Threat Reports / Weekly Threat Reports

Threat Summary: 18 – 24 October 2019

18 – 24 October 2019

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7d
FusionPBX

Adobe Acrobat

Google Home

Samsung Galaxy S10

Amazon Echo
Deep & Dark Web
Name Heat 7d
WinRAR

Trillium Security MultiSploit

Microsoft PowerPoint

WPA2 Wi-Fi Protected Access II

Amazon Echo

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches
Company Information Affected
Petrol Subsidy Programme (Malaysia) Private financial details of individuals registered with the Petrol Subsidy Programme in Malaysia were exposed online. The full bank account details of individuals were visible in the source code of the programme’s site when looking up MyKAD numbers. The data leak has since been solved. 2,900,000
CenturyLink (US) An exposed MongoDB database containing 2.8 million records, including personal information belonging to hundreds of thousands of CenturyLink customers was found online. Exposed customer information included names, email addresses, phone numbers, account-specific information, and more. The database was exposed for approximately ten months before it was closed on September 17th, 2019. Unknown
Mission Health (US) Health services provider Mission Health has begun to notify patients that the company website was compromised between March 2016 and June 2019. The company said that some customers who made purchases during this period may have had their data stolen. Unknown
Universiti Malaya (Malaysia) Data containing payslip details, including bank names and account numbers, that could be matched with Universiti Malaya staff names, MyKAD numbers and staff ID numbers was leaked on an anonymous file-sharing site. This comes after a recent defacement of the university’s E-pay portal. A second data leak contains Employees Tax and EPF numbers, department, branch location, position, salary and up to 24,000 login IDs and hashed passwords, believed to be from the E-Pay portal. It remains unclear whether the two data leaks are related. Unknown
Downingtown Area School District (US) A Downingtown Area School District student hacked the Naviance student portal and gained access to personal information of dozens of fellow students, including student IDs, addresses, grade point averages, phone numbers, genders, and more. District officials stated that the attack was not malicious and was part of a prank. Unknown
Mercedes-Benz (Global) A flaw in the MercedesMe app was found to display the account and vehicle information of other owners. This included names, recent activity, locations, phone numbers, and more. A Mercedes-Benz spokesperson noted that all information displayed was cached information, meaning that no real-time access to other accounts or financial data was exposed. The issue has since been resolved. Unknown
Home Group Limited (UK) Home Group informed 4,000 of its customers of a data breach that lasted approximately 90 minutes and is believed to have resulted in data theft. Potentially stolen data includes customer names, addresses, and contact information. No financial data was stolen. 4,000
AutoClerk (US) Researchers at vpnMentor identified an unsecured database belonging to Autoclerk, which was recently acquired by Best Western Hotels and Resorts Group. The database was hosted by Amazon Web Servers, held over 179GB of data and contained hundreds of thousands of booking details for customers worldwide. Exposed information included, names, phone numbers, addresses, masked credit card details, check-in times, room numbers, and more. The leak also exposed the information of individuals related to the US government, US military, and the Department of Homeland Security. Unknown
Multiple (Global) Wizcase researchers discovered nine unsecured medical databases exposing sensitive data of millions of patients, all of which were accessible without a password. Some of the databases have since been secured, yet some remain unsecured. The databases belong to Biosoft, ClearDent, Essilor, Nigeria HIV/AIDS Indicator and Impact Survey, Stella Technology, DeepThink Health and VScript, and Tsinghua University Medical College and Sichuan Lianhao Technology Group Co. Ltd. Unknown
Kalispell Regional Healthcare (US) Kalispell Regional Healthcare is informing its patients of a phishing attack, which was first discovered in August 2019. The data may have been accessed since May 24th, 2019. Exposed information includes patient names, addresses, and in some cases Social Security numbers, and medical information. The hospital does not believe any information has been misused. 130,000
National Neurology Registry (Malaysia) The data leak is due to an HTML scripting error on the website belonging to National Neurology Registry, which showed a link to the database with its required username and password. All data is downloadable and editable and the link to the database appears on Google search.. Exposed patient data includes NRIC numbers, phone numbers, addresses, and more. 17,000
Clover Sites (US) On May 22nd, 2019, researchers at Security Discovery identified a Clover Sites database containing 65,800 records, accounting for all the company’s past and present customers. Exposed details included names, billing information, and the last four digits of customers’ credit cards. The database also exposed internal information such as IP addresses, customer email communications, and other details. The database was secured in early October 2019. Unknown

This table shows a selection of leaks and breaches reported this week.

Malware Mentions in Banking

This chart shows the trending malware related to banking over the last week.

Weekly Industry View
Industry Information
Banking & Finance Researchers at Cofense identified a new phishing campaign targeting Stripe customers via a malicious email. The email informs targets that their account will be placed on hold due to invalid details. An embedded hyperlink in the email prompts users to review their details. Hovering over the link does not reveal the URL address. Users who click on the link are redirected to a series of fake Stripe login forms which ask for their email address, password, bank account number, and phone number. Once the target has entered these details, they are redirected to the legitimate Stripe site.
Government Researchers at ESET identified a new campaign, dubbed Operation Ghost, which they attributed to the Russian speaking threat group Dukes (also known as APT29). The group, which were suspected of hacking the DNC in the lead up to the 2016 US election, have carried out Operation Ghost without detection since 2013. The attackers targeted Ministries of Foreign Affairs in at least three different European Countries and also infiltrated the Washington DC based embassy of an unnamed European country. To carry out their attacks the group developed three new malware tools, named PolyglotDuke, RegDuke, and FatDuke. The group use their various new tools alongside older viruses to form a ‘sophisticated malware platform’, which allows them to steal credentials and move laterally through networks. The researchers described the group as ‘very persistent’.
Technology On October 21st, 2019, Avast revealed that they were compromised by a hacker who was likely attempting to perform a supply chain attack by targeting their CCleaner antivirus software. Avast first learned of the suspicious activity on September 25th, 2019, however, a subsequent investigation revealed that an unidentified attacker had been attempting to gain network access since May 14th, 2019. The attacker was probing the network using a temporary VPN account which they had acquired the username and password for. Although the account did not have admin privileges, the attacker was able to acquire them by performing a privilege escalation attack.
Retail, Hospitality & Tourism Researchers at vpnMentor identified an unsecured database that belonged to Autoclerk. The company, which was recently acquired by the Best Western Hotels and Resort Group, provides a combined reservation system for a range of companies in the travel and hospitality industry. The database, which was hosted by Amazon Web Servers, held over 179GB of data and contained hundreds of thousands of booking details for customers worldwide. Exposed information included, names, phone numbers, addresses, masked credit card details, check-in times, room numbers, and more. The leak also exposed the information of individuals related to the US government, US military, and the Department of Homeland Security. The researchers were able to see the travel plans and personal details of senior staff members such as US army generals travelling to Moscow, Tel Aviv, and other locations.
Healthcare Wizcase researchers discovered nine unsecured medical databases exposing sensitive data of millions of patients, some of which belong to third-party companies providing data management and insight for medical institutions. All databases were accessible without a password. Some of the databases have since been secured, yet some remain unsecured. The databases belong to Biosoft from Brazil, Canada’s ClearDent, Essilor in France, Nigeria HIV/AIDS Indicator and Impact Survey (NAIIS), Saudi Arabia’s Stella Technology, DeepThink Health and VScript in the US, and Tsinghua University Medical College and Sichuan Lianhao Technology Group Co. Ltd in China.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 18 November 2019

      Malware NextCloud Linux Servers hit with new NextCry ransomware BleepingComputer and security researcher Michael Gillespie analysed a newly spotted malware, named NextCry, which...
  • Silobreaker Daily Cyber Digest – 15 November 2019

        Ongoing Campaigns Microsoft Office 365 administrator accounts targeted in new phishing campaign PhishLabs researchers observed threat actors impersonating Microsoft and its Office...
  • Threat Summary: 08 – 14 November 2019

    08 – 14 November 2019 Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created...
View all News

Request a demo

Get in touch