Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – November 2nd

Nov 2, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Psychotherapy Center Vastaamo

Hackers are threatening to release therapy notes and other patient data from one of Finland’s largest psychiatric-services clinics, unless Vastaamo or individual patients pay a ransom. Wired: https://www.wired.com/story/hacker-threaten-release-therapy-notes-patients/

 

KashmirBlack 

An active botnet is exploiting dozens of vulnerabilities in CMS platforms such as WordPress, Joomla!, PrestaShop, Drupal and more. The Hacker News:https://thehackernews.com/2020/10/kashmirblack-botnet-hijacks-thousands.html

 

Healthcare cyberattacks

The FBI and other agencies warned “of an increased and imminent cybercrime threat to U.S. hospitals and health-care providers,” involving ransomware attacks, data theft and other service disruptions. Hospitals in California, Oregon and New York were hit during the week. Bloomberg: https://www.bloomberg.com/news/articles/2020-10-28/u-s-hospitals-hit-by-coordinated-ransomware-attack-firm-says

 

Fragomen, Del Rey, Bernsen & Loewy

This boutique immigration law firm experienced a data breach that impacted several Google employees. TechCrunch: https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/ 

 

Trump campaign website

Hackers defaced President Trump’s campaign website on Tuesday in a cyberattack. The website has since been restored. CNN: https://www.cnn.com/2020/10/27/politics/trump-campaign-website-cyber-attack/index.html

 

Isentia

This Australian media-monitoring company suffered a cyberattack that affected its intelligence and insight services. IT News: https://www.itnews.com.au/news/isentia-hit-by-cyber-attack-555191

 

Nitro PDF

The Australian company behind Nitro PDF software suffered a data breach that may have impacted several other organizations. Tech Radar: https://www.techradar.com/news/nitro-pdf-suffers-massive-data-breach-exposing-microsoft-google-amazon-documents

 

Gunnebo

This Swedish security company experienced a data breach that leaked thousands of sensitive documents, including blueprints of bank vaults. PortSwigger:https://portswigger.net/daily-swig/data-breach-at-swedish-security-company-leaks-38-000-sensitive-documents

 

Web browsers

A new attack is targeting Google Chrome and Internet Explorer as vectors to deploy malware. The Hacker News: https://thehackernews.com/2020/10/browser-exploit-backdoor.html

 

Steelcase

A cyberattack hit one of the U.S.’s largest office furniture manufacturers. The company says it is working to restore the impacted systems, and that no data was lost. Michigan Live: https://www.mlive.com/news/grand-rapids/2020/10/steelcase-hit-by-cyber-attack.html

 

Home Depot

Home Depot exposed hundreds of Canadian customers’ personal information after an email glitch sent 500 order confirmations to the wrong customers. ThreatPost:https://threatpost.com/home-depot-data-breach-order-confirmation/160728/

 

CIUSSS du Centre-Oest-de-l’lle-de-Montreal

This Montreal healthcare system disconnected from the internet and stopped all remote access following a cyberattack. CBC: https://www.cbc.ca/news/canada/montreal/cyber-security-west-island-health-agency-1.5781734

 

RedMart

This Singapore-based online-grocery platform suffered a data breach that impacted 1.1m customer accounts. ZDNet: https://www.zdnet.com/article/lazada-confirms-1-1m-accounts-compromised-in-redmart-security-breach/

 

 

Polyverse technologies could have prevented many of the above attacks…

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.