18 May 2023
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.
Trending Vulnerable Products
Open Source
Name | Heat 7 |
---|---|
Cisco Identity Services Engine | ![]() |
Essential Addons for Elementor WordPress Plugin | ![]() |
Cisco Small Business Router | ![]() |
Mozilla Firefox ESR | ![]() |
Apple App Store | ![]() |
Deep & Dark Web
Name | Heat 7 |
---|---|
Apple macOS | ![]() |
WordPress | ![]() |
Linux OS | ![]() |
Windows Boot Manager | ![]() |
Microsoft Defender ATP | ![]() |
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
Company | Information | Affected |
---|---|---|
OptimEyes AI (US) | A data dump from an anonymous 4chan user allegedly contains data stolen from the company, including source code and hardcoded credentials, as well as customer data including from Hitachi Energy. | Unknown |
ABB Ltd (Switzerland) | A BlackBasta ransomware attack on May 7th, 2023, reportedly impacted business operations. | Unknown |
RenewBuy (India) | A dark forum user claims to have hacked the online distribution platform, offering to sell the data of users. This allegedly includes names, email addresses, Aadhaar numbers, and more. | 1,000,000 |
WhizComms (Singapore) | An unauthorised third party downloaded scanned images of customers’ personal information. This includes images of National Registration Identification Cards, work permits, and visa approval documents. | 24,000 |
Unknown | BlackCat ransomware has made unverified claims that it gained initial access to various Fortune 100 companies using the ResultsCX network and credentials. The actors claim to have accessed personally identifiable information from these companies without their knowledge. | Unknown |
Toyota (Japan) | Vehicle data of users was left publicly available between November 2013 and mid-April 2023. Potentially exposed data includes vehicle locations and identification numbers of vehicle devices. | 2,150,000 |
Ambulance Victoria (Australia) | Drug and alcohol test results of graduate paramedics were available for every staff member to view on the staff intranet. Exposed data includes full names, when the individuals were tested, whether the result was positive or negative, and, if positive, the substance that had been detected. | Unknown |
Richmond University Medical Center (US) | A ransomware attack triggered an ongoing network outage from May 5th, 2023. An investigation into the incident remains ongoing, including to determine what, if any, data was impacted. | Unknown |
Uintah Basin Healthcare (US) | A data breach affects patients who received care between March 2012 and November 2022. Exposed data includes names, dates of birth, addresses, Social Security numbers, health insurance information, and more. | Unknown |
Oyate Health Center (US) | Data pertaining to patients who used the pharmacy between August 31st and September 8th, 2021, was inadvertently shared with a local non-profit organisation. Exposed data includes names, chart numbers, dates of visit, and diagnosis code related to prescriptions. | Unknown |
ASAS Health (US) | A cyber security incident on January 26th, 2023, exposed personal information, including names, dates of birth, addresses, Social Security numbers, and more. | 25,527 |
Multiple (US) | The BianLian ransomware group claimed to have stolen 200GB of data from Synergy Hematology Oncology Medical Associates, 553GB from Mercy Home, 2TB from Earlens Corporation, and 60GB from North Shore Medical Labs. | Unknown |
Essen Medical Associates (US) | The AlphV ransomware group began leaking allegedly stolen data on its leak site, claiming to have acquired 2.6TB of data. The entity was initially added to the leak site on April 6th, 2023. | Unknown |
Methodist Family Health (US) | A data breach on March 4th, 2023, exposed full names, dates of birth, treatment information, account numbers, and more. The centre was added to the Avos Locker leak site on March 8th, 2023, before later being removed. | 5,259 |
Gaston College (US) | A Feburary 2023 ransomware was claimed by Snatch Team ransomware actors. The actors have since leaked more than 150GB of allegedly stolen files. | Unknown |
Mercer University (US) | Hackers stole sensitive information of students, parents, and employees. This includes Social Security numbers and driver’s licence numbers. Akira ransomware later added the school to its leak site. | Unknown |
Universiti Teknologi Mara (Malaysia) | The university inadvertently exposed the National Identification Numbers and email addresses of applicants in a Google Sheets document that was shared as an unprotected link on its website. | 11,891 |
Lowell, Massachusetts (US) | Play ransomware leaked 5GB of allegedly stolen data on its leak site. This is said to include personal and confidential data, employee and client information, and documents on finances and taxes. | Unknown |
Brightly (US) | Hackers gained access to the database of its SchoolDude online platform and are believed to have stolen names, email addresses, account passwords, phone numbers, and school district names. | Unknown |
Unknown (Israel) | Anonymous Sudan leaked data reportedly belonging to Israeli citizens, claiming the data was compromised by information stealers. The Cyber Express determined that one of the exposed email addresses did appear to have been impacted by an infostealer attack. | Unknown |
Sanmina Corporation (US) | A threat actor has listed a database for sale that allegedly belongs to the electronic manufacturer. The dataset includes names, emails, phone numbers, job titles, and other private data of employees. | ~50,000 |
US Department of Transportation | The department suffered a data breach affecting the personal information of current and former employees. The breach specifically hit systems processing TRANServe transit benefits. | 237,000 |
Lake County Health Department and Community Health Center (US) | The Illinois department suffered a security breach after a threat actor gained access to an employee’s email account that contained de-identified information on county residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23rd, 2012, and March 6th, 2023. Potentially exposed data includes names, addresses, zip codes, dates of birth, phone numbers, email addresses, medical data, and more. | Unknown |
Illinois Department of Healthcare and Family Services & Department of Human Services (US) | The two entities suffered data breach within the state’s Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal. Compromised data includes names, Social Security numbers, recipient identification numbers, addresses, phone numbers, and income information. | Unknown |
Discord (US) | Discord VoIP suffered a data breach after the account of a third-party support agent was compromised. The breach exposed the agent’s support ticket queue that contained user information, including email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets. | Unknown |
La Malle Postale (France) | A publicly accessible data store belonging to the transportation company exposed over 4GB of personal client data. This includes names, emails, and phone numbers of customers. | |
San Diego Unified School District (US) | A hack discovered on October 25th, 2022, against the district may have impacted the names and medical information of students. | Unknown |
Academy Mortgage Corporation (US) | BlackCat ransomware added the company to its leak site, claiming to be in possession of 26 files stolen from the company. | Unknown |
Fontainebleau Florida Hotel (US) | The hotel suffered a consumer data breach in which an unauthorised party gained access to its computer system from August 30th to September 2nd, 2022. The attacker gained access to confidential information of individuals, including names, Social Security numbers, and financial account information. | 18,653 |
Val Verde Unified School District (US) | An unauthorised actor gained access to ‘a limited amount of information’ between January 22nd and May 10th, 2022. The breach compromised personally identifiable information. | Unknown |
Amtel LLC (US) | The company suffered a data breach after being alerted to suspicious activity within its network on April 19th, 2023. An unauthorised party gained access to sensitive information belonging to current and former employees, including names and Social Security numbers. | 17,835 |
Pike Nurseries (US) | LockBit ransomware added the horticultural firm to its leak site, threatening to release sensitive data on May 28th, 2023. | Unknown |
Atid Group (Israel) | Hacker group Sharp Boys has advertised a database containing the personal data of students. The data includes names, identity cards, addresses, military data, and more. | 500,000 |
Telerad Bangladesh | SiegedSec actors claimed to have breached the teleradiology company, allegedly gaining access to sensitive information such as documents, database files, and source code. | Unknown |
airBaltic (Latvia) | A technical error resulted in the reservation details of some passengers being emailed to other passengers on May 12th, 2023. Potentially exposed data includes names, dates of birth, and email addresses. | Unknown |
Bank Syariah Indonesia | On May 13th, 2023, the LockBit ransomware group claimed to have stolen 1.5TB of data. The stolen data is said to include customer and employee contact details, financial documents, card details and passwords of customers. | 15,000,000 |
Renew by Andersen (US) | A breach that occurred between January 2018 and January 19th, 2023, exposed customer data. This includes names, addresses, Social Security numbers, and more. | 13,464 |
Retirement Clearinghouse (US) | An unauthorised party gained access to an employee email account. Compromised information includes names, Matrix Trust Company IRA account numbers, and Social Security numbers. | 10,509 |
Credit Control Corporation (US) | A cyberattack between March 2nd and March 7th, 2023, impacted names, addesses, Social Security numbers, and account details. The breach primarily impacts healthcare institutions using the company’s services. | 286,699 |
Asian Health Services (US) | An unauthorised party gained access to an employee email account between February 7th and February 13th, 2023, acquiring names, dates of birth, phone numbers, medical record numbers, and other protected health information. | Unknown |
KD Hospital (India) | On May 13th, 2023, the Ahmedabad hospital was hit by a ransomware attack that saw all data on its online server being encrypted. | Unknown |
ScanSource Inc (US) | A ransomware attack was first discovered on May 14th, 2023. | Unknown |
China Daily | LockBit ransomware added China’s English-language newspaper to its leak site. The group threatened to publish allegedly stolen data if a ransom is not paid by May 22nd, 2023. | Unknown |
Lacroix Group (France) | The manufacturer shut down facilities in France, Germany, and Tunisia following a cyberattack on May 12th, 2023. The company revealed that some local infrastructures were encrypted, suggesting the incident was a ransomware attack. | Unknown |
Boyner Büyük Mağazacılık (Turkey) | A data breach compromised the communication and transaction data of customers after suspicious logins were made to the SMS sending panel using valid credentials between April 28th and May 6th, 2023. | 2,313,962 |
Seacom (Mauritius) | Seacom disclosed a cybersecurity incident earlier in May 2023, which has been limited to its hosting environment and only affects a small number of customers. Medusa ransomware may have mislabelled the attack on their leak site as targeting HostAfrica. | Unknown |
Triad Business Bank (US) | An unauthorised party gained access to an employee email account between January 24th and January 27th, 2023, acquiring names and Social Security numbers. | 8,235 |
Franklin County Public Schools (US) | A ransomware attack on May 15th, 2023, resulted in certain systems being taken offline. Investigations remain ongoing. | Unknown |
Leverage EDU (India) | A misconfiguration in a publicly accessible Amazon S3 bucket exposed nearly 240,000 sensitive files and allowed anyone to access the personal information of students. Exposed data included passports, financial documents, certificates, exam results, phone numbers, addresses, and more. | Unknown |
Multiple (US) | On May 17th, 2023, Village Bank, Sysco Corporation, Collins Electrical Construction, Kline & Specter, and Puma Biotechnology disclosed data breaches. The Kline & Specter data breach was the result of a ransomware attack that happened on March 13th, 2023. | ~ 150,000 |
Fertility Specialists Medical Group (US) | On or around March 20th, 2023, an unauthorised party illegally accessed confidential patient data stored on their network. Compromised data includes names, dates of birth, addresses, and protected health information. | Unknown |
Whitworth University (US) | A data breach occurred following an external hacking incident on July 29th, 2022. Impacted data includes Social Security numbers. | 65,593 |
South Lanarkshire Council (UK) | The council inadvertently shared the personal information of employees when responding to a Freedom of Information request from whatdotheyknow[.]com on April 11th, 2023. The leaked data includes names, pay grades, places of work, and National Insurance numbers. | Unknown |
Premom App (US) | The US Federal Trade Commission charged that the developer of the Premom fertility app deceived users by sharing their sensitive personal information with third parties, including two China-based firms. Premom also disclosed users’ sensitive health data to AppsFlyer and Google. | Unknown |
The Heritage Group (US) | An unauthorised party gained access to its IT network in January 2023, exposing sensitive information of current and former employees as well as their dependants. This may include names, addresses, and Social Security numbers. | Unknown |
Rainbow Grocery (US) | A data breach from a card skimming attack impacts customers who used one of its PIN pads between February 10th and February 26th, 2023. | Unknown |
Attack Type mentions in Banking & Finance

This chart shows the trending attack types related to Banking & Finance within a curated list of cyber sources over the past week.
Weekly Industry View
Industry | Information |
---|---|
Banking & Finance |
Anonymous Sudan claims to have targeted numerous banks in the United Arab Emirates with likely distributed denial-of-service (DDoS) attacks. The targets reportedly include the online banking portals of First Abu Dhabi Bank, RAKBANK, and Mashreq Bank. |
Technology |
Cybernews researchers recently discovered new activity from the CheckMate ransomware group involving targeting of weakly-protected shares of Server Message Block (SMB). The attackers use masscan to discover the vulnerable SMB shares and then brute force their credentials to gain access. They ultimately encrypt victims’ data using AES encryption. The threat actors successfully conduct 50 to 100 brute force attacks on SMB shares per day. |
Cryptocurrency |
JPCERT/CC observed attacks on cryptocurrency exchanges that are believed to be conducted by advanced persistent threat group, DangerousPassword. The group has been active since June 2019 and historically used LNK attachments in emails to infect victims with malware. The latest activity uses additional infection methods, including using LinkedIn to distribute CHM files and targeting macOS. |
Government |
Check Point researchers observed a series of targeted attacks against European foreign affairs entities, conducted by Chinese state-sponsored APT Camaro Dragon. The group shares similarities with previously reported activity from Mustang Panda. It used a custom firmware image tailored for use against TP-Link routers. The implant features several malicious components, including a custom MIPS32 ELF backdoor, dubbed Horse Shell, and a passive backdoor that provides attackers with a shell to infected devices. |
Professional Services |
Cyble researchers observed a Ducktail malware campaign targeting marketing and HR professionals. Social engineering tactics, possibly including LinkedIn messages, are used to entice victims into downloading and executing the malicious payloads. File-sharing services such as Dropbox, Google Drive, and Microsoft OneDrive are used to host the malware. Clicking on the file-sharing link leads to a ZIP file containing PNG or JPG images of beauty products as well as executable files disguised as Word or PDF icons, that contain the malware. |
News and information concerning each mentioned industry over the last week.
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.