two healthcare companies to their leak site. The group provided no proof for either claim. Medicalodges has since disclosed a cyber incident affecting their systems. Unknown
NorthOne Inc (US) A non-password protected database contained a large number of PDF documents that included invoices from both individuals and businesses. The invoices contained names, email and physical addresses, phone numbers, and more. In some cases, tax information was also exposed. Unknown
Hyundai (France and Italy) The company suffered a data breach impacting Italian and French car owners and those who booked a test drive. Exposed data includes email addresses, physical addresses, telephone numbers, and vehicle chassis numbers. Unknown
Kenya Airports Authority The Medusa ransomware group targeted the organisation in February 2023. On April 11th, 2023, Medusa released 514GB of data allegedly belonging to the authority, including procurement plans, physical plans, site surveys, invoices, and receipts. An authority official stated that the attack had no significant operational or financial impact, and that the data that was accessed during the attack was public information. Unknown
UK Criminal Records Office A cyber security incident impacted its online portal from January 17th, 2023. The incident reportedly also impacted the identification information and criminal conviction data of some applicants. However, ACRO stated that there is no conclusive evidence that personal data was affected, adding that an investigation remains ongoing. Unknown
Kibble Equipment (US) A previous breach at Rackspace, who held information on Kibble, led to a data breach at the company. Whilst personal data was exposed in the incident, Kibble has yet to disclose what type of information was affected and how many individuals were impacted. Unknown
Collegedale (US) A city spokesperson confirmed that data was leaked after over 4,000 documents were posted on the leak site of BlackByte ransomware around April 9th, 2023. These appear to contain personal information on employees and crime victims, financial data, human resources files, and more. Unknown

Malware mentions in Government

This chart shows the trending malware related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Civil Society
Microsoft and Citizen Lab researchers discovered a commercial spyware, dubbed KingsPawn, being used to target civil society victims, including journalists, political opposition figures, and a non-government organisation worker. The malware is deployed via a zero-click exploit, dubbed ENDOFDAYS, that makes use of invisible iCloud calendar invitations. The zero-day vulnerability affects Apple iOS 14, though the malware was likely also updated for newer iPhone versions. KingsPawn has been linked to the Israel-based company QuaDream, which Microsoft believes with high confidence is linked to the threat actor DEV-0196. QuaDream is known for its spyware REIGN, marketed to government for law enforcement purposes.
Government
The United States Justice Department and Pentagon are investigating what appears to be an online leak of sensitive documents, including some marked as ‘top secret’. The data was posted on pro-Russian Telegram channels, Discord, 4chan, and other online sites from March 2023, and possibly already in January 2023. The leaked documents are said to contain information on Russia’s invasion of Ukraine, NATO operations, potential UK policies on the South China Sea, and more. The veracity of the leaked documents has not been verified. 
Critical Infrastructure
Around ten water controllers in the Galilee region of Israel were impacted by a cyberattack on April 10th, 2023, with irrigation systems temporarily stopped. The attackers left a message stating ‘You have been hacked, Down with Israel.’ The Israel Post Company similarly suffered a cyberattack on April 5th, 2023. Some postal services became unavailable as a result, including the ability to send mail abroad.
Banking & Finance
Sophos researchers identified a tax-themed smishing campaign targeting users of popular banks in India. Malicious text messages claiming the user’s account has been blocked contain links that download an Android package that opens fake bank login pages. The phishing pages attempt to acquire the user’s login, password, debit card number, and ATM PIN.
Technology
In March 2023, Sonatype researchers identified 6,933 malicious open-source packages uploaded to the PyPI registry, bringing the total since 2019 to 115,165. A significant number of the malicious packages contained information stealing trojans, including copycats of the W4SP stealer. The researchers also identified a malware-as-a-service (MaaS) offering for Spanish speakers hosting malicious files on GitHub. This was linked to SylexSquad, a Spanish hacker group also behind a now-defunct marketplace on the Sellix platform.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Get started today

Ready to try it for yourself? Request a demo of Silobreaker today.

Request demo
Silobreaker
Linkedin-in Twitter Facebook-f

Product

  • How it Works
  • Industries
  • How it Works
  • Industries

Log in

Resources

  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary
  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary

Partners

  • Integration Partners
  • Channel Partners
  • Integration Partners
  • Channel Partners

Company

  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy
  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy

Contact

  • Sales
  • Support
  • Offices
  • Sales
  • Support
  • Offices
Copyright © 2023 by Silobreaker Limited. All rights reserved.
Manage consent
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc30 minutesHubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie1 yearLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie1 yearLinkedIn sets this cookie to store performed actions on the website.
langsessionLinkedIn sets this cookie to remember a user's language setting.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_uetsid1 dayBing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid1 year 24 daysBing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B1 year 24 daysUsed by Microsoft Advertising as a unique ID for visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__hstc5 months 27 daysThis is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1737047_91 minuteSet by Google to distinguish users.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk5 months 27 daysHubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
ANONCHK10 minutesThe ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID1 year 24 daysBing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_clck1 yearNo description
_clsk1 dayNo description
AnalyticsSyncHistory1 monthNo description
CLID1 yearNo description
li_gc5 months 27 daysNo description
SMsessionNo description available.
SAVE & ACCEPT
Powered by CookieYes Logo