Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – October 12th

Oct 12, 2020By Shaina Raskin


Most dangerous celebrity

A report named NBA star Stephen Curry as New Zealand’s most dangerous celebrity to search for on the internet, because many such searches lead to malicious websites. 1 News:


Apple’s T2 chip

Apple macOS devices with Intel processors and T2 chips are vulnerable to an unfixable exploit. Any attacker would need to plug a USB-C cable into the targeted device, however. AppleInsider:



A team of security researchers discovered 55 vulnerabilities in Apple’s online services. Eleven of the vulnerabilities are believed to be of critical severity. The Hacker News:


UEFI bootkit

Researchers found malware in the UEFI or Unified Extensible Firmware Interface required to boot up almost every modern computer. Arstechnica:


Microsoft Azure

Researchers discovered two security flaws in Azure App Services that could enable server-side request forgery attacks or execution of arbitrary code to take over an administration server. The Hacker News:



An Asian food-delivery service announced that a data breach had exposed hundreds of thousands of customer records. SiliconAngle:


Microsoft Windows

Hackers are using a new fileless attack that, to remain undetected, buries itself in executables embedded in Windows Error Reporting. ZDNet:



A massive data breach at an Indian e-learning platform impacted almost 2m users. Mashable India:


Software AG

Germany’s second-largest software company suffered a ransomware attack that breached its internal network and encrypted files. ZDNet:


WP Bakery

Researchers discovered a cross-site scripting vulnerability in the WP Bakery page-builder that enables an attacker to inject malicious JavaScript into WordPress pages. Search Engine Journal:


Crown Prosecution Service

The CPS, which conducts most criminal prosecutions in England and Wales, recorded more than 1,600 data breaches this year, up 18% from last year. Infosecurity Magazine:


Georgia DHS

A security breach at Georgia DHS exposed the personal and health information of children and adults involved in Child Protective Services cases. ZDNet:



Verimatrix confirmed a data breach but, after an investigation, said it could not identify any impact on customer-facing products or services. Benzinga:



Electronic document-signing company Docsketch notified customers of a security breach in which hackers gained access to a copy of its database. ZDNet:

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.