28 January 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apple iOS 14
Apple iPadOS
TikTok
Microsoft Visual Studio
SonicWall SMA 100 Series
Deep & Dark Web
Name Heat 7
NVIDIA GeForce Now
Microsoft Windows Defender
TikTok
Microsoft Office
Oracle WebLogic

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
MyFreeCams (US) CyberNews researchers discovered a database supposedly belonging to MyFreeCams being sold on a popular hacker forum. The data was reportedly stolen from the company’s servers in an SQL injection attack in December 2020. The database is said to contain Premium members’ records, including usernames, email addresses, MyFreeCams Token amounts, and passwords in plain text. According to the company, the leak relates to a security incident that occurred in June 2010. 2,000,000
Unkown (Brazil) Researchers at PSafe’s dfndr lab identified a database that potentially exposes the data of almost all Brazillians. The database contains the detailed information of roughly 40 million companies and 104 million vehicles. Exposed data includes names, dates of birth, Cadastro de Pessoas Físicas, detailed vehicle information, and company data such as corporate names, trade names, Cadastro Nacional da Pessoa Jurídica, and foundation dates. 220,000,000
Einstein Healthcare Network (US) On August 10th, 2020, the organisation found suspicious activity within a ‘limited’ number of employee email accounts. An investigation determined that an unauthorised party had access to the accounts in August 2020. Emails and attachments in the accounts contained the information of some patients, including names, dates of birth, medical records, and more. In some cases, Social Security numbers and health insurance information was also included. Unknown
BuyUcoin (India) Kela Research and Strategy Ltd researchers discovered a stolen database containing the data of the cryptocurrency exchange. The leaked data includes names, emails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers, and deposit history. The theft was attributed to ShinyHunters. 325,000
Teespring (US) ShinyHunters leaked two SQL archives of Teespring user data on a public forum. The first file contains the email addresses for 8.2 million users, while the second archive holds hashed email addresses, usernames, names, phone numbers, home addresses, and Facebook and OpenID identifiers for 4.6 million users. ZDNet notes that not all accounts held all the listed information, nor were any passwords leaked. 8,200,000
Bonobos (US) ShinyHunters leaked a 70GB SQL file that was downloaded from a cloud backup of the retailer’s database. The data includes customer information, such as addresses, phone numbers, partial credit card numbers, password histories, and order information.The leaked data varies for each customers. Another threat actor claims to have cracked 158,000 SHA-256 passwords which they have paired up with login credentials. 7,000,000
MeetMindful (US) ShinyHunters exposed a 1.2GB file containing user information. This includes names, email addresses, dating information, hashed passwords, Facebook user IDs, and more. 2,280,000
Colliers International Group (Canada) The estate agency was targeted in a cyberattack attack discovered in November 2020. The attack was claimed by Nefilim ransomware operators, who listed the company on their site alleging files were stolen from the victim.The company did not confirm whether data was in fact stolen. Unknown
Facebook (US) Security researcher Alon Gal discovered a hacker on a forum selling access to a database containing the phone numbers of Facebook users. The database reportedly contains data on users from the US, Canada, the UK, Australia, and 15 other countries. The data can be accessed using an automated Telegram bot. Users can enter a phone number to receive a user’s Facebook ID, or vice versa. Initial results are redacted, with full results visible after buying credit. According to Facebook, the data relates to a flaw that was fixed in August 2019. 500,000,000
Australian Securities and Investments Commission ASIC identified an incident relating to Accellion software that is used to transfer files and attachments. The event involved unauthorised access to a server containing documents related to recent Australian credit licence applications. ASIC stated that ‘there is some risk that some limited information’ may have been accessed by the unauthorised party. Unknown
 Cook County, Illinois (US) On September 26th, 2020, security researcher Jeremiah Fowler discovered an unprotected database containing over 323,277 court records. Exposed information included full names, home addresses, email addresses, case numbers and private details about the cases. The records appear to be from Immigration Court, Family Court and Criminal Court, and date back to 2012. The most recent records were from 2020. Unknown
Ohio Department of Job and Family Services (US) An unspecified vulnerability resulted in the leak of the agency’s data. The flaw has since been patched, while details of the compromised personal information have not been disclosed. 146
Living Realty (Canada) The Markham-based real estate company was targeted in a cyberattack in November 2020. The attacker accessed purchase and sales agreements, mortgage approvals, cheques, driver’s licenses, passport information, social insurance numbers, and more. The affected information reportedly dates back at least five years. Unknown
Dutch COVID-19 databases RTL Nieuws reporter Daniel Verlaan identified photos of computer screens featuring the data of Dutch citizens being advertised on apps such as Snapchat, Wickr, and Telegram. The exposed data includes home addresses, email addresses, phone numbers, and citizens’ burgerservicenummer.Verlaan identified the data as coming from the Dutch Municipal Health Services CoronIT system and the DDG’s HPzone Light contact tracing system. Unknown
PupBox Inc (US) The Petco Health and Wellness Company subsidiary was targeted in a prolonged data breach disclosed on October 2nd, 2020. Attackers used an unauthorised website plugin to capture personal information. Potentially exposed data includes names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes. 30,000
Dairy Farm Group (Hong Kong) REvil ransomware attackers allegedly compromised the company’s network and encrypted devices around January 14th, 2021, and demanded a $30 million ransom. The actors provided screenshots of internal emails, Active Directory Users and Computers MMC as evidence of the attack. The company acknowledged the attack but are not aware of any data theft linked to it. Unknown
Casualino JSC (Bulgaria) WizCase researchers identified an openly accessible server belonging to popular online card and board gaming website VIPGames[.]com. Over 30GB of data was exposed, which contained 23 million records. Exposed data included usernames, emails, device details, IP addresses, hashed passwords, Facebook IDs, and more. 66,000
Aprilaire (US) Security researcher Jeremiah Fowler discovered an exposed database containing 1.2 billion records. The non-encrypted data, believed to be data sent from the company’s internet-connected products to a remote access server, was publicly viewable in plain text. The exposed records include device IDs, MacID, time stamps and IP addresses of connected devices. 1,100,000

Threat Actor mentions in Government

Time Series

This chart shows the trending Threat Actors related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Government Following a six-year period of dormancy, the actor self-identifying as Anonymous Malaysia threatened attacks against Malaysian government sites in a Facebook post. The group additionally demanded that the government do more to prevent data leaks. Security expert Kevin Reed believes that some attacks, most likely involving distributed denial-of-service, should be expected from the group.
Retail Abnormal Security researchers observed an ongoing campaign that aims to trick users into sending over payment in the form of Ebay or Best Buy gift cards. The emails, made to appear as a legitimate invoice from Ebay, were found to be highly targeted, with mentions of the victim’s name. The researchers note that no malicious link or attachment are present in the email, but instead the attack relies on social engineering techniques to convince the user to engage with the attacker.
Education According to the BBC, some laptops issued by the UK government to vulnerable students were found to contain Gamarue.I. The worm was first identified by Microsoft in 2012 and is capable of gathering information and collecting personal information. The malware reportedly appears to communicate with Russian servers.The Department of Education stated it is currently investigating the findings. Marium Haque of Education and Learning at Bradford Council recommends schools check their networks as a precaution.
Technology Researchers at Google’s Threat Analysis Group (TAG) discovered an ongoing campaign, conducted by a North Korean government-backed entity, that targets researchers working on vulnerability development and research. The threat actors established multiple Twitter accounts and a blog to increase their legitimacy. The blog features write-ups from unknowing yet legitimate ‘guest’ researchers, as well as fake exploits written up by the attackers. Researchers were contacted via email, Twitter, Telegram, Discord, Keybase, and LinkedIn.The attackers invited targets to work on a research project, after which they would send a Visual Studio Project with source code for exploiting a vulnerability and a DLL file that was executed via Visual Studio Build Events. The DLL is a custom malware that would then begin to communicate with the attacker-controlled C2.
Healthcare Numerous Twitter users have reported receiving an email purporting to come from the UK’s National Health Service (NHS). The message informs the users that they have been selected to receive a vaccine.The email contains two links asking the recipient to accept or decline the invitation. By clicking either option, the target is sent to a NHS phishing page containing vaccine information. The target is again offered to accept or decline. The attackers then ask for names, addresses, mother’s maiden name, mobile numbers, credit card details, and banking information. Multiple variants of the email are in circulation, but all feature a similar theme.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal