Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
Trending Vulnerable Products
|Mozilla Firefox ESR|
|Cisco Prime Data Center Network Manager|
|GitLab Enterprise Edition|
|Deep & Dark Web|
|Mozilla Firefox ESR|
|McAfee Antivirus Plus|
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
|Sinai Health System (US)||The Chicago healthcare provider disclosed a data breach that may affect the personal health information of its patients, including names, addresses, dates of birth, Social Security numbers, health information, and health insurance information. It is believed that attackers gained access to the organisation’s email via a phishing attack.||12,578|
|SureBet247 (Nigeria)||An anonymous source contacted security researcher Troy Hunt to report six publicly accessible databases comprising about 32GB of data belonging to SureBet247. Exposed data includes names, email addresses, dates of births, and betting histories. iAfrikan analysed the databases and found that a number of other sports betting operators may also be affected.||Unknown|
|Almex (Japan)||The company’s search engine ‘HappyHotel’ suffered a security breach on December 22nd, 2019. Data compromised could include names, email addresses, login credentials, birth dates, gender information, home addresses, payment card details, and more. Almex suspended the website and posted a notice of the breach.||Unknown|
|Alomere Health (US)||On January 3rd, 2020, Minnesota-based Alomere Health began to notify patients of a data breach issue related to the unauthorised access of two employee email accounts. Access to the accounts would have allowed the unauthorised party to view personal and medical information. Exposed data included dates of birth, medical information, health insurance information, diagnostics, and more.||49,531|
|City of Bend (US)||A utility payments portal administered by CentralSquare could have had malicious code inserted into it. Customers who paid their utility bills online between August 30, 2019 and October 14, 2019, may have had card details including name, number, security code, expiration date and billing address compromised.||5,000|
|Front Rush (US)||A security researcher discovered an exposed Amazon Web Services server that belonged to Front Rush.The exposed server contained over 700,000 files which held data such as personal addresses, dates of birth, performance reviews, financial aid agreements, and more.||Unknown|
This table shows a selection of leaks and breaches reported this week.
This chart shows the trending Malware related to Critical Infrastructure over the last week.
|Banking & Finance||ComputerWeekly reported that the attack which hit Travelex on December 31st, 2019, was caused by Sodinokibi ransomware. The incident forced Travelex to take all their computer systems offline. BleepingComputer spoke to Sodinokibi operators, who claimed responsibility for the attack. The hackers stated that they also copied more than 5GB of personal data including Social Security numbers, card information, and more. Security researchers are speculating that the attackers gained access via an unpatched vulnerability in Pulse Secure VPN servers. On September 13th, 2019, Bad Packets informed Travelex about vulnerabilities on seven of their servers but did not receive a response.|
|Government||On January 5th, 2020, the Austrian Foreign Ministry revealed that it had been hit by a ‘serious cyberattack’ which targeted their IT systems. The attack, which reportedly began on January 4th, 2020, was quickly detected and countermeasures were deployed. The Ministry stated that the severity of the attack meant that the potential involvement of a ‘state actor’ could not be dismissed.|
|Critical Infrastructure||On December 29th, 2019, Iranian state-sponsored hackers deployed a new strain of data-wiping malware on the network of Bahrain’s national oil company Bapco. The company’s network continued to function after the attack, as only some of Bapco’s computers were impacted. The new strain of malware, dubbed Dustman is a data wiper malware created to delete data on infected computers. The malware is reportedly a more advanced version of the ZeroCleare wiper, which also has several similarities to the original Shamoon virus. The key differences between ZeroCleare wiper and Dustman are that Dustman’s drivers and loaders are all delivered in one executable file in contrast with ZeroCleare’s two files. In addition, Dustman overwrites the volume, while ZeroCleare wipes a volume by overwriting it with random data.|
|Cryptocurrency||Bitdefender researchers identified a re-implementation of the Mirai botnet which is written in Golang and used for mining Monero cryptocurrency. The new botnet, which is named LiquorBot, was first spotted in May 2019. Since its initial discovery the botnet has been consistently updated by its authors. LiquorBot primarily spreads through SSH-brute forcing and by exploiting a range of unpatched flaws including remote command execution vulnerabilities and command injection vulnerabilities. The researchers found that the botnet uses the same C2 server and shares a number of features with Mirai variants. LiquorBot has at times also been deployed alongside Mirai.|