Weekly Breach Report – August 24th

Aug 24, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



This popular open-source automation software notified users of a critical vulnerability in the Eclipse Jetty web server that could result in memory corruption and enable the disclosure of confidential information. The Hacker News: https://thehackernews.com/2020/08/jenkins-server-vulnerability.html 


Operation Chimera

Researchers described a set of attacks at BlackHat conducted by a Chinese APT group attempting to steal semiconductor designs, source code, SDKs, and other proprietary information from semiconductor companies. ZDNet:https://www.zdnet.com/article/black-hat-hackers-are-now-using-cobalt-strike-and-skeleton-keys-to-target-semiconductor-firms/



A P2P botnet newly discovered by researchers has struck at least 500 government and enterprise SSH servers during 2020. ZDNet: 



Nucleus Careers Aura

Researchers discovered two security vulnerabilities in this COVID contact-tracing app used by a Michigan college as soon as the school started using it. Tech Crunch: https://techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/ 



Researchers disclosed details of a memory vulnerability in IBM’s Db2 data management products that enable an attacker to access sensitive data and execute DoS and other attacks. The Hacker News: https://thehackernews.com/2020/08/ibm-data-management.html 



Google patched a security issue impacting Gmail and G Suite email servers. The bug enabled a hacker to send spoofed emails mimicking any Gmail user. ZDNet:https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/


Experian South Africa

The South African division of consumer-credit-reporting agency Experian disclosed a data breach on Wednesday, impacting 24m people. ZDNet:




Authorities charged Uber’s former chief security officer with trying to conceal from federal investigators a 2016 data breach  that exposed 57 million users’ personal information. CNN:




After scraping the web, a security researcher discovered a database without any password protection containing scraped data of nearly 235m social media users from Instagram, TikTok and YouTube. TheNextWeb:




British-American cruise operator Carnival announced that it had experienced a companywide ransomware attack that encrypted part of its IT systems. ShipInsight:https://shipinsight.com/articles/carnival-corporation-hit-by-cyber-attack


Ritz London

Scammers targeted customers of top London hotels by attempting to steal credit-card data after the hotel’s restaurant experienced a breach of its food and beverage reservation system. Security Boulevard: https://securityboulevard.com/2020/08/puttin-on-the-ritz-fine-dining-customers-targeted-with-phone-scams-after-ritz-london-data-breach/


GitHub repositories

Researchers found nine GitHub repositories exposing data on more than 150,000 patients online. Health IT Security: https://healthitsecurity.com/news/9-github-repositories-found-leaking-health-data-from-over-150k-patients


Utah Gun Exchange

Researchers discovered datasets containing more than 240,000 personal records from Utah Gun Exchange’s website on a hacking forum. Security Boulevard:https://securityboulevard.com/2020/08/utah-gun-exchange-confirms-data-breach-after-bad-actors-publishes-stolen-customer-records-online/



A data breach at this web-site company affected the personal information of South Dakota residents who tested positive for COVID-19. Journal-News: https://www.journal-news.com/news/nation-world/fbi-investigating-covid-19-data-breach-in-south-dakota/TXZWRYT2HZEI5KDVAB367RSROI/



A website that provides access to free photos and graphics disclosed a data breach that impacted 8.3m users of its site. ZDNet: https://www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.