29 April 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Juniper Junos OS
Oracle VM VirtualBox
Oracle MySQL
Gatekeeper (macOS)
Deep & Dark Web
Name Heat 7
Gatekeeper (macOS)
Snapchat App
Apple Pay
Solarwinds Orion

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Unknown (US) Cyble Inc researchers identified a threat actor advertising 246GB of personally identifiable information belonging to US residents. The data leak includes names, phone numbers, emails, home addresses, dates of birth, income, political affiliation, and more. The researchers noted that the data may have been taken from a marketing or advertisement company. 59,000,000
Yale New Haven Health (US) The healthcare system disclosed that Elekta, a company providing software to run linear accelerators for radiation treatment of cancer patients, suffered a data breach, that has impacted the healthcare provider. Unknown
Gyrodata Incorporated (US) An unauthorised actor had access to Gyrodata systems at various times since January 16th, 2021. The actor may have obtained current and former employees’ information, including names, addresses, dates of birth, drivers’ license numbers, Social Security numbers, passport numbers, W-2 tax forms, and more. Unknown
Unknown Municipality (Italy) Avaddon ransomware operators claimed an attack against Unione di Comuni Colli del Monferrato, but the actor is mistakenly pressuring Unione dei Colli DiVini with a distributed denial-of-service attack. The actor published some files exfiltrated from its victim, which include a document from Cisliano, a Milanese municipality unconnected to the other two locations. The group later changed the name of their target to the Municipality of Villafranca D’Asti, which is also unrelated to the published documents. Unknown
MangaDex MangaDex contacted members to inform them that they detected a breach around December 2020. The impacted data includes email addresses, hashed passwords, and IP addresses. Unknown
Illinois Attorney General’s Office (US) DoppelPaymer ransomware operators targeted the office and released a number of files as proof. The files reportedly contain some personal information, but nothing critical to current investigations or personnel data. Unknown
Santa Clara Valley Transportation Authority (US) The VTA was hit by a ransomware attack. The actor Astro has since released a post on the dark web claiming to be in possession of 150GB of data stolen from VTA and threatened to leak it if the organisation does not cooperate. Unknown
Kansas Department of Labor (US) KWCH discovered that Social Security numbers could be used to obtain the personal data of anyone on the KDOL website. The department has since launched an investigation into a possible data breach and are seeking to determine whether $600 million was stolen by scammers due to the KDOL website being insecure. Unknown
Socialist Party of Albania Transparency International alleges that the Socialist Party of Albania maintained an illegally obtained database with personal information on citizens. Additionally, the party is accused of assigning spies to monitor voters. Albanian Prime Minister Edi Rama stated that the party does use a monitoring system, and that the data is being collected in door-to-door meetings. 910,000
Reverb[.]com LLC (US) On April 5th, 2021, security researcher Bob Diachenko identified an unprotected Elasticsearch server that belongs to the music gear reseller. Exposed records include full names, email addresses, phone numbers, physical addresses, listing orders, and more. The leak exposed the details of various high-profile sellers from popular bands. Unknown
Mipharm SPA (Italy) The operators of Sodinokibi ransomware released some screenshots of data they claim to have stolen from the Milan-based pharmaceutical company. Unknown
MSPharma (Jordan) Sodinokibi ransomware operators added MSPharma to its lists of victims. Leaked files related to this company appear to include data from United Pharmaceutical Manufacturing Co, a firm MSPharma reportedly does business with. Unknown
Washington DC Metropolitan Police Department (US) The department was targeted in a Babuk ransomware attack. The actor claims to have stolen 250GB of data, and leaked screenshots of the stolen information as proof. The screenshots revealed file directories containing information on operations, disciplinary records, and files related to gang members operating in Washington DC. Unknown
COVID-19 Secretariat of Northwest Territories (Canada) The secretariat mistakenly sent an email revealing the email addresses and some names of travellers currently self-isolating in Yellowknife. Unknown
Presque Isle Police Department (US) Avaddon ransomware operators threatened to leak data allegedly stolen from the department. City Manager Martin Puckett confirmed that the police department server was accessed by unauthorised actors.The actor claims to possess victim statements, personal data of employees, reports of criminal cases, and other confidential data.  Unknown
Wyoming Department of Health (US) On March 10th, 2021, the department discovered that a staff member unintentionally exposed 53 files containing coronavirus and influenza test result data and another file with breath alcohol test results. The exposed data includes names, addresses, dates of birth, and more. 164,021
Unknown (US) The threat actor Pompompurin leaked a database containing the data of US citizens and residents. The leak contains names, telephone numbers, addresses, dates of birth, credit and income information, and more. 250,806,711
DigitalOcean (US) TechCrunch reported that the cloud infrastructure company informed customers that billing information linked to their account was exposed from April 9th to April 22nd, 2021. Exposed details include names, addresses, last four digits of payment cards, expiry dates, and the name of the card issuing bank. Unknown
OGUsers According to researchers at KELA, forum administrators revealed that the site was hacked after attackers uploaded a web shell to their server. The attacker accessed a complete dump of the forum database. The database contained user records and private messages of  OGUsers members. 350,000
Osborn Cancer Care (US) DataBreaches[.]net reported that the operators of Avaddon ransomware released nearly 30GB of data they claim to have stolen from Capital Medical Center. Further analysis revealed that the attack actually targeted Osborn Care instead. The leaked data includes over 85,000 files containing personal information of patients and employees. Unknown
Experian (US) Security researcher Bill Demirkapi discovered that anyone could access an Experian API without requiring authentication and use publicly available information, such as name and mailing address, to obtain a person’s credit score. Experian stated that it was a ‘single instance’ that has been fixed, however, Demirkapi believes thousands of companies may be using the same API and might also be leaking data. Unknown
Newcomb Secondary School (Australia) The school was targeted in a ransomware attack which resulted in the theft of documents. The actor responsible for the attack posted some of the stolen documents online, including one containing the name of a student. The leaked files include student’s assignments and teachers’ planning materials.  Unknown
Merseyrail (UK) On April 18th, 2021, BleepingComputer received an email from the compromised work email account of Merseyrail director Andy Heath. The attackers also sent the same message to staff and various UK newspapers. The email claims that a recent outage was caused by a Lockbit ransomware attack that involved data theft. Merseyrail confirmed that they were hit with a cyberattack. Unknown

Malware mentions in Government

Time Series

This chart shows the trending Malware related to Government over the last week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Researchers at Armor Blox identified two email phishing lures that targeted Chase customers. The first purported to be a credit card statement, while the second impersonated the Chase Fraud Department and informed users that their accounts were locked. Both campaigns bypassed native Microsoft email security controls and directed the targets to phishing pages where they were encouraged to share their bank account credentials.
Government Researchers at Bitdefender identified a long-running NAIKON operation that targeted government and military organisations in Southeast Asia between June 2019 and March 2021. The aim of the campaign was data theft and cyberespionage. The group initially used Aria-Body loader and Nebulae as the first stage of the attack before including the RainyDay backdoor in September 2020 as their main tool.
Tourism & Retail An investigation into unusual activity related to Radixx Res, first identified on April 20th, 2021, revealed that malware had been installed on the Radixx system. The incident resulted in many airline passengers not being able to make, change, delete, or confirm bookings on impacted airline sites. Those affected include Peach Aviation, ZIPAIR, Air Belgium, Sky Airlines, Air Transat, Vietravel Airlines, Aero K Airlines, Salam Air, FlySafair, Air India Express, and Wingo.
Technology ClickStudios disclosed a breach that occurred between April 20th and April 22nd, 2021. CSIS Group researchers discovered a rogue DLL, dubbed Moserpass, contained within a malicious ZIP file that was dropped via the update mechanism of the company’s password manager Passwordstate. The company stated that customers who performed an In-Place Upgrade between April 20th and April 22nd, 2021, may be affected. ClickStudios also warned of ongoing phishing attacks impersonating the company.
Cryptocurrency Researchers at Fortinet identified a campaign on YouTube promoting a Bitcoin scam. The video, which was shown as a ‘Live’ video, featured a pre-recorded interview between Raoul Pal and Chamath Palihapitiya. The video featured a text message directing users to a recently registered domain. The user is instructed to send between 0.1 BTC to 20 BTC in order to receive double the amount back. The researchers stated that the scammers have so far made over $73,000 in BTC.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

This website uses cookies.
See our privacy policy at www.silobreaker.com/legal