02 – 08 October 2020

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Trending Vulnerable Products

Open Source
NameHeat 7
Grindr
Samsung Mobile Devices N
Tenda
Mozilla Thunderbird
IBM Security Guardium
Deep & Dark Web
NameHeat 7
Tenda
Burp Suite
Grafana
Netsparker
Microsoft ASP NET

The tables show the products which have been mentioned more than usual during the last week in connection with vulnerabilities.

Data Leaks & Breaches

Leaks & Breaches
CompanyInformationAffected
K-Electric (Pakistan) Netwalker ransomware operators published an 8.5GB archive of files allegedly stolen from K-Electric. The company was hit by a ransomware attack on September 7th, 2020. Security researchers at Rewterz told BleepingComputer that the archive contains financial data, engineering reports, maintenance logs, and customer information. Unknown
Magnolia Pediatrics (US) Magnolia Pediatrics is notifying its patients of a data breach resulting from a security incident against its IT vendor LaCompuTech, first discovered on March 26th, 2020. Patient data stored on the server included patient names, dates of birth, Social Security numbers, and more. The clinic notes that no data was encrypted and no evidence was found of any data being transmitted. 12,000
VOXX International Corporation (US) The company disclosed a ransomware attack that was first identified on July 7th, 2020. Further investigation revealed that the attackers had access to files saved to its servers between June 4th and July 7th, 2020. The servers contained data about current and former employees, contractors, as well as dependents and beneficiaries from 2000 through 2020. This included names, addresses, email addresses, dates of birth, Social Security numbers, financial account numbers and health insurance information. Unknown
Recover Our Youth (US) The organisation informed its clients and guardians of a security incident after discovering its information systems had been compromised by an unauthorised party on July 30th, 2020. Files containing personal information may have been copied by the attacker, which may have included names, addresses, Social Security numbers, and more. Unknown
Unknown (Taiwan) Taiwanese national security officials discovered a Taiwanese job bank database being sold on the dark web by a Chinese-speaking account holder. The database contains the information of applicants born between 1962 and 2000, and includes names, email and home addresses, dates of birth, phone numbers, national identification card numbers and other data. 5,920,000
0x00sec On September 7th, 2020, 0x00sec was informed by security researcher Thug Crowd that their S3 bucket was publicly available, which the company said was due to a bug that was introduced during a routine update of Discourse. The bucket was accessible from July 6th to September 7th, 2020 and contained usernames, email addresses, direct messages and salted PBKDF2 password hashes. All user passwords have been reset. Unknown
Street Fisheries Inc Cyble Inc researchers discovered a data leak attributed to Street Fisheries Inc posted on a dark web blog on October 1st, 2020. The post contains two ZIP archives of 2.9GB and 3.3GB. The leak, alleged to be the first part of several, features financial information dating between May 2005 and August 2020, and includes files referring to payroll, sales analysis, financial statements and more. Unknown
City of Odessa (US) The city disclosed a data breach related to its online payment system that lasted from mid-April to late-June 2020. The breach impacts users of the online Click2Gov system who made one-time payments. Unknown
Gulf Coast State College (US) On September 28th, 2020, some students and employees received letters informing them of a breach which occurred after a hacker accessed employee email accounts. The breach occurred between March 31st and June 3rd, 2020, and could have led to the exposure of Social Security numbers. Unknown
Greater Manchester Police (UK) Assistant Chief Constable Chris Sykes stated that they were aware that a ‘limited dataset of personal information’ that had been provided for testing purpose to a supplier may have been breached. Unknown
Snewpit (Australia) CyberNews researchers discovered a publicly accessible AWS server belonging to the news sharing platform. The server was secured by the company on September 24th, 2020. Exposed data included 256 video files, 23,586 image files, as well as four CSV files containing 79,725 user records. The user records included full names, email addresses, usernames, user descriptions, and more. Thousands of user profile pictures were also exposed. Unknown
Boom! Mobile (US) Researchers at Malwarebytes reported that the mobile network operator’s website was injected a credit card skimmer. The domain and code used in the incident have been linked to previous attacks conducted by the Fullz House group. The researchers speculated that the group may have compromised the company’s website via an unsupported PHP version or through other vulnerable plugins. Unknown
Chowbus (US) Users of the food delivery service reported receiving an email which contained two links to download Chowbus data. The links led to two CSV files, one with data of 4,300 restaurants that work with Chowbus, and one with Chowbus user data. The exposed restaurant data includes phone numbers, names, addresses, and commission rates. The leaked user information encompasses email addresses, names, phone numbers, and home addresses. 803,350
University Hospital Limerick (Ireland) The hospital suffered a data breach affecting patients who attended its Emergency Department between April 18th and April 22nd, 2020. Patient data, including names, dates of birth and dispensed medicines, was reportedly extracted by an employee of the company behind their automated system used to dispense medication and consequently published via a link on Twitter. 630
AAA Ambulance Service (US) The Mississippi-based ambulance service was targeted in a ransomware attack identified on July 1st, 2020. The company disclosed that an investigation revealed that personal data had been accessed or exfiltrated in the attack. The exposed information includes names, Social Security numbers, financial account numbers, medical information, and more. Unknown
Daniel B. Hastings (US) Conti ransomware operators uploaded documents attributed to the Texas freight company. The purportedly stolen files include completed US Customs and Border Protection documents. Unknown

Attack Types Mentions in Healthcare

Industry View

This chart shows the trending Attack Types related to Healthcare over the last week.

Weekly Industry View

Industry View
IndustryInformation
Banking & FinanceThe Financial Industry Regulatory Authority (FINRA) warned of an ongoing widespread phishing campaign targeting FINRA members. The emails, which come from a spoofed domain, ask that members complete a survey. FINRA warned recipients against clicking on any links or images included in the email.
Critical InfrastructureTransport Malta was targeted in a cyberattack between September 25th and 26th, 2020, resulting in a shutdown of its online systems on October 4th, 2020. Motorists have been unable to renew road licences since the shutdown, and there has not been a clear indication on when the services might be restored. The company did not disclose whether any personal data was exposed during the incident.
GovernmentKnowBe4 researchers analysed a recent phishing email that impersonates the US Election Assistance Commission, asking the user to confirm some details previously provided on their registration application. An embedded link in the email redirects to a fake version of the ServiceArizona website that asks for name, date of birth, mailing address, email address, Social Security number and driver’s license information. The site has since been taken down. The researchers believe the attackers behind the campaign would likely use the provided data for identity theft of other types of fraud, yet note that the exact intent remains unknown. They added that it may be an attempt to intervene in the election by seeding confusion or by engaging in election fraud.
EducationDirector General of the Rectors Group of Switzerland’s public universities Martina Weiss stated that a number of universities have had salary payments stolen by hackers. The attackers targeted at least three universities, using information obtained via phishing attacks to access the universities’ payment systems. They then changed the instruction on salary transfers, stealing a six-figure sum.
HealthcareeResearchTechnology (ERT) was targeted in a ransomware attack on September 20th, 2020, impacting ongoing clinical trials. ERT noted that patients were not at risk and that it began bringing its systems back online on October 2nd, 2020. Organisations impacted by the incident include IQVIA, which is currently helping manage AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, which leads a consortium of companies developing a quick test for the virus. Both companies stated that the impact was limited, whilst other ERT clients had to use pen and paper for their trials. It remains unclear who was behind the attack.

News and information concerning each mentioned industry over the last week.

Silobreaker’s Weekly Cyber Digest is a quantitative summary of our threat reports, published every Thursday. The reports are created using our award-winning intelligence product Silobreaker Online.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal