Skip to content

The New Silobreaker Ransomware Report – An analysis of disclosure and messaging from open sources Learn More +

  • How it works
  • Solutions
        • Cyber Threat Intelligence
          • APT Monitoring
          • Asset Monitoring
          • Cyber Threat Landscape Intelligence
          • Data Breach Intelligence
          • Fraud Intelligence
          • Phishing Intelligence
          • Ransomware Intelligence
          • Supply Chain Threat Intelligence
          • Vulnerability Intelligence
        • Strategic and Political Intelligence
          • Competitor Benchmarking Intelligence
          • Conflict and Geopolitical Intelligence
          • Corporate Risk Intelligence
        • Physical Risk Intelligence
          • Areas of Operation Intelligence
          • Events and Activism Intelligence
        • Brand Threat Protection
        • Industries
          • Critical Infrastructure
          • Financial Services
          • Government and Defence
          • Healthcare and Pharma
          • Service Providers
          • Retail
          • Technology and Telecoms
  • Alerts
        • Silobreaker Demo

          See a demo of Silobreaker in action

          Request a demo +

        • Free Intelligence Email Alerts
          • COVID-19 Threat Alert​
          • Daily Cyber Alert
          • Weekly Cyber Digest
          • Financial Services Threat Alert
          • Ransomware Rewind
          • Russia-Ukraine Insights Alert​
          • US Politics Media Watch​
  • Resources
        • Silobreaker ROI

          Answer more intelligence use cases with a single tool

          Read our ROI Report +

        • Data SheetsDownload our product information
        • EventsMeet our team of experts
        • Customer StoriesLearn how customers reduce risk
        • ReportsIn-depth analysis and insights
        • WebinarsOnline events you don’t want to miss
  • Partners
  • Company
        • Customer Support

          Get product support from our experts

          Contact support +
        • AboutLearn about our people and awards
        • CareersIt’s a great time to join Silobreaker
        • PressAll the latest buzz on the company
        • Contact usGet in touch with sales and support
  • Free Trial
  • Login
  • Request demo
Menu
  • Request demo

Weekly Cyber Digest

Home – Alerts – Weekly Cyber Digest: 12 – 18 May 2023

18 May 2023

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Trending Vulnerable Products

Open Source
Name Heat 7
Cisco Identity Services Engine
Essential Addons for Elementor WordPress Plugin
Cisco Small Business Router
Mozilla Firefox ESR
Apple App Store
Deep & Dark Web
Name Heat 7
Apple macOS
WordPress
Linux OS
Windows Boot Manager
Microsoft Defender ATP

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Company Information Affected
OptimEyes AI (US) A data dump from an anonymous 4chan user allegedly contains data stolen from the company, including source code and hardcoded credentials, as well as customer data including from Hitachi Energy. Unknown
ABB Ltd (Switzerland) A BlackBasta ransomware attack on May 7th, 2023, reportedly impacted business operations. Unknown
RenewBuy (India) A dark forum user claims to have hacked the online distribution platform, offering to sell the data of users. This allegedly includes names, email addresses, Aadhaar numbers, and more. 1,000,000
WhizComms (Singapore) An unauthorised third party downloaded scanned images of customers’ personal information. This includes images of National Registration Identification Cards, work permits, and visa approval documents. 24,000
Unknown BlackCat ransomware has made unverified claims that it gained initial access to various Fortune 100 companies using the ResultsCX network and credentials. The actors claim to have accessed personally identifiable information from these companies without their knowledge. Unknown
Toyota (Japan) Vehicle data of users was left publicly available between November 2013 and mid-April 2023. Potentially exposed data includes vehicle locations and identification numbers of vehicle devices. 2,150,000
Ambulance Victoria (Australia) Drug and alcohol test results of graduate paramedics were available for every staff member to view on the staff intranet. Exposed data includes full names, when the individuals were tested, whether the result was positive or negative, and, if positive, the substance that had been detected. Unknown
Richmond University Medical Center (US) A ransomware attack triggered an ongoing network outage from May 5th, 2023. An investigation into the incident remains ongoing, including to determine what, if any, data was impacted. Unknown
Uintah Basin Healthcare (US) A data breach affects patients who received care between March 2012 and November 2022. Exposed data includes names, dates of birth, addresses, Social Security numbers, health insurance information, and more. Unknown
Oyate Health Center (US) Data pertaining to patients who used the pharmacy between August 31st and September 8th, 2021, was inadvertently shared with a local non-profit organisation. Exposed data includes names, chart numbers, dates of visit, and diagnosis code related to prescriptions. Unknown
ASAS Health (US) A cyber security incident on January 26th, 2023, exposed personal information, including names, dates of birth, addresses, Social Security numbers, and more. 25,527
Multiple (US) The BianLian ransomware group claimed to have stolen 200GB of data from Synergy Hematology Oncology Medical Associates, 553GB from Mercy Home, 2TB from Earlens Corporation, and 60GB from North Shore Medical Labs. Unknown
Essen Medical Associates (US) The AlphV ransomware group began leaking allegedly stolen data on its leak site, claiming to have acquired 2.6TB of data. The entity was initially added to the leak site on April 6th, 2023. Unknown
Methodist Family Health (US) A data breach on March 4th, 2023, exposed full names, dates of birth, treatment information, account numbers, and more. The centre was added to the Avos Locker leak site on March 8th, 2023, before later being removed. 5,259
Gaston College (US) A Feburary 2023 ransomware was claimed by Snatch Team ransomware actors. The actors have since leaked more than 150GB of allegedly stolen files. Unknown
Mercer University (US) Hackers stole sensitive information of students, parents, and employees. This includes Social Security numbers and driver’s licence numbers. Akira ransomware later added the school to its leak site. Unknown
Universiti Teknologi Mara (Malaysia) The university inadvertently exposed the National Identification Numbers and email addresses of applicants in a Google Sheets document that was shared as an unprotected link on its website. 11,891
Lowell, Massachusetts (US) Play ransomware leaked 5GB of allegedly stolen data on its leak site. This is said to include personal and confidential data, employee and client information, and documents on finances and taxes. Unknown
Brightly (US) Hackers gained access to the database of its SchoolDude online platform and are believed to have stolen names, email addresses, account passwords, phone numbers, and school district names. Unknown
Unknown (Israel) Anonymous Sudan leaked data reportedly belonging to Israeli citizens, claiming the data was compromised by information stealers. The Cyber Express determined that one of the exposed email addresses did appear to have been impacted by an infostealer attack. Unknown
Sanmina Corporation (US) A threat actor has listed a database for sale that allegedly belongs to the electronic manufacturer. The dataset includes names, emails, phone numbers, job titles, and other private data of employees. ~50,000
US Department of Transportation The department suffered a data breach affecting the personal information of current and former employees. The breach specifically hit systems processing TRANServe transit benefits. 237,000
Lake County Health Department and Community Health Center (US) The Illinois department suffered a security breach after a threat actor gained access to an employee’s email account that contained de-identified information on county residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23rd, 2012, and March 6th, 2023. Potentially exposed data includes names, addresses, zip codes, dates of birth, phone numbers, email addresses, medical data, and more. Unknown
Illinois Department of Healthcare and Family Services & Department of Human Services (US) The two entities suffered data breach within the state’s Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal. Compromised data includes names, Social Security numbers, recipient identification numbers, addresses, phone numbers, and income information. Unknown
Discord (US) Discord VoIP suffered a data breach after the account of a third-party support agent was compromised. The breach exposed the agent’s support ticket queue that contained user information, including email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets. Unknown
La Malle Postale (France) A publicly accessible data store belonging to the transportation company exposed over 4GB of personal client data. This includes names, emails, and phone numbers of customers.
San Diego Unified School District (US) A hack discovered on October 25th, 2022, against the district may have impacted the names and medical information of students. Unknown
Academy Mortgage Corporation (US) BlackCat ransomware added the company to its leak site, claiming to be in possession of 26 files stolen from the company. Unknown
Fontainebleau Florida Hotel (US) The hotel suffered a consumer data breach in which an unauthorised party gained access to its computer system from August 30th to September 2nd, 2022. The attacker gained access to confidential information of individuals, including names, Social Security numbers, and financial account information. 18,653
Val Verde Unified School District (US) An unauthorised actor gained access to ‘a limited amount of information’ between January 22nd and May 10th, 2022. The breach compromised personally identifiable information. Unknown
Amtel LLC (US) The company suffered a data breach after being alerted to suspicious activity within its network on April 19th, 2023. An unauthorised party gained access to sensitive information belonging to current and former employees, including names and Social Security numbers. 17,835
Pike Nurseries (US) LockBit ransomware added the horticultural firm to its leak site, threatening to release sensitive data on May 28th, 2023. Unknown
Atid Group (Israel) Hacker group Sharp Boys has advertised a database containing the personal data of students. The data includes names, identity cards, addresses, military data, and more. 500,000
Telerad Bangladesh SiegedSec actors claimed to have breached the teleradiology company, allegedly gaining access to sensitive information such as documents, database files, and source code. Unknown
airBaltic (Latvia) A technical error resulted in the reservation details of some passengers being emailed to other passengers on May 12th, 2023. Potentially exposed data includes names, dates of birth, and email addresses. Unknown
Bank Syariah Indonesia On May 13th, 2023, the LockBit ransomware group claimed to have stolen 1.5TB of data. The stolen data is said to include customer and employee contact details, financial documents, card details and passwords of customers. 15,000,000
Renew by Andersen (US) A breach that occurred between January 2018 and January 19th, 2023, exposed customer data. This includes names, addresses, Social Security numbers, and more. 13,464
Retirement Clearinghouse (US) An unauthorised party gained access to an employee email account. Compromised information includes names, Matrix Trust Company IRA account numbers, and Social Security numbers. 10,509
Credit Control Corporation (US) A cyberattack between March 2nd and March 7th, 2023, impacted names, addesses, Social Security numbers, and account details. The breach primarily impacts healthcare institutions using the company’s services. 286,699
Asian Health Services (US) An unauthorised party gained access to an employee email account between February 7th and February 13th, 2023, acquiring names, dates of birth, phone numbers, medical record numbers, and other protected health information. Unknown
KD Hospital (India) On May 13th, 2023, the Ahmedabad hospital was hit by a ransomware attack that saw all data on its online server being encrypted. Unknown
ScanSource Inc (US) A ransomware attack was first discovered on May 14th, 2023. Unknown
China Daily LockBit ransomware added China’s English-language newspaper to its leak site. The group threatened to publish allegedly stolen data if a ransom is not paid by May 22nd, 2023. Unknown
Lacroix Group (France) The manufacturer shut down facilities in France, Germany, and Tunisia following a cyberattack on May 12th, 2023. The company revealed that some local infrastructures were encrypted, suggesting the incident was a ransomware attack. Unknown
Boyner Büyük Mağazacılık (Turkey) A data breach compromised the communication and transaction data of customers after suspicious logins were made to the SMS sending panel using valid credentials between April 28th and May 6th, 2023. 2,313,962
Seacom (Mauritius) Seacom disclosed a cybersecurity incident earlier in May 2023, which has been limited to its hosting environment and only affects a small number of customers. Medusa ransomware may have mislabelled the attack on their leak site as targeting HostAfrica. Unknown
Triad Business Bank (US) An unauthorised party gained access to an employee email account between January 24th and January 27th, 2023, acquiring names and Social Security numbers. 8,235
Franklin County Public Schools (US) A ransomware attack on May 15th, 2023, resulted in certain systems being taken offline. Investigations remain ongoing. Unknown
Leverage EDU (India) A misconfiguration in a publicly accessible Amazon S3 bucket exposed nearly 240,000 sensitive files and allowed anyone to access the personal information of students. Exposed data included passports, financial documents, certificates, exam results, phone numbers, addresses, and more. Unknown
Multiple (US) On May 17th, 2023, Village Bank, Sysco Corporation, Collins Electrical Construction, Kline & Specter, and Puma Biotechnology disclosed data breaches. The Kline & Specter data breach was the result of a ransomware attack that happened on March 13th, 2023. ~ 150,000
Fertility Specialists Medical Group (US) On or around March 20th, 2023, an unauthorised party illegally accessed confidential patient data stored on their network. Compromised data includes names, dates of birth, addresses, and protected health information. Unknown
Whitworth University (US) A data breach occurred following an external hacking incident on July 29th, 2022. Impacted data includes Social Security numbers. 65,593
South Lanarkshire Council (UK) The council inadvertently shared the personal information of employees when responding to a Freedom of Information request from whatdotheyknow[.]com on April 11th, 2023. The leaked data includes names, pay grades, places of work, and National Insurance numbers. Unknown
Premom App (US) The US Federal Trade Commission charged that the developer of the Premom fertility app deceived users by sharing their sensitive personal information with third parties, including two China-based firms. Premom also disclosed users’ sensitive health data to AppsFlyer and Google. Unknown
The Heritage Group (US) An unauthorised party gained access to its IT network in January 2023, exposing sensitive information of current and former employees as well as their dependants. This may include names, addresses, and Social Security numbers. Unknown
Rainbow Grocery (US) A data breach from a card skimming attack impacts customers who used one of its PIN pads between February 10th and February 26th, 2023. Unknown

Attack Type mentions in Banking & Finance

This chart shows the trending attack types related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry Information
Banking & Finance
Anonymous Sudan claims to have targeted numerous banks in the United Arab Emirates with likely distributed denial-of-service (DDoS) attacks. The targets reportedly include the online banking portals of First Abu Dhabi Bank, RAKBANK, and Mashreq Bank.
Technology
Cybernews researchers recently discovered new activity from the CheckMate ransomware group involving targeting of weakly-protected shares of Server Message Block (SMB). The attackers use masscan to discover the vulnerable SMB shares and then brute force their credentials to gain access. They ultimately encrypt victims’ data using AES encryption. The threat actors successfully conduct 50 to 100 brute force attacks on SMB shares per day.
Cryptocurrency
JPCERT/CC observed attacks on cryptocurrency exchanges that are believed to be conducted by advanced persistent threat group, DangerousPassword. The group has been active since June 2019 and historically used LNK attachments in emails to infect victims with malware. The latest activity uses additional infection methods, including using LinkedIn to distribute CHM files and targeting macOS.
Government
Check Point researchers observed a series of targeted attacks against European foreign affairs entities, conducted by Chinese state-sponsored APT Camaro Dragon. The group shares similarities with previously reported activity from Mustang Panda. It used a custom firmware image tailored for use against TP-Link routers. The implant features several malicious components, including a custom MIPS32 ELF backdoor, dubbed Horse Shell, and a passive backdoor that provides attackers with a shell to infected devices.
Professional Services
Cyble researchers observed a Ducktail malware campaign targeting marketing and HR professionals. Social engineering tactics, possibly including LinkedIn messages, are used to entice victims into downloading and executing the malicious payloads. File-sharing services such as Dropbox, Google Drive, and Microsoft OneDrive are used to host the malware. Clicking on the file-sharing link leads to a ZIP file containing PNG or JPG images of beauty products as well as executable files disguised as Word or PDF icons, that contain the malware.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker.

Get started today

Ready to try it for yourself? Request a demo of Silobreaker today.

Request demo
Silobreaker
Linkedin-in Twitter Facebook-f

Product

  • How it Works
  • Industries
  • How it Works
  • Industries

Log in

Resources

  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary
  • Alerts
  • Data Sheets
  • Webinars
  • Reports
  • Glossary

Partners

  • Integration Partners
  • Channel Partners
  • Integration Partners
  • Channel Partners

Company

  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy
  • About Silobreaker
  • News
  • Careers
  • Services
  • Legal
  • Privacy Policy

Contact

  • Sales
  • Support
  • Offices
  • Sales
  • Support
  • Offices
Copyright © 2023 by Silobreaker Limited. All rights reserved.
Manage consent
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc30 minutesHubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie1 yearLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie1 yearLinkedIn sets this cookie to store performed actions on the website.
langsessionLinkedIn sets this cookie to remember a user's language setting.
lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
_uetsid1 dayBing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid1 year 24 daysBing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B1 year 24 daysUsed by Microsoft Advertising as a unique ID for visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__hstc5 months 27 daysThis is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1737047_91 minuteSet by Google to distinguish users.
_gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk5 months 27 daysHubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
ANONCHK10 minutesThe ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID1 year 24 daysBing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_clck1 yearNo description
_clsk1 dayNo description
AnalyticsSyncHistory1 monthNo description
CLID1 yearNo description
li_gc5 months 27 daysNo description
SMsessionNo description available.
SAVE & ACCEPT
Powered by CookieYes Logo