Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – August 24th

Aug 24, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



This popular open-source automation software notified users of a critical vulnerability in the Eclipse Jetty web server that could result in memory corruption and enable the disclosure of confidential information. The Hacker News: 


Operation Chimera

Researchers described a set of attacks at BlackHat conducted by a Chinese APT group attempting to steal semiconductor designs, source code, SDKs, and other proprietary information from semiconductor companies. ZDNet:



A P2P botnet newly discovered by researchers has struck at least 500 government and enterprise SSH servers during 2020. ZDNet:


Nucleus Careers Aura

Researchers discovered two security vulnerabilities in this COVID contact-tracing app used by a Michigan college as soon as the school started using it. Tech Crunch: 



Researchers disclosed details of a memory vulnerability in IBM’s Db2 data management products that enable an attacker to access sensitive data and execute DoS and other attacks. The Hacker News: 



Google patched a security issue impacting Gmail and G Suite email servers. The bug enabled a hacker to send spoofed emails mimicking any Gmail user. ZDNet:


Experian South Africa

The South African division of consumer-credit-reporting agency Experian disclosed a data breach on Wednesday, impacting 24m people. ZDNet:



Authorities charged Uber’s former chief security officer with trying to conceal from federal investigators a 2016 data breach  that exposed 57 million users’ personal information. CNN:



After scraping the web, a security researcher discovered a database without any password protection containing scraped data of nearly 235m social media users from Instagram, TikTok and YouTube. TheNextWeb:



British-American cruise operator Carnival announced that it had experienced a companywide ransomware attack that encrypted part of its IT systems. ShipInsight:


Ritz London

Scammers targeted customers of top London hotels by attempting to steal credit-card data after the hotel’s restaurant experienced a breach of its food and beverage reservation system. Security Boulevard:


GitHub repositories

Researchers found nine GitHub repositories exposing data on more than 150,000 patients online. Health IT Security:


Utah Gun Exchange

Researchers discovered datasets containing more than 240,000 personal records from Utah Gun Exchange’s website on a hacking forum. Security Boulevard:



A data breach at this web-site company affected the personal information of South Dakota residents who tested positive for COVID-19. Journal-News:



A website that provides access to free photos and graphics disclosed a data breach that impacted 8.3m users of its site. ZDNet:

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.