Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – November 2nd

Nov 2, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Psychotherapy Center Vastaamo

Hackers are threatening to release therapy notes and other patient data from one of Finland’s largest psychiatric-services clinics, unless Vastaamo or individual patients pay a ransom. Wired:



An active botnet is exploiting dozens of vulnerabilities in CMS platforms such as WordPress, Joomla!, PrestaShop, Drupal and more. The Hacker News:


Healthcare cyberattacks

The FBI and other agencies warned “of an increased and imminent cybercrime threat to U.S. hospitals and health-care providers,” involving ransomware attacks, data theft and other service disruptions. Hospitals in California, Oregon and New York were hit during the week. Bloomberg:


Fragomen, Del Rey, Bernsen & Loewy

This boutique immigration law firm experienced a data breach that impacted several Google employees. TechCrunch: 


Trump campaign website

Hackers defaced President Trump’s campaign website on Tuesday in a cyberattack. The website has since been restored. CNN:



This Australian media-monitoring company suffered a cyberattack that affected its intelligence and insight services. IT News:


Nitro PDF

The Australian company behind Nitro PDF software suffered a data breach that may have impacted several other organizations. Tech Radar:



This Swedish security company experienced a data breach that leaked thousands of sensitive documents, including blueprints of bank vaults. PortSwigger:


Web browsers

A new attack is targeting Google Chrome and Internet Explorer as vectors to deploy malware. The Hacker News:



A cyberattack hit one of the U.S.’s largest office furniture manufacturers. The company says it is working to restore the impacted systems, and that no data was lost. Michigan Live:


Home Depot

Home Depot exposed hundreds of Canadian customers’ personal information after an email glitch sent 500 order confirmations to the wrong customers. ThreatPost:


CIUSSS du Centre-Oest-de-l’lle-de-Montreal

This Montreal healthcare system disconnected from the internet and stopped all remote access following a cyberattack. CBC:



This Singapore-based online-grocery platform suffered a data breach that impacted 1.1m customer accounts. ZDNet:



Polyverse technologies could have prevented many of the above attacks…

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.