09 September 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Apple iOS 14
ActiveX
Microsoft Office
Apple macOS
Atlassian Confluence
Deep & Dark Web
Name Heat 7
Instagram
Microsoft Word
Pac-resolver
Proxy-Agent
Node.js

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Autodesk (US) The company stated that one of its SolarWinds servers was compromised in December 2020. Unknown
Deerfield, Massachusetts (US) The town revealed that an unauthorised party viewed or acquired the personal information of several residents in a data breach on March 25th, 2021. The possibly stolen information reportedly varies for each resident and has not been disclosed. Unknown
Dallas Independent School District (US) A data breach was discovered on August 8th, 2021. The compromised data may include names, addresses, phone numbers, Social Security numbers, dates of birth, and other current and former employee details. Current and former students may have also had their names, Social Security numbers, dates of birth, medical conditions, and more, exposed. Unknown
Coalinga State Hospital (US) The hospital suffered a data breach  on July 21st, 2013, October 12th, 2016, and August 27th, 2019, when an employee imporoperly disclosed information on 1,800 current and former employees in court. Potential exposed information includes patient names, birthdays, legal commitment information, and admission dates. 1,800
Pacific City Bank (US) The operators of AVOS Locker ransomware added the bank to its data leak site on September 4th, 2021, and published files they claim to have stolen in the attack. Unknown
Chinook School Division (US) The Saskatchewan based school district accidentally made student records public on January 28th, 2020. Compromised information includes students’ names, identification number, phone numbers, grades, and parent email addresses. 2,841
Vocus NZ (New Zealand) The internet service provider triggered an internet outage on September 3rd, 2021, by responding to a distributed denial-of-service (DDoS) attack against its customer. The outages affected customers in some of New Zealand’s largest cities, including Auckland, Wellington and Christchurch. Unknown
California State University, Chico (US) Chico State campus police are conducting an investigation into a data leak that revealed the personal information of students requesting a religious exemption from the Covid-19 vaccine. The names and contact information of 30 students were published. 130
France An aggregation of recent data leaks containing personal information for French citizens has appeared for sale online. Possibly compromised information includes names, postal addresses, email addresses, and telephone numbers.  39 million
Nevada Restaurant Services (US) An unauthorised actor was able to copy personal information of customers from their system following a cyberattack discovered on January 16th, 2021. Potentially compromised information includes names, dates of birth, Social Security numbers, drivers licenses, passport numbers, biometric data, credit card information, and more.  Unknown
Howard University (US) A ransomware attack was discovered on September 3rd, 2021, disrupting internet access across the school’s Northwest Washington campus, while many of its systems were taken offline as a precaution. Unknown
CITY4U (Israel) A hacker, operating under the alias Sangkancil, claims to have stolen data from CITY4U which is used by Israeli local authorities to process property taxes, fines, and utility bills. The hacker, who is attempting to sell the data, has so far released images of Israeli identity cards, driver’s licenses, and tax bills. Unknown
France-visas (France) The French Ministry of Foreign Affairs and the Ministry of the Interior reported that a cyberattack targeted the France-Visas website and compromised the data of visa applicants. The incident exposed names, passport and identity card numbers, nationalities, and dates of birth 8,700
PeduliLindungi (Indonesia) The Indonesian COVID-19 tracking app was affected by an unspecified cyber incident which resulted in the leak of personal data, including national identification numbers and COVID-19 vaccination information, of Indonesian residents. Unknown
Morocco The private information of more than 2 million Moroccans was leaked on the dark web on September 3rd, 2021, after the information was extracted by hackers from LinkedIn. Potentially compromised information includes names, profession, employer information, and email address. 2 million
eCapital (US) Two ransomware groups claimed attacks against the freight factoring provider eCapital. Conti ransomware operators claimed an attack against the company in June 2021, while the Lorenz ransomware group also announced an attack against the company in late July. Both groups posted proof of data allegedly stolen from the company as password-protected archives, making them impossible to verify. Unknown
Mohammad V University of Rabat (Morocco) A hacker exposed resumes from students at the Mohammed V University of Rabat. Possibly compromised information includes postal addresses, photographs, and email addresses.  2,181
Phetchabun Hospital (Thailand) A threat actor stole the personal details of The Phetchabun Hospital patients in Thailand. Potentially compromised information includes names, phone numbers, and medical data. 10,095
Texas Right to Life (US) The anti-abortion group reported a data leak after a bug on their website enabled anyone to access resumes stored on an unprotected directory. The personal information of job applicants was exposed, with possibly compromised information including names, phone numbers, addresses, and employment history. ~300
Bridgeport, West Virginia (US) The local government informed residents of a ransomware attack that targeted the city in May 2021. Information potentially accessible to the attackers included Social Security numbers, birth dates, addresses, driver’s license numbers, and more Unknown
Bhumirajanagarindra Kidney Institute Hospital (Thailand) The hospital was targeted in a cyberattack discovered on September 6th, 2021 and the personal and treatment information of patients was stolen by the attacker. Unknown
McDonalds (UK) A bug caused an accidental leak of login names and credentials to the Monopoly VIIP games production and staging databses to the competition winners. Unknown

Threat Actor mentions in Critical Infrastructure

Time Series

This chart shows the trending Threat Actors related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Government The German government warned its Russian counterpart to stop engaging in illegal cyber activities. An increase in phishing attacks targeting German officials has been observed in the lead-up to the September 26th parliamentary elections. The attacks, attributed to the actor Ghostwriter, targeted members of the federal and local parliaments, and have been on the rise since February 2021. According to Foreign Ministry spokeswoman Andrea Sasse, Ghostwriter has been reliably linked to Russian state actors, and the Russian intelligence directorate GRU. Sasse, as well as German intelligence services, warned that the attacks may be gathering intelligence for disinformation campaigns seeking to influence the elections
Critical Infrastructure  The Federal Bureau of Investigation (FBI) released a notice that warns of ransomware attacks that aim to disrupt supply chains, with targets ranging from small farms to large producers, processors and manufacturers, and markets and restaurants. The FBI noted that the food and agriculture sector has been increasingly targeted in ransomware attacks in the past months.The notice warns that such attacks could result in financial loss as a result of ransom payments, loss of productivity, and remediation costs.
Technology The Jenkins project discovered an attack against its deprecated Confluence service in late August 2021. The attacker leveraged the Confluence exploit tracked as CVE-2021-26084 to install a Monero miner on the targeted server. The server was taken offline, and the Confluence service has been permanently disabled. Although deprecated to read-only status, the server was linked with the integrated identity system behind Jira, Artifactory, and numerous other services, potentially compromising secrets. Jenkins did not find any proof of developer credentials being exfiltrated, though all privileged credentials were rotated as a precaution.
Education Tallinn University of Technology warned users of a spam campaign impersonating its rector Tiit Land. The spam emails, sent from a third party server, contain a ZIP attachment that deploys trojan malware.
Cryptocurrency Researchers at Kaspersky reported that attackers are impersonating the Luno team to contact users via email with offers of free cryptocurrency. The message informs the users that a payment to their account has been ‘placed on hold due to error(s)’ on their profile. The target is encouraged to click on a link that directs them through a chain of redirects to a spoofed Luno login page which impersonates the real site. The user is prompted to enter their credentials which are then sent to the attackers

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal