26 August 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Razer Synapse
Adobe After Effects
Acrobat Reader DC
Windows Powershell
OpenSSL
Deep & Dark Web
Name Heat 7
Nmap
Windows 7
Google Play
Microsoft Xbox One
Razer Synapse

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
Evin Prison (Iran) A group operating under the name ‘The Justice of Ali’ shared videos with the Associated Press which appear to show security footage from the prison. The group claims to have hundreds of gigabytes of data and stated that the hack occurred several months ago. The videos bear timestamps from 2020 and 2021. Unknown
Oriflame (Russia) According to Roskomnadzor, a stolen database of Oriflame clients was detected on three internet resources. The Kommersant newspaper reported that the passport scans of Oriflame clients were put up for sale on a hacker forum. The company disclosed that it has been targeted in a series of cyberattacks. 1,300,000
Revere Health (US) The firm revealed that one of its employees was targeted in a phishing attack on June 21st, 2021, exposing medical records for patients in the Heart of Dixie Cardiology Department in St. George. The data includes medical record numbers, dates of birth, and some further medical and insurance information. 12,000
SAC Wireless (US) The Nokia subsidiary was targeted in a Conti ransomware attack on June 16th, 2021. An investigation into the attack revealed that the attackers stole personal information of current and former employees during their attack. This includes names, dates of birth, contact information, government ID numbers, Social Security numbers, and more. Unknown
Multiple Researchers at UpGuard discovered multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access. The identified exposure affected 47 entities including government bodies in the United States and private companies like American Airlines, J.B. Hunt, Ford, and Microsoft. Exposed personal data included COVID-19 contact tracing details and vaccination appointments, Social Security numbers, employee IDs, and millions of names and email addresses. The issue was first identified on May 24th, 2021. Unknown
Eye & Retina Surgeons (Singapore) The private clinic’s database containing personal data and clinical information of patients was targeted in a ransomware attack on August 6th, 2021. 73,000
Radboudumc (Netherlands) A former employee of the hospital reportedly uploaded a file containing confidential information of employees to GitHub. The exposed data included names, login names, email addresses, and phone numbers. The data of employees of organisations that work with Radboudumc was also leaked. Unknown
Metro Infectious Disease Consultants (US) An unauthorised third-party gained access to certain employees’ email accounts on June 24th, 2021. Some individuals’ personal information may have been accessed, with possibly compromised data including, names, insurance information, Social Security numbers, and more.  Unknown
Rolle (Switzerland) Spreadsheets containing data on Rolle residents were leaked on the dark web following a ransomware attack on May 30th, 2021. The impacted data includes names, addresses, dates of births, national insurance numbers and more. Unknown
ROC Mondriaan (Netherlands) The educational institution was targeted in a cyberattack on the weekend of August 21st, 2021, leaving students and employees unable to access its systems. Personal or sensitive data may have been accessed or stolen. Unknown
Atmana Inc (India) Security researcher Jeremiah Fowler discovered a non-password protected database belonging to the BlockerX app. The database contained a total of 121,624 records. Among the exposed data were usernames, email addresses, and encrypted user data. In addition, Amazon AWS bucket names and addresses used to upload attachments and screenshots were exposed. Unknown
Total Testing Solutions (US) The California-based start-up has taken down its website after a customer found that they could bypass the sign-in prompt and access the data of different users by altering a single digit in the website’s address. TechCrunch estimated that the flaw put about 60,000 tests at risk. Unknown
Arles Hospital Center (France) On August 18th, 2021, the operators of Vice Society ransomware claimed responsibility for an attack against the hospital and threatened to publish stolen documents. Unknown
New Zealand Department of Conservation The DOC Search and Rescue Base at Aoraki Mount Cook was hit with a ransomware attack on July 21st, 2021. The attack disabled staff access to the base’s network, and may have resulted in the compromise of data belonging to staff and individuals assisted by the base. Unknown
Smart Voting (Russia) The Russian tactical voting online platform was hit by a cyberattack. Member data, including email addresses, home addresses, and names, was leaked on the Telegram channel ‘Data1eaks’. The database may reportedly be associated with a smaller leak of 191,500 email addresses that was published on July 21st, 2021. 2,200,000
AT&T (US) DataBreaches[.]net discovered an underground forum post by the actor ShinyHunters offering the data of AT&T customers, including their Social Security Numbers and dates of birth. AT&T stated that the data does not appear to have come from their systems. 70,000,000
Lime Energy (US) The Willdan Group subsidiary was targeted in a cyberattack that was disclosed on December 15th, 2020. Information possibly exposed durign the incident includes names, Social Security numbers, driver’s license numbers, medical information, financial account numbers, payment card and CVV numbers, and more. Unknown
OT Group (Singapore) Databreaches[.]net reported that the ALTDOS threat actors have provided them with proof that they were responsible for a recently reported attack launched against the real estate firm. As part of its proof the group shared a video showing a directory of folders, some of which they accessed. One of the folders included individuals’ names, account numbers, bank name, and other information. 3,600
Rockwood School District (US) The Missouri school district discovered a ransomware attack against its system on June 17th, 2021. The systems were subjected to unauthorised access between April 20th and June 24th, 2021. The attack may have exposed names, addresses, Social Security numbers, dates of birth, financial account information, student records, and more. Unknown
Alibaba Cloud (China) The Zhejiang Communications Administration revealed that the company disclosed user registration information to a third-party partner without user consent. The statement was issued on July 5th 2021, as a result of a complaint from an unnamed party. The incident took place during the ‘Singles Day’ festival of November 11th, 2019. A telemarketing employee reportedly privately obtained client contact information and leaked it to a distributor’s staff member.  Unknown

Attack Type mentions in Government

Time Series

This chart shows the trending Attack Types related to Government within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Education  Researchers at ESET discovered a new undocumented modular backdoor, dubbed SideWalk, that is being used in a campaign that has been ongoing since mid-2020. The campaign has largely targeted entities in East and Southeast Asia, in particular in the education sector. Some other targets have included companies in the United States, Canada and Georgia. It is capable of dynamically loading additional modules sent from its C2 server, makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a C2 server. The malware shares many design structures and implementation details with CROSSWALK, including the way proxies are handled. The campaign has been attributed to SparklingGoblin, an advanced persistent threat actor believed to be connected to Winnti Group.
Healthcare Researchers at Cisco Talos identified an active campaign, operational since October 2020, that targets the hospitality and travel industry in Latin America. The threat actor is believed to be Brazilian and uses macro-enabled Microsoft Office documents distributed via email. The infections involve a modular chain of VB scripts and PowerShell which disable antivirus protections before njRAT and AsyncRAT are delivered.
Technology Researchers at Kaspersky discovered a modified version of WhatsApp called ‘FMWhatsapp’ that contains the Triada trojan. Once the app is launched, the malware collects unique device identifiers and the name of the app package and sends the information to a remote server. The trojan then downloads, decrypts, and launches different types of malware. The downloaded malware include ones capable of downloading and launching other malicious modules, including the xHelper trojan installer module. Other functions include displaying full-screen ads, running invisible ads in the background, and signing the user up for paid subscriptions.
Retail & Tourism Security researcher Daniel Gallagher discovered an email phishing campaign in which the threat actor delivers a payload via the legitimate UPS website. Victims receive a tracking number link that leads to the legitimate site that is abused to download a malicious Word document from the attacker’s Cloudflare project. The downloaded file, disguised as a fake invoice, prompts the user to ‘Enable Content’ to view the document. The enabled macros then attempt to download a PNG file from a URL.
Government The Belarusian Cyber Partisans released portions of the large collection of data allegedly stolen from Belarusian authorities. The group has stated that they are preparing to shut down government computers with malicious software named X-App. Unspecified attacks against government data were confirmed by KGB head Ivan Tertel on July 30th, 2021. A representative of the attackers claimed that the group includes around 15 individuals, mostly Belarusians working in information technology, including penetration testing. Former Belarusian police lieutenant Aliaksandr Azarau revealed that Cyber Partisans have been working with BYPOL, an organisation of ex-police officers who defected following the recent disputed presidential election.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal