19 November 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Cisco Security Manager
Cisco IoT Field Network Director
Cisco WebEx Meetings Server
Nagios XI
Deep & Dark Web
Name Heat 7
Microsoft Windows Defender
Telegram App
Mozilla Thunderbird

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
The North Face (US) A successful credential stuffing attack prompted the company to reset tokens associated with customer payment cards and reset passwords for an undisclosed number of accounts. The attackers may have gained access to names, dates of birth, telephone numbers, billing and shipping addresses, and more. Unknown
Inmagine Group (Malaysia) A threat actor was observed selling a database belonging to the stock photo site 123RF that contains 8.3 million user records. These include members’ names, email addresses, PayPal emails, IP addresses, and MD5 hashed passwords. The most recent record was dated October 27th, 2019. The breach was caused by hackers who accessed a server located at the company’s data centre. Unknown
Vertafore (US) Vertafore identified potential unauthorised access to three data files between March 11th and August 1st, 2020. The files were found to have been accidentally stored in an unsecured external storage service. Exposed data included driver information for licenses issued before February 2019, including Texas driver license numbers, names, dates of birth, addresses and vehicle registration histories.  Unknown
Unknown Researchers at vpnMentor discovered an unsecured database belonging to an unidentified threat actor operating a Facebook phishing scam. The database contained over 150,000 Facebook account credentials, as well as over 100,000 email addresses, names and phone numbers for individuals who have registered on a fake Bitcoin site. The data was collected between June and September 2020. The database was previously targeted in a Meow bot attack that deleted the majority of the data. 250,000
Pluto TV (US) A hacker is currently sharing what they claim to be 3.2 million Pluto TV user records that were stolen in a data breach. The records include member’s display names, email addresses, bcrypt hashed passwords, dates of birth, device platforms and IP addresses. Pluto TV has not confirmed whether a breach has taken place. Unknown
Miltenyi Biotec (US) On November 4th, 2020, Mount Locker ransomware operators claimed responsibility for an attack against the company and leaked 5% of 150GB of data supposedly stolen from the company on their data leak site. Unknown
People Incorporated Mental Health Services (US) The Minnesota-based company suffered a data breach potentially affecting 27,500 individuals. Exposed data may include names, dates of birth, addresses, medical information, as well as a limited number of Social Security numbers, financial accounts, health insurance, and other information. 27,500
The Wash Tub (US) The company was notified of suspicious activity on cards which were previously used at its car washes. An investigation revealed that unspecified malicious software caused a breach of customers’ payment card data in a number of locations.  Unknown
Delaware Division of Public Health (US) A temporary staff member accidentally sent two unencrypted emails containing Covid-19 results on August 13th and August 20th, 2020, to an unauthorised user. Exposed data included patient names, dates of birth, phone numbers if provided, the date of the test, test location, and test result. 10,000
Dyras Dental (US) DataBreaches[.]net reported that the operators of Egregor ransomware had added Michigan-based Dyras Dental to its leak site in September 2020, but have since removed the listing. The data initially posted by the threat actors contained more than 100 files, including patient health information in the form of insurance billings and voice mail recordings, as well as employees’ W-2 statements. Unknown
Capcom (Japan) Capcom determined that some personal information was compromised in a recent ransomware attack. This includes the personal data of a small number of former and current employees, including names, addresses and passport information in certain cases, as well as sales reports and financial information. Personal information of customers and business partners may have also been compromised. Unknown
Coil Technologies Inc (US)  The micropayment company exposed hundreds of users’ email addresses by inserting them into the ‘To:’ field of an email sent out regarding an update to its terms and privacy policy.  Unknown
American Bank Systems (US) Security Report News stated that data belonging to the company has been published online by Avaddon ransomware operators. Exposed data contains information belonging to ABS and material belonging to their clients in the financial sector. This includes loan documents, credentials for network shares, invoices, business contracts, and other sensitive information.  Unknown
TronicsXchange (US) Security researchers at Website Planet identified that the now-defunct California-based electronics seller exposed over 2.6 million files via an unprotected AWS S3 bucket. The leak primarily impacts Californian residents who purchased or sold electronic equipment between 2012 and 2015. The accessible information included 80,000 ID photos, roughly 10,000 fingerprint samples, selfies, receipts, as well driving licenses which exposed names, dates of birth, home addresses, and more. Unknown
Edinburgh Woollen Mill (UK) The operators of Egregor ransomware added Edinburgh Woollen Mill to its data leak website and posted a ZIP file of what they claim to be data taken from the company. Unknown
Texas Reconstructive Orthopedic Center (US) HealthITSecurity reported that 12 data sets allegedly exfiltrated from the clinic have been posted online by DoppelPaymer ransomware operators. Unknown
Mercy Iowa City Hospital (US) The hospital discovered an employee’s email account was compromised between May 15th and June 24th, 2020. An investigation revealed that the compromised account contained the personal data of patients, including names, Social Security numbers, driver’s license numbers, dates of birth and more. 92,795
Liquid (Japan) A malicious actor gained access to its account and domain after the company’s domain hosting provider incorrectly transferred them control. The attacker was able to access user emails, names, and encrypted passwords. The company has not yet determined if IDs, selfies, and proof of addresses have been compromised. Unknown
YTO Express Group Co (China) The Chinese package delivery company apologised for a leak which exposed the data of its users. Five employees are accused of leasing their accounts to criminals who proceeded to sell user information to domestic and foreign telemarketing fraud groups. Exposed data includes names, phone numbers, addresses, and identification card numbers. ~400,000

Attack Type mentions in Healthcare

Time Series

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance  ESET researchers observed a supply-chain attack involving WIZVERA VeraPort, an integration installation program required by many government and banking websites in South Korea. The researchers believe that a legitimate but compromised website was used to replace the software that is delivered by WIZVERA VeraPort. Two malware samples were identified being delivered via this supply-chain attack, both of which are signed with legitimate certificates. The researchers attributed this recent attack to Lazarus Group and believe it to be a continuation of Operation Bookcodes, which has previously been attributed to the threat actor. 
Government Bitdefender researchers discovered a campaign carried out by an advanced persistent threat (APT) group that targeted government institutions in Southeast Asia from 2018 through 2020 and may still be ongoing. The campaign’s objective is believed to be the exfiltration of sensitive documents.The researchers identified three backdoors used by the group, namely Chinoxy, PCShare and FunnyDream. The researchers noted that evidence suggests that a Chinese-speaking APT is behind the campaign.
Retail & Hospitality Sucuri researchers discovered new malware targeting the e-commerce customer management platform PrestaShop. Using PHP code, the malware automatically injects a super admin PrestaShop user whenever a website owner logs into the backend of an infected site. The malware collects data from the site’s employee database table and, according to the researchers, might be upgraded and modified to add additional behaviours
Healthcare   Microsoft researchers identified three nation-state threat actors targeting seven prominent pharmaceutical companies and researchers involved in researching vaccines and treatment for Covid-19 in Canada, France, India, South Korea and the United States. The Russian group Strontium was observed continuing to use password spray and brute force attacks, whilst North Korean groups Zinc and Cerium primarily use spear phishing lures. Russia has rejected these claims.
Cryptocurrency   The cryptocurrency borrowing and lending service Akropolis was targeted in a ‘flash loan’ attack on November 12th, 2020, resulting in the theft of 2,030,841.0177 DAI (approximately $2 million). The attacker exploited two flaws related to the Deposit, ‘exploiting its flawed handling of the deposit logic in its SavingsModule smart contract.’

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal