Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report – Feb. 3rd 2020

Feb 3, 2020By Shaina Raskin

Breach Report

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Avast Jumpshot

Leaked documents from Jumpshot, a marketing-analytics subsidiary of the antivirus-company Avast, illuminate how people’s internet-browsing histories can be collected and sold, a process that is generally secret. Jumpshot sells information to various companies after repackaging end-user data that was collected by Avast’s antivirus program. Avast says it is now closing down Jumpshot. To read more:



Cisco has informed users that they must update Firepower Management Center software due to a critical vulnerability. The bug has a severity rating of 9.8 out of 10. To read more:



Online gambling company SuperCasino announced that hackers stole sensitive user data. The company claims that no financial details were compromised. To read more:


Maastricht University

Maastricht University in the Netherlands appears to have paid between €200,000 and €300,000 in ransom to hackers. To read more:



Researchers uncovered a data leak from Peruvian theater chain Cineplanet. The company’s database was hosted on Microsoft Azure and contained 14m login records and 205m logs of data. To read more:


NFL social media accounts

Hackers defaced social-media accounts belonging to the National Football League and 15 different teams. To read more:



Zoom has added security features to its web-conferencing app in order to address a vulnerability that enabled hackers to join active meetings. To read more:


Bird Construction

Toronto-based Bird Construction, which has won millions of dollars worth of military and government contracts, suffered a ransomware attack. Hackers stole 60GB of data, and the company has not said whether it paid to get the information back. To read more:


CacheOut attack

Computers running Intel CPUs made before October 2018 are vulnerable to CacheOut, an attack that exploits a hardware issue that enables hackers to leak sensitive data from the OS kernel and secured SGX enclave. To read more:



Microsoft recently patched two dangerous vulnerabilities in Azure that could have enabled hackers to target businesses running web and mobile apps in the cloud. To read more:



Researchers found a vulnerability in the OpenSMTPD email server that enables attackers to take control of BSD and Linux servers. To read more:



The average cost to recover from ransomware doubled during the past year, and now stands at $84,116. Included in this total is lost revenue, damage to brand, and hardware replacement and repair. To read more:



A security flaw in LabCorp’s website exposed thousands of medical documents. This is the second data breach in the past year at the company. To read more:


Greenville Water

A South Carolina water company is recovering from a cyberattack that took down its phone and online payment systems. To read more:


Emergency Alert Systems

A security vulnerability that was discovered in Emergency Alert Systems seven years ago still has not been patched. To read more:


Cornerstone Payment Systems

Cornerstone Payment Systems left a database open on the internet containing 6.7m records of payment transactions. The company handles payment processing for ministries and other religious entities. To read more:


United Nations offices

The United Nations was hacked via a Microsoft Sharepoint vulnerability. Malware was found on 40 servers. To read more:



A breach at SpiceJet, one of India’s largest privately owned airlines, exposed data on more than 1.2m passengers. To read more:


Social Captain

This startup exposed thousands of Instagram account passwords. The company, which provides a service to help users grow their Instagram follower counts, was storing passwords in unencrypted plaintext. To read more:


Access Health

The health-insurance marketplace Access Health Connecticut reported that 1,100 consumers’ personal information was compromised in a data breach. To read more:


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.