10 June 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Snapdragon Mobile
Google Chrome Browser
Microsoft Office
Adobe Photoshop
SAP NetWeaver ABAP
Deep & Dark Web
Name Heat 7
Xbox 360
phpMyAdmin
Oracle MySQL
Magento
Viber

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
ExaGrid (US) The backup disk storage equipment supplier was hit with Conti ransomware. The attackers encrypted confidential information and exfiltrated data. Unknown
Unknown CyberNews reported that a forum user posted a compilation of passwords, dubbed ‘RockYou2021’, as a 100GB TXT file. CyberNews ran its own tests and found that the compilation contains 8,459,060,239 unique entries. Unknown
Navistar (US) The company confirmed that its information technology system was targeted in a cyberattack on May 20th, 2021, and it received a claim that some of its data had been extracted. Unknown
Brechin High School (UK) An investigation is ongoing into a cyberattack that targeted the school and resulted in the personal information of its students being released online. The compromised data includes exam results and student profiles that contain information about learning difficulties and mental health issues, emergency contact details, and more. 1,800
New York City Law Department (US) The NY Daily News reported that a cyberattack targeted the department. Social Security numbers and other sensitive information may have been exposed during the incident. Unknown
LineStar Integrity Services (US) The pipeline services provider is believed to have been targeted in a Xing Team ransomware attack. The actor published 70GB of files allegedly stolen from the company on their dark web site. The data includes 73,500 emails, business documents, software code, and human resource files featuring employee driver’s licenses and Social Security cards. Unknown
BlueCross BlueShield Kansas City (US) The Missouri healthcare provider notified its members that their data was compromised in an attack against its cloud vendor LogicGate on February 23rd, 2021. The affected data includes names, birthdates, Social Security numbers, and medical information. 47,034
Ministry of Defence (UK) An unredacted list of recently promoted British soldiers, including over a hundred Special Forces soldiers, was mistakenly sent to hundreds of civil servants and soldiers without password protection or protective markings. The leak reportedly circulated in WhatsApp, and was shared with the media. 1,182
Western Michigan University Homer Stryker MD School of Medicine (US) A WMed employee fell victim to a phishing attack, which resulted in outside access to their email account. The attack took place between January 11th and 21st, 2021, and exposed the personal information of current and former employees and their healthcare beneficiaries. The compromised data included names, dates of birth and Social Security numbers. 2,474
The Northwestern Illinois Area Agency on Aging (US) The NIAAA disclosed that its client data was accessed by an unauthorised user between March 5th and March 9th, 2021.  Unknown
New South Wales Health (Australia) On June 4th, 2021, NSW Health s notifying individuals whose data may have been impacted due to the cyberattack launched against Accellion’s File Transfer Appliance. The breach includes identity information and, in certain cases, health related information.  Unknown
Tokyo Olympics (Japan) A recent breach of the Fujitsu ProjectWEB tool used by a Japanese government contractor compromised the data of individuals from 90 organisations involved in hosting the Tokyo Olympics. The leaked data included names and affiliations.  170
New York Pizza (Netherlands) The pizza chain disclosed that a hacker stole customer data and is currently demanding a ransom. The exposed data includes email addresses, delivery addresses, telephone numbers, and some passwords. Phishing emails are also currently being sent out using New York Pizza’s ‘noreply’ email address. 3,900,000
Skinners’ Kent Academy and Primary School (UK) The schools were targeted in a cyberattack on June 2nd, 2021, resulting in stolen data and encrypted pupil information. The schools lost all their vital information on the pupils, but state that it does not appear that the personal records were stolen. Parents were advised to inform banks about potentially compromised banking information. Unknown
 ADATA (Taiwan) The memory manufacturer was hit with ransomware on May 23rd, 2021. The operators of Ragnar Locker claimed responsibility and stated that they stole 1.5TB of data from ADATA. Screenshots of data posted as proof show that the group has access to legal documents, employee information, confidential files, financial data, schematics, Gitlab and SVN source code, and more. Unknown
Sugarfina (US) Customers who made purchases on the company’s site between November 1st, 2019, and September 3rd, 2020, may have had their credit or debit card information stolen. Unknown
St. Clair County (US) The county was targeted in a Grief ransomware attack on May 28th, 2021. The actor claims to have stolen 2.5GB of data, including internal company documents, as well as personal and customer information. Unknown
Humana Inc (US) The Kentucky health care provider has been named in a lawsuit alleging that its contractor Visionary Medical Systems Inc exposed sensitive patient data. An employee of the contractor allegedly shared plan members’ medical records through a personal Google Drive account between October 12th, 2020, and December 16th, 2020. The breach exposed patients’ Social Security numbers, names, birthdates, and addresses. 63,000
Leonia School District (US) An employee of the school in New Jersey accidentally published a payroll document alongside the public agenda of the board of education on May 21st, 2021. The document revealed the Social Security numbers of teachers, custodians and administrators. 300
Victor Valley Union High School District (US) The school is informing its employees of a malware infection which occurred on February 26th, 2021. The district learned that data stored in its network was accessed by an unauthorised party. The exposed information includes names and Social Security numbers. Unknown
Unknown NordLocker researchers analysed a database containing stolen personal information that was accidentally leaked by the attackers. It contained 1.2TB of data, including 26 million login credentials for 1.1 million unique email addresses, over 2 billion cookies and 6.6 million files. The data was collected by malware spread via email and apps impersonating legitimate software. Unknown
Unispec Group Singapore The hacker group ALTDOS claims to have accessed the intranet servers of the company and stolen its coding, files and databases, including sensitive information relating to trade secrets, employees, customers, and more. The group leaked the data after not receiving contact from the victim. Unknown
Audio House (Singapore) ALTDOS claims to have stolen the personal information of Audio House customers and leaked the data on June 4th, 2021. Potentially stolen data includes names, email addresses, home addresses, contact numbers, credits with the company, and members’ past sales transaction records. 290,000
City University of New York (US) On May 31st, a threat actor claimed to have exfiltrated 11GB from the university and began advertising it on the Marketo dark web marketplace. The actor claims to be in possession of payment data, budget reports, projects, contracts, and other information, but admits to not having any student data. Unknown
The Michigan Fitness Foundation (US) The company discovered unauthorised access to four of its email accounts on December 2nd, 2020. The information contained in the accounts included customer names, addresses, dates of birth, and Social Security numbers. Unknown

Attack type mentions in Education

Time Series

This chart shows the trending Attack Types related to Education within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance The United States Financial Industry Regulatory Authority (FINRA) warned users of an email phishing campaign impersonating the organisation and using a domain name featuring FINRA. The email prompts users to follow a link to view a non-existing firm compliance request, and threatens users with penalties if unspecified information is not submitted.
Government Check Point researchers discovered a surveillance campaign targeting the employees of a government entity in Southeast Asia. The campaign is delivered via spear phishing emails that contain weaponized copies of legitimate looking DOCX documents. Each document downloads a remote template that is a malicious RTF file containing RoyalRoad. The malware gathers some system details from the victim, before a custom next-stage backdoor is downloaded from the C2. The backdoor is capable of manipulating files, taking screenshots, running CMD commands, gathering information, and more. The campaign has been attributed to a Chinese threat group called SharpPanda.
Technology Morphisec researchers observed an ongoing campaign using pay-per-click Google ads to deliver malicious AnyDesk, Dropbox and Telegram packages wrapped in ISO images. The campaign targets specific IP ranges in the United States and likely other countries. Three distinct attack chains were identified that can be attributed to two threat actors. The first actor delivers Redline, whilst the second delivers Taurus and mini-Redline infostealer, a new minimised .NET version of Redline.
Education The UK’s National Cyber Security Centre (NCSC) stated that it is currently investigating an increase in ransomware attacks targeting schools, universities and colleges. The NCSC warned that attackers often target networks via VPNs or Remote Desktop Protocol endpoints containing vulnerabilities, or other unpatched systems, as well as phishing emails. 
Cryptocurrency Microsoft researchers discovered a new ongoing campaign targeting Kubeflow. The attackers target exposed Kubeflow interfaces and deploy legitimate TensorFlow images aiming to mine cryptocurrency. The attackers used two miners, XMRig for CPU mining, and Ethminer for GPU mining. The deployments on the targeted clusters occurred simultaneously, which the researchers stated indicates that the attackers scanned the clusters in advance and built up a list of targets.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal