Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report – Feb. 10th 2020

Feb 10, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Hackers abused a function on Twitter’s platform to find the phone numbers associated with millions of user accounts. To read more:



Toll, an Australian logistics company, announced that it suffered a cybersecurity incident that forced the company to shut down customer-facing systems. To read more:



A researcher found a vulnerability in Sudo, a program for Unix-like operating systems, that could enable low-privileged users to execute arbitrary commands with root privileges on Linux and Mac operating systems. To read more:



The City of Woodstock, Ontario, is still feeling the effects of a cyberattack months after criminals took down its computer systems. The three-week-long attack will ultimately cost the city more than C$1m. To read more:


Wawa breach

Millions of customers who shopped at Wawa stores were told that a data breach had exposed some of their personal information. Hackers recently put up payment-card details of more than 30m victims on Joker’s Stash, a dark-web marketplace. To read more:


Philips smart bulbs

Researchers revealed a vulnerability in Philips Hue Smart Light Bulbs. The bulbs can be exploited wirelessly from more than 100 meters away, allowing hackers to infiltrate targeted computer networks. To read more:


Google Takeout

Google accidentally shared private videos of some Takeout account holders with others who also use the service. The problem occurred over a five-day period in November 2019. To read more:


Hanna Andersson has been implicated in a class action against clothing retailer Hanna Andersson, which was filed after a data breach impacted the chain’s customers. The lawsuit argues that an e-commerce platform run on Salesforce failed to detect the breach for three months. To read more:


Linear eMerge E3

Hackers are now hijacking smart doors and building-access systems to launch DDoS attacks. The attacks target Linear eMerge E3 access controls, which are made by Nortek Security & Control. To read more:



A 21-year-old man pleaded guilty to hacking Nintendo’s servers numerous times using phishing techniques. He downloaded thousands of files, including developer tools and nonpublic information about upcoming products. To read more:



Researchers discovered five new security vulnerabilities in Cisco networking equipment that enable hackers to take complete control of systems. The bugs are remote code-execution issues that impact routers, switches and IP cameras. To read more:


Web shells

Microsoft says that it detects a daily average of  77,000 active web shells across 46,000 infected servers. These malicious programs enable attackers to interact with the hacked systems. To read more:



This app, made by Shadow, a political-technology company, was used to count and report votes from the Iowa caucuses. Unfortunately it also came with a range of software bugs that could have been exploited by hackers to change vote totals, passwords and other sensitive information. To read more:


Charming Kitten

An Iran-based hacking group known as Charming Kitten is using fake interviews to target public figures with phishing campaigns. The group targets political and human-rights activists to steal email credentials and scan their networks. To read more:


Bitbucket repositories

A new malware campaign used Bitbucket repositories from Atlassian to launch cyberattacks. To read more:


Homeland Security

Various government agencies, including the Department of Homeland Security, bought access to a commercial database that gives users the ability to access location data on millions of people. To read more:


Idea Buyer

An Ohio product-launch company shut down in December after a cyberattack wiped out completed and in-progress work. Ohio’s Attorney General is now suing the company for failing to deliver services. To read more:


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.