Weekly Cyber Digest

23 June 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
FFmpeg
Ninja Forms
Adobe InCopy
Adobe InDesign
OPC Unified Architecture
Deep & Dark Web
Name Heat 7
Ninja Forms
Libxml2
OpenSSL
Microsoft Windows 10
Sophos Firewall

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Multiple Hospitals (US) A third of the top 100 hospitals in the United States were found to use Meta Pixel on their websites. Meta Pixel collects sensitive health information, including patient names, dates and times of appointments, and names of providers, and then sends it to Facebook. Unknown
Glenn County Office of Education (US) On May 10th, 2022, a ransomware attack reportedly caused a system-wide outage for the board, school districts, and schools. This includes the internet, voice-over-internet phones, emails, and the financial software, which are all tied into a single network. Unknown
Robert Half (US) Hackers targeted customer accounts between April 26th and May 16th, 2022, in an incident that appears to involve credential stuffing. Potentially exposed data includes names, addresses, Social Security numbers, and wage and tax information. 1,058
TikTok Audio leaked from over 80 internal TikTok meetings demonstrate that engineers in China had access to data on United States users between at least September 2021 and January 2022. The recordings suggest that the company may have misled lawmakers and users by downplaying that data stored in the US could still be accessed by employees in China. Unknown
90 Degree Benefits (US) In February 2022, cybercriminals accessed confidential and personal information of patients. Possibly exposed data includes Social Security numbers, names, dates of birth, medical information, health insurance information, and other personal information. 163,483
Quality Temporary Services Inc (US) Cybercriminals gained unauthorised access to certain confidential files between September 28th and October 13th, 2021. Compromised information includes names, Social Security numbers, financial account information, payment card numbers, medical information, and more. 81,355
Unknown A new dark web carding site, called BidenCash, was launched in April 2022. On June 16th, the site’s admins published a CSV file containing names, addresses, telephone numbers, email addresses, and credit card numbers. This includes 6,682 credit cards and 3,076,098 unique email addresses. Unknown
Flagstar Bank (US) Files containing personal information of customers were accessed and acquired between December 3rd and December 4th, 2022. This includes full names and Social Security numbers. 1,547,169
Naruto Yamakami Hospital (Japan) On June 19th, 2022, a server of the hospital became infected with ransomware. It is unknown what data may have been exposed. Unknown
Brooks County (US) A ransomware attack occurred after an employee opened a phishing email. The county allegedly paid the hacker a ransom. Unknown
Baptist Medical Center and Resolute Health Hospital (US) An unauthorised third party was able to access certain systems containing personal information and remove some data from the network between March 31st and April 24th, 2022. Potentially compromised information includes full names, dates of birth, addresses, health insurance information, and more. Unknown
Nichrin Company (Japan) On June 22nd, 2022, a ransomware attack against a United States subsidiary forced it to shut down its computerised production controls. An investigation is ongoing to determine the impact of the attack. Unknown
Moss Adams (US) A virtual machine (VM) image was stored in a publicly accessible Amazon Web Services S3 bucket. An RSA key from the VM’s file system could be used to access sensitive information, including internal passwords and valid authentication keys. Unknown

Malware mentions in Banking & Finance

Time Series

This chart shows the trending malware related to Banking & Finance within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Critical Infrastructure The Cyber Spetsnaz threat group is reportedly targeting critical infrastructure and government resources in Lithuania, following the country’s recent ban on Russian railway goods. On June 22nd, 2022, the group announced multiple targets for coordinated distributed denial-of-service (DDoS) attacks.These include the Lithuanian Central Bank and Stock Exchange, as well as Vilnius, Kaunas, Palanga, and Siauliai Airports. The Lithuanian Ministry of Energy, Ministry of Foreign Affairs, and Ministry of Justice are also targets, along with multiple energy companies, ISPs, and transportation infrastructure.
Technology On June 17th, 2022, QNAP warned users of a DeadBolt ransomware campaign targeting QNAP network attached storage (NAS) devices running outdated versions of QTS 4.x. ech0raix ransomware also began targeting vulnerable QNAP NAS devices again, via a yet unknown attack vector.
Cryptocurrency On June 16th, 2022, Inverse Finance suffered an oracle price manipulation incident that resulted in a loss of $5.83 million in DOLA, with the attacker earning $1.2 million. Borrowing on all assets on Frontier has been paused temporarily.
Government The German Green Party stated its IT system was hit by a cyberattack in May 2022 that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck, as well as the party leaders. A total of 14 accounts were compromised, resulting in some emails being forwarded to external email addresses.
Banking & Finance Cleafy researchers observed a change in the BRATA banking malware’s attack pattern that fits into an advanced persistent threat activity pattern. The actors behind BRATA now target a specific financial institution at a time, only changing their target once the victims begin to implement consistent countermeasures. A new variant has also been observed posing as a specific bank application and targeting the EU.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal