01 July 2021

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
Windows Print Spooler
Huawei Smartphone
Cisco ASA Adaptive Security Appliance
Western Digital My Cloud
Shopware
Deep & Dark Web
Name Heat 7
GoAhead
FFmpeg
Western Digital WD My Book Live
Dell SupportAssist
Windows Print Spooler

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
French Connection (UK) A gang believed to be linked to the REvil ransomware group is claiming to have targeted the fashion company and stolen internal company data. The group uploaded passport and identification card scans of employees as proof of their attack. French Connection confirmed that it had been targeted in a cyberattack. Unknown
Made in Oregon (US) The gift retailer disclosed a security breach involving Magecart deploying a skimmer on its website. The actor obtained all data customers entered on the order forms between September 2020 and March 2021, including names, email and physical addresses, and credit card information. Unknown
DreamHost (US) Website Planet researchers discovered a non-password protected database owned by the hosting provider for a WordPress blog platform called DreamPress. The database exposed 814,709,344 records dated between March 2018 and April 2021. They included DreamPress account admin information, such as names, email addresses, usernames, and more, internal and external user email addresses, and some network information. Unknown
Hollingsworth LLP (US) Data supposedly stolen from the law firm in a ransomware attack was posted on the dark web marketplace Marketo. In total, 58GB of data was uploaded, with 71 bids made by users of the marketplace. Unknown
Mercedes-Benz USA The personal information of some customers and interested buyers was left exposed on a cloud storage platform by one of its vendors. The data relates to information entered on dealer and Mercedes-Benz websites between January 1st, 2014, and June 19th, 2017. It consists of self-reported credit scores and a small number of driver license numbers, Social Security numbers, credit card information and dates of birth. An investigation into a data leak was first launched after reports of 1.6 million unique records being accessible. These included names, addresses, phone numbers, and purchased vehicle information. 1,000
Government of Argentina Data supposedly stolen from four Argentinian government websites was offered for sale on a dark web forum before being dumped on an open web forum. This includes the data of 12,544 users of the Municipality of San Pedro website, as well as the access keys to the municipality’s platform and fiscal data. The other impacted websites are those of the Judicial Power of the City of Mendoza, the Institute of Social Work of the Provincial Employee, and the Honorable Deliberative Council of the City of San Nicolás. Unknown
Insolvency and Bankruptcy Board of India The agency accidentally uploaded documents that revealed the Aadhaar and Permanent Account Numbers (PAN) of workers at companies undergoing insolvency proceedings to the public domain. The total number of affected individuals could not be confirmed. Unknown
Altus Group (Canada) The real estate software solutions company suffered a data breach on June 14th, 2021. The attack has been claimed by a new ransomware group, named Hive, on their dark web leak site HiveLeaks. The group leaked a sample of files allegedly stolen from Altus, including business data and documents, as well as Argus certificates and development files. Unknown
Hoya Optical Labs of America (US) The company was targeted in a ransomware attack discovered on April 5th, 2021. The attackers published information allegedly stolen from the company. This includes names, addresses, Social Security numbers and financial information for patients. 3,259
Beacon Health Solutions (US) The company discovered a data breach which prevented users from accessing systems and data on October 5th, 2020. Unauthorised actors stole personal information from the company’s servers, including names, addresses, Social Security numbers, driver’s licenses, and medical and health insurance information. Customers of the Becon client Care N’ Care Insurance Company of North Carolina were also implicated in the incident. Unknown
Elekta (US) On April 6th 2021, the precision radiation medicine provider suffered a data security incident, exposing the patient data of its business associates. Patients of Renown Health in Nevada, as well as Cancer Centers of Southwest Oklahoma, had their names, Social Security numbers, addresses, dates of birth, and medical information exposed. Over 40 other healthcare organisations may have been compromised in the breach.  Unknown
AcadeME (Israel) DragonForce Malaysia claimed to have hacked the student employment assitance company. On June 28th, 2021, the AcadeME website was offline, with a statement saying it ‘should be back soon.’ DragonForce also leaked data supposedly taken from the company, including emails, passwords, first and last names, addresses, and phone numbers of students. The data reportedly dates back to 2014. On the same day, the group also claimed to have leaked a ‘massive’ number of Israeli passports. 280,000
LinkedIn (US) Restore Privacy researchers discovered a forum ad offering the data of LinkedIn users for sale dated June 22nd, 2021. The post offered a data sample of 1 million users which included names, email and physical addresses, phone numbers, geolocation records, and more. The researchers analysed the sample and believe it to be authentic and up to date.  700,000,000
Washington County Healthcare Organisations (US) Several of Maine’s Washington County healthcare organisations were affected by the February 2021 CaptureRx data breach. The compromised organisations include the Calais Regional Hospital, Eastport Health Care Inc, Regional Medical Center at Lubec, St. Croix Regional Family Health Center and East Grand Health Center. 5,000
WSSC Water (US) The Maryland water company was hit by a ransomware attack on May 24th, 2021. The attacker accessed internal files. It is unclear if personal information was exposed. Unknown
NewsBlur (US) The personal RSS news reader was targeted in a cyberattack while its MongoDB database was open to the public during a transition to a new Docker server. The attacker copied the database and deleted the original. Unknown
UofL Health (US) The Kentucky healthcare system is notifying patients of a data exposure which occurred when the data was erroneously sent to an email address outside of the system’s network. 42,465
Frederick Public Schools (US) The school was targeted by a ransomware attack a few months ago. DataBreaches[.]net discovered files belonging to the school district that had been dumped on a data leak site, including personnel payroll-related information dating between 2018 and 2020, and vendor payment information. At least one file had Social Security numbers and some of the files also contained student names and information. Unknown
University Medical Center of Southern Nevada (US) The operators of REvil ransomware added the university to its data leak site. The listing does not specify when the attack occurred, nor how much data they stole. A small number of images of driver’s licenses, passports and Social Security cards were dumped as proof of access. The organisation confirmed the incident. Unknown
Salesken (India) An exposed server belonging to the Indian startup compromised the data of its customer Byju’s. The exposed data relates mostly to the online coding school WhiteHat Jr, and includes student names, email address, phone numbers of parents and teachers, parents and staff chat logs, and more. Unknown
Physicians Dialysis (US) The Florida healthcare provider discovered unauthorised access to its database on March 21st, 2021. The affected database contained protected health information belonging to some current and former patients, including names, addresses, dates of birth, Social Security numbers, medical information, and health insurance details. Unknown
The Salvation Army (UK) The Register reported that unnamed ransomware attackers have targeted the Salvation Army. The incident reportedly impacted a London data centre, and the organisation became aware of the attack around a month ago. The Salvation Army did not reveal the volume or type of data accessed by the attackers.  Unknown
Peoples Community Health Clinic (US) The clinic revealed that an unauthorised party had access to their employee’s email account between March 18th and March 22nd, 2021. Potentially compromised information includes names, addresses, Social Security numbers, dates of birth, driver’s license numbers, payment card information, medical information, and more. Unknown
  Penn Foundation (US) On June 29th, 2021, the behavioural-health and substance abuse non-profit informed an unspecified number of clients about a possible data theft incident linked to a ransomware attack. Unknown

Attack Type mentions in Banking & Finance

Time Series

This chart shows the trending Attack Types related to Banking within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Banking & Finance The United States Financial Industry Regulatory Authority (FINRA) warned users of a phishing campaign impersonating the organisation. The emails purportedly come from FINRA Support, and instruct users to view an attached report. The sender’s address uses the domain name Westour, which is not connected to FINRA.
Retail & Tourism Malwarebytes researchers analysed Lil’ Skim, a web skimmer first reported on by security researchers Eric Brandel and Jordan Herman in early June 2021. The earliest instance of the skimmer appears to date back to March 2020. The skimmer not only names its domains after Google, a common practice by Magecart threat actors, but also names them after the websites that it compromises, frequently seen with phishing sites. The top level domains are exchanged with .site, .website, or .pw and the created hosts load the skimmer code and receive the stolen credit card data.
Education  In a Telegram message, the pro-Palestinian hacker group DragonForce Malaysia claimed to have hacked Israel’s AcadeME, a company that aids students in finding employment. On June 28th, 2021, the AcadeME website was offline, with a statement saying it ‘should be back soon.’ DragonForce also leaked data supposedly taken from the company, including emails, passwords, first and last names, addresses, and phone numbers of about 280,000 students. The data reportedly dates back to 2014.
Critical Infrastructure Fortinet researchers discovered a highly targeted spear phishing campaign aimed against aviation companies that delivers AsyncRAT, a remote access trojan (RAT) that uses keylogging to capture credentials. The campaign involves emails impersonating the General Civil Aviation Authority using a spoofed sender and containing malicious links disguised as PDF attachments. The IP address delivering the phishing emails is associated with Snip3 Crypter, which was used in an aviation-themed campaign in April and May of 2021. However, the RAT loader contains a PDB string different to the previous Snip3 campaign, and therefore has likely come from a different author.
Technology Confiant researchers discovered an ongoing malvertising campaign, where seemingly benign Google Chrome browser extensions are used to redirect a user to an intermediate domain before displaying Yahoo search results. The extensions’ authors were found to be affiliates of Yahoo, which means they receive a commission for each sponsored search click. The malicious extensions typically remain available on the Chrome Web Store for several days to a week. One extension was seen having a growth rate of 1,000 users per day. The researchers warned that, even after the extension is removed from the Chrome Web Store, it will continue to persist locally. 

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal