14 October 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
LibreOffice
ZOHO ManageEngine ADManager Plus
Microsoft Hyper-V
Windows 11
Apple iPadOS
Deep & Dark Web
Name Heat 7
Instagram
NVIDIA GeForce Now
Apache HTTP Server
VMware vCenter
Cisco VPN

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Transdev (France) LockBit ransomware operators claimed to have stolen 200GB of data which they threatened to release on October 10th, 2021. Transdev claims the data belongs to one of their clients. Unknown
Consolidated High School District 230 (US) Pysa ransomware listed the district on their leak site. Over 10GB of data was dumped. Potentially compromised information on staff and personnel includes names, dates of birth, email addresses, passwords, Medicaid ID numbers, and more.  Unknown
Haverhill Public Schools (US) The school district was listed on the Pysa ransomware leak site. The attackers dumped 2.5GB of data containing information on students and personnel. Possibly exposed data includes name, addresses, medical history, and more.  Unknown
Queensland Police Service (Australia) An email accidentally exposed the email addresses of all recipients. Many addresses belonged to members of the Australian Federal Police, the Australian Department of Defence, and Queensland Health. 350
Cox Media Group (US) A ransowmare attack on June 3rd, 2021, took down live television and radio broadcasts. Personal information was also thought to have been exposed in the attack, including names, addresses, Social Security numbers, financial account numbers and more. ~ 800
Manhasset School District (US) An attacker claims to have stolen data after conducting a ransomware attack against their systems. The district was able to restore data from its backup system. An investigation is ongoing to determine what information may have been stolen. Unknown
JDC Healthcare Management (US) An attacker was able to view or copy certain data from their servers between July 27th and August 16th, 2021. Potentially compromised information includes dates of birth, Social Security numbers, clinical information and more.   Unknown
Dallas Independent School District (US) A data breach occurred in June 2021 affecting former employees, students and others in 37 states. Potentially compromised information includes names, Social Security numbers, dates of birth, and some student medical record information. 795,497
Plumsted Township (US) An unauthorised party had access to their email environment between April 19th and May 24th, 2021. Potentially accessed information on residents includes names, addresses, Social Security numbers, dates of birth, financial account information, medical history, and more. Unknown
Harvard-Westlake School (US) Data on some of the schools alumi was expsoed by an unknown actor. The data includes SAT scores, GPAs, transcripts and recommendation letters. The affected people are reportedly the children of well-known individuals. 150
BrewDog (UK) The company’s app used the same hardcoded API bearer token to authenticated each of its shareholders. Users were able to access the personal information and discounts of other users. The exposed data includes names, dates of birth, email and delivery addresses, phone numbers, and more. 200,000
Oregon Eye Specialists (US) An unauthorised individual accessed some company email accounts between June 29th and August 31st, 2021. Potentially accessed information includes dates of birth, medical record number, financial account information, and more. Unknown
Virginia Department of Behavioral Health and Developmental Services (US) The personal information of some residents was leaked on the department’s website for their Individual and Family Support programme. Unknown
Pacific City Bank (US) The company confirmed they were targeted by AvosLocker ransomware operators on August 30th, 2021. Potentially compromised information includes names, addresses, Social Security numbers, loan application forms, wage and tax details, and more.  Unknown
Facebook (US) A database allegedly containing the private information of  Facebook users has been listed for sale in an online hacker forum. Potentially compromised information includes names, email addresses, phone numbers, locations, genders, and user IDs.  1.5 billion
Argentine Army, Ministry of Defence and Ministry of Security (Argentina) A database containing personal information of individuals was posted on Twitter. Compromised data includes names, civil records, phone numbers, emails, and addresses. Victims of the leak were primarily soldiers, army members and some Ministry officials. 1,193,316
San Juan Regional Medican Center (US) A malware attack in September 2020 resulted in protected health information of patients being stolen. 68,729
ReproSource (US) A ransomware attack on August 8th, 2021, resulted in exposure of patient information. Potentially compromised data includes names, addresses, phone numbers, email addresses, dates of birth, and billing and medical information. An unspecified number of individuals also had their driver’s license numbers, passport numbers, Social Security numbers, and financial account data exposed. 350,000
Lion Street Financial (US) Several employee email accounts were hacked in January 2021. Potentially compromised information includes dates of birth, Social Security numbers, medical information, financial account information and more.  Unknown
Premier Patient Healthcare (US) In April 2021, a former executive improperly accessed and acquired a file containing patient data after the executive terminated with them. Possibly exposed information includes name, age, race, county and state of residence, Medicaid information and more. 37,636
Align Technology (US) The company appeared on two dark web leak sites after they allegedly refused to pay ransom demands. The data dumped appears to contain some patient data. Unknown
Hariexpress (Brazil) A misconfigured ElasticSearch server resulted in an estimated 1,751,023,279 billion records and over 610GB of data being exposed online. Potentially compromised information includes names, email addresses, physical addresses, billing details and more. Vendors may have also had business ID numbers, tax information, and account credentials leaked. Unknown
ProQuality (US) An unprotected database containing 82 million records of clients, including the Amazon-owned Whole Foods Market, Skaggs, Smith System, and Chalk Mountain Services was leaked online. The 9.57GB of exposed data contains names, physical addresses, partial credit card numbers, as well as internal security and business data. Unknown

Attack Type mentions in Critical Infrastructure

Time Series

This chart shows the trending attack types related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Cryptocurrency Hold Security discovered a recent phishing campaign that targeted Italian Coinbase users. The attackers were able to successfully bypass two-factor authentication, netting at least 870 sets of credentials before the phishing site was taken offline. The attackers identified active Coinbase accounts by attempting to sign-up new accounts using email addresses of more than 2.5 million Italians. These email addresses would then be targeted with Coinbase-themed phishing emails.Technology
Government Reuters reports the SolarWinds hackers stole data from the nine United States federal agencies breached in the attack. The data includes information on counterintelligence investigations, sanction policies for Russian individuals, and the country’s response to COVID-19.
Critical Infrastructure Microsoft researchers tracked a new activity cluster, dubbed DEV-0343, conducting password spraying attacks against Office 365 tenants since July 2021. Over 250 targets have been observed, including United States and Israeli defence technology companies, ports of entry in the Persian Gulf, and global maritime transportation companies with locations in the Middle East. DEV-0343 emulates a Firefox or Chrome browser to conduct the attacks, using numerous Tor proxy networks to host IPs. The researchers believe the activity likely supports the national interests of Iran.
Healthcare DarkOwl researchers identified an ongoing COVID-19 vaccination scam allegedly run by members of XGroup. The attackers trick victims into providing their personal information, and likely some form of payment, and claim they can hack into European Union (EU) hospitals and falsify registration records to add unvaccinated people to the registers. The researchers noted that EU hospitals should be aware of the possibility that the offer is legitimate and mitigate accordingly.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal