25 March 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Netgear RBR850
Cisco IOS
Apache OFBiz
Adobe ColdFusion
F5 BIG-IP
Deep & Dark Web
Name Heat 7
cPanel
MyBB Forum Software
TeamSpeak
F5 BIG-IP
F5 BIG-IQ

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Midland News Association (UK) An unauthorised third party published the personal information of the association’s journalists following a ‘data security incident.’ Leaked data includes names, addresses, bank account details, national insurance numbers, and dates of birth of former employees. Unknown
Unknown PrivacySavvy researchers discovered a number of open and accessible data servers associated with several travel apps, mostly in the public ride-sharing and booking sector. The apps were found to be vulnerable to attacks in which an actor could pull hidden directories from subdomains to reveal sensitive information. Unknown
Atascadero State Hospital (US) A California Department of State Hospitals employee was revealed to have improperly accessed the data servers of the hospital. The breach, discovered on February 25th, 2021, compromised the names, COVID-19 test results and tracking data of patients and employees. 2,032
Acer (Taiwan) The electronics company was targeted in a REvil ransomware attack, with the attackers asking for a $50,000,000 ransom. The attackers posted images of documents they supposedly stole in the attack on their data leak site, including financial spreadsheets, bank balances, and bank communications. Unknown
Mendelson Kornblum (US) On January 5th, 2021, the company became aware that an unauthorised third party had accessed one of its servers for an unknown amount of time. Accessible data included patient names, medical record numbers, certain information relating to medical images, and more. Unknown
Birmingham City Council (UK) The data of children entitled to free bus passes were accidently added to the Brum Account service by council staff. The issues reportedly exposed the details of ‘thousands of vulnerable children’. Unknown
Lumino (New Zealand) On March 15th, 2021, Lumino-owned Wellington Oral Surgery discovered that a hacker compromised an employee’s email account and accessed patient data. Lumino stated that they are confident that the issue is an isolated incident. Unknown
Kentucky Wesleyan College (US) In September 2020, the college discovered a data breach impacting certain current and former faculty, students, staff, and others. Potentially accessed information includes names, Social Security numbers, dates of birth, addresses, and more. In ‘some limited instances’, data such as taxpayer number, biometric data, and more may also have been compromised. Unknown
MangaDex The site was compromised by an attacker who acquired admin access. The hacker downloaded the site’s source code, and published the source code on GitHub. The threat actor has also reportedly acquired the site’s database. Unknown
Hobby Lobby (US) Security researcher ‘boogeyman’ discovered an unsecured AWS bucket that publicly exposed around 136GB. Exposed data included customer names, phone numbers, physical and email addresses, as well as the last four digits of payment cards. Employee names and email addresses were also exposed, as was the source code for the company’s app. 300,000
Shell (The Netherlands) Shell disclosed that it had been impacted by security issues relating to Accellion’s File Transfer Appliance. An unauthorised party accessed some files during a limited time frame. Impacted data includes personal information from Shell companies and stakeholders. Unknown
Elector (Israel) An anonymous actor leaked a database with the names and ID numbers of all eligible voters in Israel on March 22nd, 2021. According to Haaretz, some of the leaked data, which could not be authenticated, appears to have been taken from sources other than the Elector app, contrary to the actor’s claims.  Unknown
Jacques Scott Group (Cayman Islands) The retailer was targeted in a ransomware attack. The personal data of employees, shareholders and pension account holders was affected. No customer information or financial data was exposed during the attack. 150
Spargo Inc (US) On March 14th, 2021, the company discovered a Sodinokibi ransomware attack that impacted the majority of its servers and files, with its backups also being unusable. Potentially exposed data includes names, addresses, email addresses, phone numbers, and more. Unknown
Sewell Family of Companies (US) The SFC disclosed a data security incident that took place on August 1st, 2020. An unauthorised individual attempted to gain access to the company’s network, during which time the personal information of some customers or employees may have been exposed. Unknown
  DeCotiis, Fitzpatrick, Cole & Giblin LLP (US) An unknown actor gained access to certain employee email accounts between April 28th and May 8th, 2020. Potentially accessed data includes names, dates of birth, Social Security numbers, and driver’s licenses or state identification numbers. Unknown
University of Colorado (US) The Clop ransomware operators have published screenshots of files stolen from Accellion FTA servers in December 2020, including student grades, university financial documents, and more. According to the university, potentially impacted data includes student and employee information, limited health, and more. Unknown
University of Miami (US) The Clop ransomware group has begun to post screenshots of files stolen from Accellion FTA servers in December 2020. The threat actors shared screenshots of patient data, which includes medical records, demographic reports, and more. Unknown
California State Controller’s Office (US) An employee at the agency’s Unclaimed Property Division fell victim to a spear phishing attack. Sources informed KrebsOnSecurity that the attacker had access to Microsoft Office 365 files and possibly any files shared with the account across the state network. The attacker reportedly stole Social Security numbers and sensitive files on thousands of state workers. The SCO stated that IT staff found no access to any Office 365 files besides the employee’s mailbox. Unknown
Fat Face (UK) The clothing retailer was targeted in a cyberattack, discovered on January 17th, 2021, that resulted in unauthorised access to its systems. The intruder is believed to have accessed personal employee and customer data, including names, addresses, email addresses, as well as the expiration dates and last four digits of credit cards. Unknown
FBS (Cyprus) WizCase researchers discovered an unsecured ElasticSearch server containing almost 20TB of data and over 16 billion records. The exposed data includes customer names, passwords, email addresses, passport numbers, national IDs, credit cards, and financial transactions. Unknown
Telsolutions (UK) The Register reported that text messages sent by Telsolutions Ltd on behalf of a dozen UK councils contained links to sites with little to no authentication to protect personal data. One user found that changing the URL of the site displaying his personal data allowed him to view the data of other alleged tax defaulters. Unknown
Line Corp (Japan) Japanese Prime Minister Yoshihide Suga ordered government employees to stop using the messaging app Line, following reports that a Chinese affiliate of Line Corp breached users’ personal data. The intruder allegedly had access to phone numbers, as well as email and home addresses, of nearly 86 million Japanese users. The company denied that Line users were affected in any breach ‘from the outside’. Unknown
Haven Behavioural Healthcare (US) The healthcare provider identified unusual activity on workstations between September 24th and September 27th, 2020.The documents impacted by the incident may include names, dates of birth, medical history, treatment information, and more. Unknown
Solairus Aviation (US) The company reported that it was notified by Avianis, a third-party vendor, that an unauthorised party accessed Avianis’s Microsoft Azure cloud hosting platform. Possibly accessed data includes employee and clients’ Social Security numbers, passport numbers, financial account numbers, and more. Unknown
Apperta Foundation (UK) Security researcher Rob Dyke discovered two public Github repositories containing API keys, usernames, passwords, and more belonging to the healthcare non-profit. Unknown
Mott Community College (US) The Michigan college discovered that an unauthorised individual exfiltrated files associated with the school’s dental insurance, including the names and dates of birth of employees who were enrolled between 2014 and 2015 and in 2019. Unknown
PCS Revenue Control Systems (US) The vendor for Florida’s Polk County schools was targeted in a data breach on December 19th, 2019. An unauthorised actor may have gained access to student names, identification numbers, and dates of birth. Unknown

Attack Type mentions in Banking

Time Series

This chart shows the trending Attack Types related to Banking over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance The Central Bank of Russia warned users of a highly skilled threat actor specialising in the deep analysis of financial mobile applications in order to detect and exploit weaknesses and vulnerabilities.The actor has carried out at least two attacks so far, in one case obtaining and leaking the identity, bank account data, and card number of the customers of an undisclosed bank, and in another case making an unauthorised transfer from an account. 
Government The US Federal Bureau of Investigation (FBI) issued a Private Industry Notification warning state, local, tribal, and territorial government entities of an observed increase in business email compromise attacks from 2018 through 2020. The increase was particularly observed at the beginning of the COVID-19 pandemic.The FBI warned that spoofed emails, phishing attacks, vendor email compromise, and credential harvesting techniques continue to be used to redirect payments to bank accounts under the attackers’ control.
Critical Infrastructure Dragos researchers detailed recent activity of STIBNITE, a group that was observed targeting wind generation and government entities in Azerbaijan from late 2019 through 2020. The threat actor uses spear phishing techniques to deliver PoetRAT, which is then used for information gathering activities. Observed post exploitation activity includes listing files, taking screenshots, transferring files, and command execution. STIBNITE uses PypyKatz and LaZagne for credential harvesting, as well as open-source resources for web browser credential theft. The researchers warn that, although STIBNITE currently focuses on IT networks, data collected by the group could be used for future ICS network compromises.
Technology Researchers at SentinelLabs identified threat actors targeting Apple developers via a malicious Xcode project, dubbed XcodeSpy. The project is an altered version of a legitimate open-source project that allows iOS developers to animate the iOS Tab Bar. The malware includes an obfuscated Run Script which drops a custom version of the EggShell backdoor onto the target machine. The backdoor can record the target’s camera, microphone, keyboard, and can upload and download files.
Education The UK’s National Cyber Security Centre (NCSC) issued an alert warning of further targeted ransomware attacks against the UK’s education sector, with an increase observed since late February 2021.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal