07 October 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apache HTTP Server
IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition
MediaWiki Software
Cisco Small Business 220
Deep & Dark Web
Name Heat 7
Apache HTTP Server
Twitter
cURL project
Joomla
Google Android

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
JVCKenwood (Japan) Conti ransomware operators claimed to have stolen 1.7TB of data and demanded a ransom. The company stated that attackers may have accessed data during the attack. Companies Commission of Malaysia Unknown
Neiman Marcus (US) An unauthorised party obtained personal information associated with certain online customer accounts in May 2020. Potentially compromised information includes names, contact information, payment card information, usernames, passwords, security questions and answers, and virtual gift card numbers. ~4.6 million
Coinbase (US) A threat actor stole cryptocurrency from 6,000 Coinbase customers by exploiting a vulnerability in Coinbase’s SMS multi-factor authentication feature. The threat actor also gained access to the affected customers’ personal information, including names, email addresses, home addresses, and more. Unknown
Epilepsy Foundation of Texas (US) An employee email account was compromised via a phishing attack, possible resulting in a breach of patient data. Potentially compromised information includes names, dates of birth, driver license numbers, medical information, financial information, Social Security numbers, and more. Unknown
Pottawatomie County (US) The county was targeted in a ransomware attack on September 17th, 2021. The county is currently in the process of restoring its systems after paying a ransom to the attackers.MoneyLion (US) Unknown
Government of Portugal Personal information of Portuguese citizens have been expsoed via the government’s ‘Portal BASE.’ The data includes addresses, phone numbers, personal documents like citizen and taxpayer card numbers, and more. Skynet (Malaysia) Unknown
MTG USA & ReFa (US) A recent data breach affecting both companies may have resulted in the theft of customer data. Personal information such as names, credit card and debit card information may have been stolen. Unknown
Washington Adventist University (US) The university reported a ransomware attack on October 2nd, 2021, which resulted in WiFi and internet access becoming unavailable. The university stated that some data may have been exposed. Unknown
E.M.I.T Aviation Consulting Ltd (Israel) The operators of Lockbit 2.0 ransomware claim to have targeted the aerospace and defence company and threatened to release stolen data on their data leak site. It remains unclear how and when the attack took place.Butler County Sheriff’s Office (US) Unknown
Fimmick (Hong Kong) The operators of REvil ransomware claim to have breached the company’s databases and stolen data from numerous global brands. The attackers shared a directory structure of the stolen data online, with companies like Cetaphil, Coca-Cola, Hana-Musubi and Kate Spade listed. Unknown
South African Department of Justice A ransomware attack may have compromised at least 1,200 files containing personal information of citizens, including names, contact details, and banking details. OSF Healthcare (US) Unknown
Next Level Apparel (US) An unauthorised actor gained access to a number of employee email accounts, enabling access to the contents of the accounts between February 17th and April 28th, 2021. Potentially compromised information includes names, Social Security numbers, financial account numbers, medical information and more.  Unknown

Threat Actor mentions in Government

Time Series

This chart shows the trending threat actors related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance Cyble researchers observed a new phishing campaign impersonating Commerzbank that is using fake websites to spread malicious apps made to appear as the official Commerzbank app. The malware is a new variant of Hydra and capable of collecting contacts and SMS, stealing credentials, modifying device settings, and more. A variant of the HQwar banking trojan is also currently spread via fake Commerzbank apps, with the threat actor using the same IPs as for Hydra.Cryptocurrency
Retail & Tourism Researchers at Sift discovered an actor named Proxy Phantom carrying out automated credential stuffing attacks against online merchants with 1.5 million sets of stolen account credentials. The actor conducts as many as 2,691 login attempts per second using rotating IP addresses to make the requests appear more authentic and geographically distributed. The actor’s activity particularly increased between April and June 2021, when its IP clusters doubled.
Critical Infrastructure Cybereason researchers discovered an ongoing espionage campaign, dubbed Operation GhostShell, targeting the aerospace and telecommunications industries. The campaign has been active since at least 2018 and has largely been directed against entities in the Middle East. The threat actors use a custom remote access trojan, dubbed ShellClient, in highly targeted attacks. The campaign has been attributed to a previously unknown Iranian threat actor, dubbed MalKamak, that is likely state-sponsored.
Technology Sophos researchers detected a ransomware attack involving the new Atom Silo ransomware. The ransomware is ‘virtually identical’ to LockFile, though several novel techniques were used in the attack. Initial access was gained by exploiting a recently patched remote code execution vulnerability, tracked as CVE-2021-26084, in Atlassian Confluence Server to provide a backdoor.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal