30 June 2022
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
Trending Vulnerable Products
Open Source
| Name | Heat 7 |
|---|---|
| VMware Horizon |  |
| Jenkins Server |  |
| Wormhole Portal Token Bridge |  |
| MiVoice | |
| Argo CD | |
Deep & Dark Web
| Name | Heat 7 |
|---|---|
| OpenSSL |  |
| MiVoice | |
| Netsparker | |
| LibreSSL |  |
| BoringSSL | |
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
Leaks & Breaches
| Company | Information | Affected |
|---|---|---|
| Kenyon College (US) | A freely accessible 4.7GB database hosted on Google Cloud contained full student names, university addresses, and hashed passwords. Leaked emails were hosted on the university domain, leaving the college’s mail servers and other systems used by students vulnerable to compromise. | ~24,500 |
| Fast Shop (Brazil) | On June 22nd, 2022, attackers claimed to have accessed terabytes of data from VCenter along with other cloud services like AWS, Azure, IBM, and GitLab. The data allegedly includes source codes, PCI data, and user and corporate data. | Unknown |
| Chaoxing Xuetong (China) | On June 20th, 2022, the app for college students was accused of leaking 170 million pieces of personal user information, including users’ names, mobile phone numbers, gender, schools, student numbers, and email addresses. | Unknown |
| Halfords (UK) | In discovering a security issue on the company’s website, security researcher Chris Hatton managed to increment ID numbers to view other customers’ orders and personally identifiable information. | Unknown |
| Diskriter (US) | Hive ransomware operators allegedly exfiltrated over 160GB of files on June 8th, 2022. The files supposedly include financial records, personal and financial information on company executives, employee information, and files concerning software source code. | Unknown |
| Artear (Argentina) | A cyberattack on June 1st, 2022, affected certain internal systems. The attack has since been claimed by Hive ransomware, who added the company to their leak site on June 23rd, 2022. | Unknown |
| TB Kawashima (Japan) | One of the company’s Thai subsidiaries was targeted in a cyberattack. LockBit added the company to their leak site on June 17th, 2022, and began leaking allegedly exfiltrated data on June 25th. | Unknown |
| Napa Valley College (US) | A ransomware attack knocked the college’s website and network systems offline around June 10th, 2022. The attack caused some computer systems to be locked up, while on-campus telephones and employee email accounts became disabled. | Unknown |
| Governments of Kentucky and Arkansas (US) | Cybercriminal gang SiegedSec announced on their Telegram channel that they leaked internal documents and files retrieved from government servers as part of a politically motivated attack. The 7-8 GB dataset allegedly includes personally identifiable information on employees and more. | Unknown |
| Medical University of Innsbruck (Austria) | On June 26th, 2022, Vice Society added the university to its data leak site, leaking an extensive list of documents allegedly stolen during an attack on June 20th. A limited review of the exposed data confirms they appear genuine. | Unknown |
| Bank of the West (US) | Debit card numbers and PINs were stolen by skimmers installed on several ATMs. The stolen information, which possibly also includes names and addresses, may have been used to create fake debit cards and attempt cash withdrawals. | Unknown |
| Fitzgibbon Hospital (US) | Daixin Team claims to have exfiltrated 40GB of data in a ransomware attack. The leaked data includes patient names, treatment information, health insurance information, employee data, and more. | Unknown |
| California Department of Justice (US) | The department released the 2022 Firearms Dashboard Portal on June 27th, 2022, which included publicly accessible files containing identifying information of gun owners with concealed carry permits. This includes names, race, home address, date of birth, date of permit issue, and type of permit. | >2,891 |
| Dripping Springs Independent School District (US) | The Texas school district notified the Attorney General’s Office of a data breach. Exposed information includes names, addresses, Social Security numbers, driver’s licence numbers, medical information, and health insurance information. | 367 |
| Walmart (US) | On June 27th, 2022, Yanluowang ransomware added the retailer to their leak site, claiming to have encrypted between 40,000 and 50,000 devices. The leak site entry includes multiple files supposedly extracted from Walmart’s internal network. The company has denied the alleged attack. | Unknown |
| Multiple Companies (Israel) | Hacker group Sharp Boys claims to have breached and stolen data from multiple Israeli tourism sites on June 28th, 2022. The affected sites allegedly include Isrotel, Minihotel, Trivago, and DanHotels. They released a spreadsheet they claimed contained the personal information individuals, including ID numbers, addresses, credit card information, and more. | 120,000 |
| SuperAlloy Industrial Company Ltd (Taiwan) | On June 28th, 2022, Hive ransomware added the company to its leak site, claiming to have encrypted the company’s servers on June 21st. Hive claims to have exfiltrated over 1.5TB of data. | Unknown |
| OpenSea (Taiwan) | The NFT marketplace disclosed a data breach on June 29th, 2022. An employee from their email delivery vendor, ‘customer[.]io’, downloaded and shared email addresses provided by users and newsletter subscribers to an unauthorised external party. | Unknown |
| Christiana Spine Center (US) | A ransomware attack occurred on February 25th, 2022. Potentially exposed data includes names, addresses, phone numbers, Social Security numbers, health insurance identification number, and personal health information. | Unknown |
Attack Types mentions in Education
Time Series
-Jun-30-2022-02-27-56-20-PM.png)
This chart shows the trending attack types related to Education within a curated list of cyber sources over the past week.
Weekly Industry View
Industry View
| Industry | Information |
|---|---|
| Critical Infrastructure | On June 26th, 2022, Slovak Telekom suffered a cyberattack that rendered its internal IT systems inoperative. This prevented its website and Telekom app from functioning, while customer service help desk lines were also limited. |
| Technology | Lumen researchers identified a sophisticated campaign leveraging infected SOHO routers to distribute a multistage remote access trojan, dubbed ZuoRAT. The campaign targets networks of interest in North America and Europe. The sophistication of the tactics and techniques used in this campaign suggests a state-sponsored actor. The identified activity exploited CVE-2020-26878 and CVE-2020-26879 in JCG-Q20 routers, however numerous other manufacturers, such as ASUS, Cisco, DrayTek and NETGEAR, are believed to be targeted. |
| Cryptocurrency | On June 24th, 2022, Harmony announced that hackers stole around $100 million in digital coins after attacking its Horizon bridge. The attackers then swapped the stolen funds for Ether and moved them into the Tornado Cash mixer. Elliptic determined that the nature of the hack and the subsequent laundering of assets strongly indicate that North Korea’s Lazarus Group may be behind the attack. |
| Government | On June 27th, 2022, the National Cyber Security Centre (NKSC) of Lithuania warned of an ongoing distributed denial-of-service (DDoS) attack targeting the Secure National Data Transfer Network, as well as other government institutions and private companies. Parts of the Secure National Data Transfer Network have been disrupted. Pro-Russia threat group Killnet has taken credit for the attacks, citing retaliation against Lithuania’s banning of shipments sanctioned by the European Union to Kaliningrad. Killnet also claims that the websites for four Lithuanian airports have been crippled. |
| Banking & Finance | On June 15th, 2022, Cleafy researchers discovered a new Android banking trojan, dubbed Revive. Revive appears to target customers of a top-tier Spanish bank via phishing campaigns. According to its code and C2 infrastructure, the trojan appears to be at its early stages. Revive masquerades itself as a legitimate-looking app and enables the threat actors to perform account take over attacks. Its three main capabilities include abusing the Accessibility Services to perform keylogging, performing ‘on-device’ phishing attacks using clone pages to steal login credentials, and intercepting SMS messages. |
News and information concerning each mentioned industry over the last week.
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
