Weekly Cyber Digest

30 June 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
VMware Horizon
Jenkins Server
Wormhole Portal Token Bridge
MiVoice
Argo CD
Deep & Dark Web
Name Heat 7
OpenSSL
MiVoice
Netsparker
LibreSSL
BoringSSL

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Kenyon College (US) A freely accessible 4.7GB database hosted on Google Cloud contained full student names, university addresses, and hashed passwords. Leaked emails were hosted on the university domain, leaving the college’s mail servers and other systems used by students vulnerable to compromise. ~24,500
Fast Shop (Brazil) On June 22nd, 2022, attackers claimed to have accessed terabytes of data from VCenter along with other cloud services like AWS, Azure, IBM, and GitLab. The data allegedly includes source codes, PCI data, and user and corporate data. Unknown
Chaoxing Xuetong (China) On June 20th, 2022, the app for college students was accused of leaking 170 million pieces of personal user information, including users’ names, mobile phone numbers, gender, schools, student numbers, and email addresses. Unknown
Halfords (UK) In discovering a security issue on the company’s website, security researcher Chris Hatton managed to increment ID numbers to view other customers’ orders and personally identifiable information. Unknown
Diskriter (US) Hive ransomware operators allegedly exfiltrated over 160GB of files on June 8th, 2022. The files supposedly include financial records, personal and financial information on company executives, employee information, and files concerning software source code. Unknown
Artear (Argentina) A cyberattack on June 1st, 2022, affected certain internal systems. The attack has since been claimed by Hive ransomware, who added the company to their leak site on June 23rd, 2022. Unknown
TB Kawashima (Japan) One of the company’s Thai subsidiaries was targeted in a cyberattack. LockBit added the company to their leak site on June 17th, 2022, and began leaking allegedly exfiltrated data on June 25th.  Unknown
Napa Valley College (US) A ransomware attack knocked the college’s website and network systems offline around June 10th, 2022. The attack caused some computer systems to be locked up, while on-campus telephones and employee email accounts became disabled. Unknown
Governments of Kentucky and Arkansas (US) Cybercriminal gang SiegedSec announced on their Telegram channel that they leaked internal documents and files retrieved from  government servers as part of a politically motivated attack. The 7-8 GB dataset allegedly includes personally identifiable information on employees and more. Unknown
Medical University of Innsbruck (Austria) On June 26th, 2022, Vice Society added the university to its data leak site, leaking an extensive list of documents allegedly stolen during an attack on June 20th. A limited review of the exposed data confirms they appear genuine. Unknown
Bank of the West (US) Debit card numbers and PINs were stolen by skimmers installed on several ATMs. The stolen information, which possibly also includes names and addresses, may have been used to create fake debit cards and attempt cash withdrawals. Unknown
Fitzgibbon Hospital (US) Daixin Team claims to have exfiltrated 40GB of data in a ransomware attack. The leaked data includes patient names, treatment information, health insurance information, employee data, and more. Unknown
California Department of Justice (US) The department released the 2022 Firearms Dashboard Portal on June 27th, 2022, which included publicly accessible files containing identifying information of gun owners with concealed carry permits. This includes names, race, home address, date of birth, date of permit issue, and type of permit. >2,891
Dripping Springs Independent School District (US) The Texas school district notified the Attorney General’s Office of a data breach. Exposed information includes names, addresses, Social Security numbers, driver’s licence numbers, medical information, and health insurance information. 367
Walmart (US) On June 27th, 2022, Yanluowang ransomware added the retailer to their leak site, claiming to have encrypted between 40,000 and 50,000 devices. The leak site entry includes multiple files supposedly extracted from Walmart’s internal network. The company has denied the alleged attack. Unknown
Multiple Companies (Israel) Hacker group Sharp Boys claims to have breached and stolen data from multiple Israeli tourism sites on June 28th, 2022. The affected sites allegedly include Isrotel, Minihotel, Trivago, and DanHotels. They released a spreadsheet they claimed contained the personal information individuals, including ID numbers, addresses, credit card information, and more. 120,000
SuperAlloy Industrial Company Ltd (Taiwan) On June 28th, 2022, Hive ransomware added the company to its leak site, claiming to have encrypted the company’s servers on June 21st. Hive claims to have exfiltrated over 1.5TB of data. Unknown
OpenSea (Taiwan) The NFT marketplace disclosed a data breach on June 29th, 2022. An employee from their email delivery vendor, ‘customer[.]io’, downloaded and shared email addresses provided by users and newsletter subscribers to an unauthorised external party.  Unknown
Christiana Spine Center (US) A ransomware attack occurred on February 25th, 2022. Potentially exposed data includes names, addresses, phone numbers, Social Security numbers, health insurance identification number, and personal health information. Unknown

Attack Types mentions in Education

Time Series

This chart shows the trending attack types related to Education within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Critical Infrastructure On June 26th, 2022, Slovak Telekom suffered a cyberattack that rendered its internal IT systems inoperative. This prevented its website and Telekom app from functioning, while customer service help desk lines were also limited.  
Technology Lumen researchers identified a sophisticated campaign leveraging infected SOHO routers to distribute a multistage remote access trojan, dubbed ZuoRAT. The campaign targets networks of interest in North America and Europe. The sophistication of the tactics and techniques used in this campaign suggests a state-sponsored actor. The identified activity exploited CVE-2020-26878 and CVE-2020-26879 in JCG-Q20 routers, however numerous other manufacturers, such as ASUS, Cisco, DrayTek and NETGEAR, are believed to be targeted.
Cryptocurrency On June 24th, 2022, Harmony announced that hackers stole around $100 million in digital coins after attacking its Horizon bridge. The attackers then swapped the stolen funds for Ether and moved them into the Tornado Cash mixer. Elliptic determined that the nature of the hack and the subsequent laundering of assets strongly indicate that North Korea’s Lazarus Group may be behind the attack.
Government On June 27th, 2022, the National Cyber Security Centre (NKSC) of Lithuania warned of an ongoing distributed denial-of-service (DDoS) attack targeting the Secure National Data Transfer Network, as well as other government institutions and private companies. Parts of the Secure National Data Transfer Network have been disrupted. Pro-Russia threat group Killnet has taken credit for the attacks, citing retaliation against Lithuania’s banning of shipments sanctioned by the European Union to Kaliningrad. Killnet also claims that the websites for four Lithuanian airports have been crippled.
Banking & Finance On June 15th, 2022, Cleafy researchers discovered a new Android banking trojan, dubbed Revive. Revive appears to target customers of a top-tier Spanish bank via phishing campaigns. According to its code and C2 infrastructure, the trojan appears to be at its early stages. Revive masquerades itself as a legitimate-looking app and enables the threat actors to perform account take over attacks. Its three main capabilities include abusing the Accessibility Services to perform keylogging, performing ‘on-device’ phishing attacks using clone pages to steal login credentials, and intercepting SMS messages.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal