15 April 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Microsoft Windows 7 SP1
NetX (TCP/IP Stack)
Chrome V8 JavaScript Engine
Microsoft Edge
WhatsApp
Deep & Dark Web
Name Heat 7
Xbox 360
Chrome V8 JavaScript Engine
Microsoft Office
Fortinet FortiGate
Counter Strike Global Offensive

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Q Link Wireless (US) Security researcher Dan Goodin reported that Q Link Wireless exposed the details of its customers via its My Mobile Account app. A user could view the information of customers when they enter a valid Q Link Wireless phone number into the app. The issue, which was present since at least December 2020, exposed names, home addresses, email addresses, call records, and the last four digits of payment cards. Unknown
Upstox (India) The company informed its customers of a potential data breach after receiving emails claiming unauthorised access to its database took place. Contact data and Know-Your-Customer details stored in third-party data warehouse systems may have been compromised. The hackers released some samples of stolen data on the dark web. Unknown
Eventus Media International (Germany) Zerforschung researchers discovered personal data of individuals tested at the company’s COVID-19 centres in Hamburg, Berlin, Leipzig and Schwerte. Leaked data included names, addresses, dates of birth, telephone numbers, email addresses, and test results. 14,000
Iugu (Brazil) Security researcher Bob Diachenko discovered an unprotected server. The server, 1.7TB in size, reportedly contained users’ personal, banking and transaction data. Unknown
Certis (Singapore) A phishing incident reportedly led to the compromise of about 62,000 emails sent to a Certis customer service account. Some of the emails contained personal information, such as NRIC and credit card numbers. Unknown
The American Society for Clinical Pathology The ASCP revealed that attackers targeted its e-commerce site. The attackers had access to the site on or between March 30th, 2020 and November 6th, 2020. The attackers may have had access to payment card information such as names, credit, or debit card numbers, CVV numbers, and more. Unknown
Facebook (US) Motherboard identified a bot on Telegram that can collect the phone numbers of Facebook users. Attackers who wish to use the bot must identify the unique identification code of the Facebook page which can be done using a free-to-use site. The user then enters the page number into the bot which charges them depending on the size of the page. The publication found that the data appears to be historical, and the information of all users is not always provided. Unknown
Clubhouse (US) An unidentified actor leaked 1.3 million scraped user records belonging to the communications platform Clubhouse on the dark web. The leaked SQL database contains names, Twitter and Instagram handles, URL to user photos, and more. The company stated that the leaked data is publicly available via the platform’s API. Unknown
Ansal Housing (India) India’s real estate developers Ansal Housing revealed it has been targeted in multiple cyberattacks since February 26th, 2021, which may have resulted in data loss. Unknown
Paxful (US) The Coin Telegraph reported that an anonymous actor attempted to sell private customer and employee data allegedly stolen from the crypto exchange in a Russian-language Telegram channel. The actor claimed to be in possession of phone numbers, names, addresses and more numbering 4.8 million entries. The company stated that no customer data was compromised and that employee data was illegally obtained from a former third party supplier. Unknown
Durham Region (US) The Californian region notified the public of a cybersecurity incident that occurred with a third-party software provider and impacted the region. According to DataBreaches[.]net, CLOP ransomware operators have recently published 6.5 GB of files allegedly belonging to Durham Region, which appear to have been obtained in the Accellion breach. The leaked files reportedly include personal information related to children and students. Unknown
Signify Health LLC (US) Security researcher Dan Goodin reported that a former employee accidentally uploaded login credentials to a job board, which could be used to access support requests in Jira. They were only exposed for three hours. The company was unable to determine if any of the tickets in Jira contained protected health information. Unknown
Pierre Fabre LLC (France) The recently disclosed attack against the cosmetics giant was conducted with REvil ransomware. The attackers linked to a page featuring passports, contact lists, immigration documents, and more, which have allegedly been stolen from the company. Unknown
Credit Suisse Group The brokerage subsidy revealed that former employees’ personal data was leaked in March 2021. One or more individuals have been sued by Credit Suisse Securities for sending data about former employees to former employees, media outlets, and law enforcement. The information includes addresses, Social Security Numbers, bank account details and more. Unknown
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (US) On January 28th, 2021, abnormal behaviour was detected on CHPDC systems. The cyberattack is thought to have been carried out by a ‘sophisticated, foreign cybercriminal enterprise.’ At present, it is unclear how many CHPDC enrollees and what type of data may have been affected. Unknown
ParkMobile (US) Gemini Advisory researchers discovered account information of the parking app’s customers being sold on a Russian-language crime forum. Stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. ParkMobile issued a notification concerning a vulnerability in a third-party software that it uses. 21,000,000
Swarmshop  Group-IB reported that data belonging to admins, sellers, and buyers was leaked online alongside the details of 623,036 payment cards that were traded on the illegal carding shop. The information was leaked on March 17th, 2021, and includes the nicknames, hashed passwords, contact details, activity history, and current balances for 12,250 buyers, as well as the details of 90 sellers and four admins. 12,344
Edraak (Jordan) Researchers at TurgenSec discovered an unprotected cloud storage server belonging to the online education non-profit that contained at least tens of thousands of students’ data. Leaked data included names, email addresses, gender, birth years, country of nationality and some class grades. Unknown
LinkedIn (US) Cybernews researchers observed a threat actor selling an archive purportedly containing profiles scraped from the platform. The actor leaked a sample of 2 million records as proof. The sample contained users’ names, email addresses, phone numbers, workplace information, and more. According to LinkedIn, the data is ‘an aggregation of data from a number of websites and companies.’ 500,000,000
Atlantic Media (US) On March 1st, 2021, it was discovered that an unauthorized actor accessed the company’s servers. Certain portions of the network file-share server were potentially accessible to the intruder, exposing employee, subsidiary, and contractor tax documents with their names and Social Security numbers. Unknown
Bizongo (India) Website Planet researchers reported finding a misconfigured AWS S3 bucket owned by the supply chain automation firm on December 30th, 2020. The bucket contained over 2.5 million files featuring customer names, addresses, and phone numbers, as well as some purchase details and financial information. Unknown
Tata Communications (India) An unidentified actor claims to have obtained a 50GB database belonging to the tech giant, containing customer login credentials and phone numbers, backups of employee emails, and more. OpIndia was informed that the data was obtained by compromising the subdomains of Route Mobile, the company’s server manager. Both companies deny having been hacked. Unknown
Asbis (Czech Republic) The consumer electronics distributor was targeted in a ransomware attack in early April 2021, paralysing internal systems and resulting in the theft of data. The company was listed on the Avaddon ransomware leak site, with samples of the stolen data published as proof of the attack. Unknown
Manhunt (US) The gay dating app filed a notice with the Washington attorney general’s office that revealed that an attacker accessed the database it used to store account credentials for its users. The attacker proceeded to download usernames, email addresses, and passwords. 7,700
Mercato (US) An unidentified individual informed TechCrunch of a data leak that exposed thousands of customer orders after cloud storage buckets were left open and unprotected in January 2021. Exposed data included over 70,000 orders dating between September 2015 and November 2019, which included customer names, email addresses, home addresses, IP addresses, and more. Unknown
Unknown (Singapore) A female civil servant who was authorised to receive classified information on COVID-19, was accused of accessing computer materials for an unlawful purpose and sharing the data with an unauthorised WeChat group on 22 occasions. Unknown

Attack Types mentions in Education

Time Series

This chart shows the trending Attack Types related to Education over the last week.

Weekly Industry View

Industry View
Industry Information
Technology Vade Secure informed BleepingComputer of a large-scale tech support scam that involves users receiving emails purporting to be from Microsoft, McAfee, and Norton. The scammers, who have sent up to 200,000 emails a day, inform the user that they will be charged for antivirus software unless they phone a number contained in the email. The scammer the instructs them to download AnyDesk remote access software and runs a fake scanner to convince the user that their computer is infected. The attacker then asks the user to enter their details into a Notepad window while they attempted to install TeamViewer in the background.
Banking & Finance McAfee researchers found BRATA malware disguised as several security scanner apps distributed on the Google Play store. One of the malicious apps, DefenseScreen, had reached 10,000 installs before being removed from Google Play. The malware initially targeted Brazil but has reportedly expanded to Spain and the United States. The malicious app prompts users to update Chrome, WhatsApp, or a non-existent PDF reader, but instead abuses accessibility services to take control of the device. The malware serves phishing URLs based on around 52 targeted financial and banking apps, matching them with apps found on the infected device.
Education Between February 16th, 2021 and March 15th, 2021, Palo Alto Networks Unit 42 researchers identified three instances where a UPX-packed cpuminer was delivered in malicious traffic to unnamed education organisations in Washington state. The researchers stated that the malicious requests contained evidence which indicates that a backdoor is running on the compromised host. The backdoor reportedly downloads the miner for crypojacking purposes.
Critical Infrastructure On April 11th, 2021, Iran’s Natanz nuclear facility suffered a power cut, which reportedly resulted in ‘severe damage’ to Iran’s enrichment program. The incident did not result in any casualties or cause radioactive pollution. Ali Akbar Salehi, spokesman for Iran’s atomic program, described the incident as ‘nuclear terrorism,’ stating that it was a deliberate act of sabotage. The Times of Israel reported that unidentified sources claim Israel’s Mossad was behind the cyberattack, whilst foreign ministry spokesman Saeed Khatibzadeh stated that Israel was ‘of course’ behind the attack. Israel has not commented on the incident.
Cryptocurrency Bitdefender researchers identified a series of attacks involving the hijacking of cryptocurrency wallets and exfiltration of information via the TOR network. The majority of attacks were observed in the United States and India. The attack creates a backdoor that communicates via TOR with its C2. The researchers believe the backdoor is human operated, rather than sending automated requests, and that BitTorrent clients are used to exfiltrate data. The malware turns off the firewall prior to exfiltration, steals Firefox browser profile data, whilst also archiving the profile folder with 7zip, and steals from Monero wallets using a legitimate CLI client.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker's Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal