Weekly Cyber Digest

02 June 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Microsoft Office
Microsoft Support Diagnostic Tool
macOS Monterey
Microsoft Word
Windows Powershell
Deep & Dark Web
Name Heat 7
Tor Browser
Microsoft Windows Defender
Microsoft Support Diagnostic Tool
Microsoft Word
VMware Workspace One Access

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Cooper University Health Care (US) An employee email account was accessed by an unauthorised actor on or before November 24th, 2021. Potentially compromised information includes names, dates of birth, diagnosis and treatment information, medical record numbers, and more. Unknown
Comstar LLC (US) The ambulance billing service discovered a security incident on their systems on March 26th, 2022. Possibly compromised data includes names, dates of birth, health insurance information, driver’s licences, financial account information, Social Security numbers, and medical assessment. Unknown
Alameda Health System (US) The company suffered a data breach that involved information in their email system. It remains unclear what type of data might be involved. ~90,000
AGCO (US) The Black Basta ransomware gang added the company to their leak site on May 25th, 2022, along with a sample of allegedly stolen data. An AGCO spokesperson confirmed that employee data was exfiltrated during the attack that occured on May 6th, 2022. Unknown
Verizon (US) A hacker reportedly obtained a Verizon database containing hundreds of employees’ personal information. The database is said to include full names, email addresses, corporate ID numbers, and phone numbers. Unknown
Calgary Urban Project Society (Canada) An employee’s email account was hacked in September 2021. The incident exposed the personal information of some individuals, including driver’s licences, bank statement, and rent reports. Unknown
Voto Consulting (US) Resumes and personal information of prospective workers were left exposed on an unsecured database. This includes names, email addresses, and candidate resumes. Many resumes included work histories, home addresses, phone numbers, and dates of birth, as well as immigration status and security clearances. >30,000
Martin University (US) The university experienced a ransomware attack on January 3rd, 2022. The attackers may have gained access to some student personal information. Unknown
Regina Public Schools (Canada) The school district suffered a BlackCat ransomware attack on May 22nd, 2022. The attackers claim to have encrypted 500GB of files and stolen assorted data, including tax reports, health information, passports, and social insurance numbers. Unknown
GitHub (US) GitHub disclosed that an attacker stole the login details of certain npm users. The data was in a 2015 archive with usernames, password hashes, and email addresses. Other accessed data includes private npm package manifests and package metadata dated April 7th, 2021, and more. ~100,000
State of Carinthia (Austria) On May 24th, 2022, the state suffered a BlackCat ransomware attack that caused a massive IT failure of government services. The attackers demanded a ransom in exchange for decryption software and data they claim to have stolen. The head of Carinthia’s press service stated there is no evidence any data was exfiltrated and that the data is backed up. Unknown
New York State Joint Commission on Public Ethics Commissioner (US) On May 28th, 2022, the commissioner reported that sensitive information was stolen from the commission’s system used for financial disclosures prior to 2015 in a February 2022 cyberattack. This includes email addresses, usernames, and passwords. Unknown
Spirit Super (Australia) On May 19th, 2022, a staff member’s email account suffered a phishing attack that compromised member records from 2019 and 2020. Potentially compromised information includes names, addresses, ages, email addresses, telephone numbers, member account numbers, and member balances. ~ 50,000
President Cyril Ramaphosa (South Africa) Hacking group SpiderLog$ claimed to have obtained the details of a loan the president took out from a top bank in South Africa in the 2000s. SpiderLog$ said it was able to use data previously leaked by N4ughtySecTU after they breached TransUnion in early 2022. The group allegedly supplied screenshots that prove they could also access sensitive military and intelligence data. Unknown
Aon Corporation (UK) An unauthorised third party gained access to certain systems at various times between December 29th, 2020, and February 26th, 2022. Possibly compromised data includes names, Social Security numbers, driver’s licence numbers, and benefit enrolment information. Unknown
Multiple Banks (Russia) Cyberint researchers identified a significant increase in stolen Russian credit card data appearing on dark web marketplaces. Most of the leaked cards are issued by Sberbank, with over 110,000 leaked Sberbank cards observed since the start of Russia’s invasion of Ukraine. Unknown
Ministry of International Trade and Industry (Malaysia) A server belonging to the ministry allegedly exposed the personal information of employees registered for a COVID-19 immunisation programme. Compromised data includes names, identity card or passport numbers, employee IDs, ages, genders, and contact numbers. Unknown
Australian National Disability Insurance Scheme Software provider CTARS disclosed that an unauthorised third-party gained access to its systems on May 15th, 2022. CTARS later found that a sample of their data had been posted on a dark web forum. Potentially compromised data includes medical information, Medicare and pensioner cards, and tax file numbers. Unknown
Pegasus Airlines (Turkey) A publicly accessible AWS S3 bucket exposed nearly 23 million files. This includes sensitive flight details like flight charts and navigation materials and personally identifiable information of crew. Unknown
Costa Rican Social Security Fund On May 31st, 2022 a Hive ransomware attack forced CCSS to shut down its systems, causing disruptions to medical care. The attack compromised the Unique Digital Medical File and the National Prescriptions System for the public pharmacies. Unknown
Optoma Technology (US) A ransomware attack resulted in unauthorised access to certain files between April 21st and May 1st, 2022. Potentially compromised information includes names, Social Security numbers, driver’s licence numbers, state identification numbers, financial account information, and more. Unknown
Kanza Cooperative Association (US) An unauthorised third party gained access to the company’s network on September 9th, 2021. Kanza has not publicly reported which types of information were affected in the incident. Unknown
Hanesbrands Inc (US) The company experienced a ransomware attack on May 24th, 2022. It remains unclear what impact the attack had on the company, or whether a ransom has been paid.  Unknown

Malware mentions in Technology

Time Series

This chart shows the trending malware related to Technology within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government CSIRT Italy issued an urgent alert warning of distributed denial-of-service attacks. The agency identified continuous signs of possible imminent attacks against national public entities, private entities providing a public utility service, or private entities whose image is identified with the country. The warning comes after the pro-Russian hacktivist group Killnet announced ‘Operation Panopticon’ on May 24th, 2022, and repeatedly called for ‘cyber fighters’ to volunteer.
Technology A zero-day flaw in Microsoft Office, dubbed Follina, could enable an attacker to execute code even if macros are disabled. The zero-day is thought to have been under active exploitation for seven weeks. Most recently, China-alligned TA413 used URLs to deliver ZIP archives containing Word Documents that weaponised the flaw to achieve code execution.
Education The FBI alerted the higher education sector that cybercriminals have been advertising credentials on dark web forums and publicly accessible forums. The credentials are often harvested via spear phishing, ransomware attacks, or other types of intrusions. 
Retail The Israel National Cyber Directorate identified a new and widespread ransomware attack targeting smart cash registers’ software. The attack targets the software vendors themselves. A message on the cash screen register appears to be a legitimate system message from the management interface. Once clicked, the malware is activated, and access to the register is locked.
Banking & Finance In early April 2022, Trustwave researchers observed Grandoreiro being spread via emails purporting to be a memo from a tax administration service. The campaign targets bank users from Brazil, Spain, and Mexico. The emails contain a link to a supposed PDF on DocuSign. The PDF leads to a ZIP archive with an MSI installer that features custom malicious JavaScript code to download and run the final payload.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal