06 January 2022

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
Name Heat 7
HOMEkit
Oracle MySQL
Qualcomm Snapdragon
Netgear Nighthawk
Atera
Deep & Dark Web
Name Heat 7
Windows 7
Fedora (Linux)
Linux Kernel
Joomla
RevSlider

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
Company Information Affected
D.W. Morgan (US) A misconfigured, publicly accessible Amazon Web Services S3 bucket was discovered, exposing over 100GB of sensitive data dating from 2013 to late 2021. The exposed datasets contained sensitive client data and employee personally identifiable information, including full names, phone numbers, email addresses, and digital signatures. Unknown
Broward Health (US) An unauthorised attacker gained access to their network through the office of a third-party medical provider on October 15th, 2021. Information exfiltrated by the attacker includes names, dates of birth, addresses, phone numbers, financial or bank account information, Social Security numbers, and more. Unknown
LastPass (US) On December 25th, 2021, a server exposing 6 million RedLine Stealer logs of collected stolen data from August and September 2021 was discovered. The logs contained stolen LastPass credentials and unique email addresses. 441,659
Saltzer Health (US) An unauthorised individual accessed an employee email account between May 25th, and June 1st, 2021. Potentially compromised information includes names, contact information, driver’s license or state identification numbers, Social Security numbers or financial accounts, and more. 15,650
UVA Health (US) On December 3rd, 2021, the company was informed by vendor Ciox Health that it had been impacted by a data breach. Ciox Health stated that an employee’s email account has been accessed by an unauthorised party. The attacker, who had access to UVA health between June 24th, and July 2nd, 2021, may have been able to view patient information. 429
PulseTV (US) Personal information and credit card data of customers may have been compromised after the company’s site was found to be a common point of purchase for a number of unauthorised card transactions for Mastercard. Potentially compromised information also included names, addresses, and email addresses. 200,000
SEGA Europe (UK) The company inadvertently left sensitive files on a publicly accessible Amazon Web Services S3 bucket. The bucket contained multiple sets of AWS keys, as well as MailChimp and Steam keys. The bucket could potentially grant access to user data, including information on hundreds of thousands of users of Football Manager forums.  Unknown
Shutterfly (US) The company were hit by a Conti ransomware attack in December 2021. Conti operators created a Shutterfly data leak website with screenshots of stolen data, including legal agreements, bank and merchant account information, login credentials for corporate services, spreadsheets, and possible customer information. Unknown
Impresa (Portugal) The media conglomerate’s IT server infrastructure was impacted during a cyberattack by the Lapsus$ ransomware gang over the New Year. The company owns the weekly newspaper Expresso, and the TV channel SIC, both of which were also affected. The Impresa and Expresso websites were both impacted, and all of the SIC TV channels are offline as of January 2nd, 2022.  Unknown
ONUS (Vietnam) The firm suffered a cyberattack on its payment system that was running a vulnerable version of Apache Log4j. Exfiltrated data includes names, email addresses, phone numbers, physical addresses, encrypted passwords, and more. On December 25th, 2021, the actors put the data of ONUS customers up for sale on a data breach marketplace after the company refused to pay the ransom.  2,000,000
Inetum SA (France) The company disclosed that it suffered a ransomware attack on December 19th, 2021, that impacted certain operations in France. According to LeMagIt, the incident involved BlackCat ransomware. Unknown
Spar (Netherlands) Vice Society threat actors have taken credit for the attack against James Hall & Co. on December 6th, 2021, that impacted over 600 Spar stores across the north of England. The group also claim to have targeted Heron and Brearley, who own 19 Spar stores on the Isle of Man. Vice Society have since dumped over 93,000 files stolen in the attacks. Unknown
McMenamins (US) The company confirmed that internal employee data dating back to January 1st, 1998, was compromised in the Conti ransomare attack on December 12th, 2021. Potentially exposed information includes names, addresses, telephone numbers, email addresses, dates of birth, Social Security numbers, and more. The attackers may have accessed files containing direct deposit bank account information. Unknown
UScellular (US) An attacker gained access to wireless customer accounts containing personal information. Potentially exposed information includes names, addresses, PIN codes, and cellular telephone numbers. 405
DatPiff (US) Have I Been Pwned warned that records for DatPiff members are being sold online, including users’ email addresses, cracked passwords, usernames, and security questions. Tourisme Montréal (Canada) 7,476,940
Texas ENT Specialists (US) The company was hit by a cyberattack on August 9th, 2021, that exposed medical data of patients. Potentially exposed information includes names, birth dates, medical record numbers, Social Security numbers, and billing codes. 535,489
Bernalillo County (US) A suspected ransomware attack occurred on January 5th, 2021. The county took the affected systems offline and closed several buildings. Unknown

Malware mentions in Critical Infrastructure

Time Series

This chart shows the trending Malware related to Critical Infrastructure within a curated list of cyber sources over the past week.

Weekly Industry View

Industry View
Industry Information
Technology Check Point researchers discovered a Zloader campaign that exploits Microsoft’s digital signature verification. The campaign was first observed in November 2021, with 2,170 victims identified so far in over 20 countries, with the majority of victims residing in the United States. Similarities with previous campaigns led the researchers to believe threat actors MalSmoke are behind this campaign. The legitimate remote monitoring software, Atera, is used to gain initial access. The attack chain contains a valid Microsoft file signature on a modified DLL file, that was achieved due to known flaws patched in 2013.
Retail & Hospitality Researchers at Palo Alto Networks Unit 42 discovered a supply chain attack leveraging a cloud video platform to distribute a skimmer across multiple real estate sites. The Record determined Sotheby’s to be the victim based on the targeted domains associated with the attack. The skimmer’s JavaScript codes were injected into the player of a cloud video platform, Brightcove. Whenever videos were imported into a website, the sites were infected with the skimmer. The skimmer checks for credit card numbers in input fields, captures the card details alongside other information such as names and email addresses.
Banking & Finance Cyble researchers discovered a malicious application used by threat actors to target the Brazilian bank, Itau Unibanco, and conduct fraudulent financial transactions without the victim’s knowledge. The malware, dubbed sincronizador, was hosted on a custom domain. Cyble researchers later discovered the malware was also hosted on a fake Google Play Store page, having been downloaded at least 1,895,897 times. The application attempts to perform the fraudulent financial transactions on the bank’s legitimate app by tampering with the user’s input fields. 
Critical Infrastructure Researchers at NTT Security have identified a new malware, tracked as Flagpro, which the BlackTech group have used since at least October 2020. The malware targets Japanese defence, media, and communication companies. The malware is delivered via spear phishing emails that are customised for the target organisation. The messages feature mentions of the target’s business partner and contain a password protected archive. The researchers warned that the group has also started additional new malware tracked as SelfMake Loader and Spider RAT.
Government Cluster25 researchers analysed an attack that began on December 20th, 2021, linked to the North Korean advanced persistent threat group Konni. The attack targeted the Russian diplomatic sector with spear phishing emails, using a New Year’s Eve-themed lure. The examined emails were sent to the Russian Embassy in Indonesia and were sent from an email address that imitated that legitimate address of the Russian Embassy in Serbia. The emails distributed the the Konni remote access trojan which appeared as a legitimate screensaver.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker Weekly Cyber Digest

Sign up for weekly news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal