28 January 2021
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
Trending Vulnerable Products
Open Source
| Name | Heat 7 |
|---|---|
| Apple iOS 14 |  |
| Apple iPadOS | |
| TikTok | |
| Microsoft Visual Studio |  |
| SonicWall SMA 100 Series | |
Deep & Dark Web
| Name | Heat 7 |
|---|---|
| NVIDIA GeForce Now |  |
| Microsoft Windows Defender | |
| TikTok | |
| Microsoft Office |  |
| Oracle WebLogic | |
The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.
Data Leaks & Breaches
Leaks & Breaches
| Company | Information | Affected |
|---|---|---|
| MyFreeCams (US) | CyberNews researchers discovered a database supposedly belonging to MyFreeCams being sold on a popular hacker forum. The data was reportedly stolen from the company’s servers in an SQL injection attack in December 2020. The database is said to contain Premium members’ records, including usernames, email addresses, MyFreeCams Token amounts, and passwords in plain text. According to the company, the leak relates to a security incident that occurred in June 2010. | 2,000,000 |
| Unkown (Brazil) | Researchers at PSafe’s dfndr lab identified a database that potentially exposes the data of almost all Brazillians. The database contains the detailed information of roughly 40 million companies and 104 million vehicles. Exposed data includes names, dates of birth, Cadastro de Pessoas Físicas, detailed vehicle information, and company data such as corporate names, trade names, Cadastro Nacional da Pessoa Jurídica, and foundation dates. | 220,000,000 |
| Einstein Healthcare Network (US) | On August 10th, 2020, the organisation found suspicious activity within a ‘limited’ number of employee email accounts. An investigation determined that an unauthorised party had access to the accounts in August 2020. Emails and attachments in the accounts contained the information of some patients, including names, dates of birth, medical records, and more. In some cases, Social Security numbers and health insurance information was also included. | Unknown |
| BuyUcoin (India) | Kela Research and Strategy Ltd researchers discovered a stolen database containing the data of the cryptocurrency exchange. The leaked data includes names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers, and deposit history. The theft was attributed to ShinyHunters. | 325,000 |
| Teespring (US) | ShinyHunters leaked two SQL archives of Teespring user data on a public forum. The first file contains the email addresses for 8.2 million users, while the second archive holds hashed email addresses, usernames, names, phone numbers, home addresses, and Facebook and OpenID identifiers for 4.6 million users. ZDNet notes that not all accounts held all the listed information, nor were any passwords leaked. | 8,200,000 |
| Bonobos (US) | ShinyHunters leaked a 70GB SQL file that was downloaded from a cloud backup of the retailer’s database. The data includes customer information, such as addresses, phone numbers, partial credit card numbers, password histories, and order information.The leaked data varies for each customers. Another threat actor claims to have cracked 158,000 SHA-256 passwords which they have paired up with login credentials. | 7,000,000 |
| MeetMindful (US) | ShinyHunters exposed a 1.2GB file containing user information. This includes names, email addresses, dating information, hashed passwords, Facebook user IDs, and more. | 2,280,000 |
| Colliers International Group (Canada) | The estate agency was targeted in a cyberattack attack discovered in November 2020. The attack was claimed by Nefilim ransomware operators, who listed the company on their site alleging files were stolen from the victim.The company did not confirm whether data was in fact stolen. | Unknown |
| Facebook (US) | Security researcher Alon Gal discovered a hacker on a forum selling access to a database containing the phone numbers of Facebook users. The database reportedly contains data on users from the US, Canada, the UK, Australia, and 15 other countries. The data can be accessed using an automated Telegram bot. Users can enter a phone number to receive a user’s Facebook ID, or vice versa. Initial results are redacted, with full results visible after buying credit. According to Facebook, the data relates to a flaw that was fixed in August 2019. | 500,000,000 |
| Australian Securities and Investments Commission | ASIC identified an incident relating to Accellion software that is used to transfer files and attachments. The event involved unauthorised access to a server containing documents related to recent Australian credit licence applications. ASIC stated that ‘there is some risk that some limited information’ may have been accessed by the unauthorised party. | Unknown |
| Cook County, Illinois (US) | On September 26th, 2020, security researcher Jeremiah Fowler discovered an unprotected database containing over 323,277 court records. Exposed information included full names, home addresses, email addresses, case numbers and private details about the cases. The records appear to be from Immigration Court, Family Court and Criminal Court, and date back to 2012. The most recent records were from 2020. | Unknown |
| Ohio Department of Job and Family Services (US) | An unspecified vulnerability resulted in the leak of the agency’s data. The flaw has since been patched, while details of the compromised personal information have not been disclosed. | 146 |
| Living Realty (Canada) | The Markham-based real estate company was targeted in a cyberattack in November 2020. The attacker accessed purchase and sales agreements, mortgage approvals, cheques, driver’s licenses, passport information, social insurance numbers, and more. The affected information reportedly dates back at least five years. | Unknown |
| Dutch COVID-19 databases | RTL Nieuws reporter Daniel Verlaan identified photos of computer screens featuring the data of Dutch citizens being advertised on apps such as Snapchat, Wickr, and Telegram. The exposed data includes home addresses, email addresses, phone numbers, and citizens’ burgerservicenummer.Verlaan identified the data as coming from the Dutch Municipal Health Services CoronIT system and the DDG’s HPzone Light contact tracing system. | Unknown |
| PupBox Inc (US) | The Petco Health and Wellness Company subsidiary was targeted in a prolonged data breach disclosed on October 2nd, 2020. Attackers used an unauthorised website plugin to capture personal information. Potentially exposed data includes names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes. | 30,000 |
| Dairy Farm Group (Hong Kong) | REvil ransomware attackers allegedly compromised the company’s network and encrypted devices around January 14th, 2021, and demanded a $30 million ransom. The actors provided screenshots of internal emails, Active Directory Users and Computers MMC as evidence of the attack. The company acknowledged the attack but are not aware of any data theft linked to it. | Unknown |
| Casualino JSC (Bulgaria) | WizCase researchers identified an openly accessible server belonging to popular online card and board gaming website VIPGames[.]com. Over 30GB of data was exposed, which contained 23 million records. Exposed data included usernames, emails, device details, IP addresses, hashed passwords, Facebook IDs, and more. | 66,000 |
| Aprilaire (US) | Security researcher Jeremiah Fowler discovered an exposed database containing 1.2 billion records. The non-encrypted data, believed to be data sent from the company’s internet-connected products to a remote access server, was publicly viewable in plain text. The exposed records include device IDs, MacID, time stamps and IP addresses of connected devices. | 1,100,000 |
Threat Actor mentions in Government
Time Series
This chart shows the trending Threat Actors related to Government over the last week.
Weekly Industry View
Industry View
| Industry | Information |
|---|---|
| Government | Following a six-year period of dormancy, the actor self-identifying as Anonymous Malaysia threatened attacks against Malaysian government sites in a Facebook post. The group additionally demanded that the government do more to prevent data leaks. Security expert Kevin Reed believes that some attacks, most likely involving distributed denial-of-service, should be expected from the group. |
| Retail | Abnormal Security researchers observed an ongoing campaign that aims to trick users into sending over payment in the form of Ebay or Best Buy gift cards. The emails, made to appear as a legitimate invoice from Ebay, were found to be highly targeted, with mentions of the victim’s name. The researchers note that no malicious link or attachment are present in the email, but instead the attack relies on social engineering techniques to convince the user to engage with the attacker. |
| Education | According to the BBC, some laptops issued by the UK government to vulnerable students were found to contain Gamarue.I. The worm was first identified by Microsoft in 2012 and is capable of gathering information and collecting personal information. The malware reportedly appears to communicate with Russian servers.The Department of Education stated it is currently investigating the findings. Marium Haque of Education and Learning at Bradford Council recommends schools check their networks as a precaution. |
| Technology | Researchers at Google’s Threat Analysis Group (TAG) discovered an ongoing campaign, conducted by a North Korean government-backed entity, that targets researchers working on vulnerability development and research. The threat actors established multiple Twitter accounts and a blog to increase their legitimacy. The blog features write-ups from unknowing yet legitimate ‘guest’ researchers, as well as fake exploits written up by the attackers. Researchers were contacted via email, Twitter, Telegram, Discord, Keybase, and LinkedIn.The attackers invited targets to work on a research project, after which they would send a Visual Studio Project with source code for exploiting a vulnerability and a DLL file that was executed via Visual Studio Build Events. The DLL is a custom malware that would then begin to communicate with the attacker-controlled C2. |
| Healthcare | Numerous Twitter users have reported receiving an email purporting to come from the UK’s National Health Service (NHS). The message informs the users that they have been selected to receive a vaccine.The email contains two links asking the recipient to accept or decline the invitation. By clicking either option, the target is sent to a NHS phishing page containing vaccine information. The target is again offered to accept or decline. The attackers then ask for names, addresses, mother’s maiden name, mobile numbers, credit card details, and banking information. Multiple variants of the email are in circulation, but all feature a similar theme. |
News and information concerning each mentioned industry over the last week.
Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.
