Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – August 31tst

Aug 31, 2020By Shaina Raskin

Autodesk 3Ds Max malware

Security firm Bitdefender said it had discovered what appears to be a new hacker group that is targeting companies worldwide with malware hidden inside malicious plugins for Autodesk’s 3Ds Max computer-graphics app. ZDNet:


Dharma ransomware

A cybersecurity firm says it identified a group of low-skilled hackers operating out of Iran that is attacking companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. ZDNet:



A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades. Coindesk:


North Korea 

The U.S. government called out North Korea on Wednesday over a government-led hacking campaign focused on stealing cash from ATMs around the world. Cyberscoop:


Charming Kitten 

An Iranian hacker group known as Charming Kitten is impersonating journalists to approach targets and infect their devices with malware. The Hacker News:



A hacking group offered a Tesla employee $1m to help plan a cyberattack on Tesla. Instead, the employeeworked with the FBI to stop the attack. Clean Technica:


New Zealand stock exchange

A DDoS attack disrupted the New Zealand stock exchange for four days. The failure to stop the attack raised questions about the efficacy of the country’s security systems. The Guardian:



The U.S. government issued a warning to organizations doing business in China about a backdoor called GoldenSpy in tax software Chinese banks require foreign companies to install. Infosecurity Magazine:



A London-based reseller of internet-security products accidentally misconfigured an AWS S3 bucket that exposed the personal information of 350,000 users who purchased products on the company’s website. Teiss:


Top ransomware exploits

The top three most popular hacking methods for ransomware groups in 2020 are unsecured RDP endpoints, email phishing, and exploits in VPN appliances. ZDNet:



One of India’s most popular travel-booking sites accidentally left an Elasticsearch server publicly exposed, leading to the loss of 43GB of data. Safety Detectives:


Canadian Government

Hackers hit 11,000 online government-services accounts with a series of credential-stuffing cyberattacks. Welivesecurity:


Rialto Unified School District

Online learning for 25,000 students was shut down because of a cyberattack on this school district based in Rialto, California. NBC Los Angeles:

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.