Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report – Jan. 6th

Jan 6, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


This IoT device company confirmed that an exposed database shared the details of 2.4m customers. The Elasticsearch database was not a production system; however, the server was storing valid user data. To read more:


Moss Adams

One of the largest US-based accounting firms announced that a data breach potentially exposed user data. The hacker had access to an employee email account from October 2019. To read more:



An Alaskan air carrier experienced a cyberattack that disrupted flights. Complete system restoration will take up to a month. To read more:


Sinai Health System

Sinai Health System notified the federal government of a data breach that exposed the personal data of 12,578 people. The breach happened in October after hackers gained access to employee email accounts. To read more:



A vulnerability in the Citrix Application Delivery Controller could potentially expose the networks of more than 80,000 firms. To read more:


DNA Kits

The pentagon is advising members of the military not to use consumer DNA kits from companies such as 23andMe because they pose a security risk. To read more:



Discord is a black-market platform selling credit PayPal and credit card information. To read more:


The Heritage Company

The Arkansas-based company suspended all services because of a cyberattack. Hackers hit Heritage servers with ransomware, forcing the CEO to fire 300 employees days before Christmas because the company could not recover. To read more:


US Coast Guard

The US Coast Guard announced that Ryuk ransomware took down a port authority for more than 30 hours. The agency did not release the name or location of the facility. To read more:


Special Olympics NY

Attackers compromised an email server owned by Special Olympics NY to send phishing emails. To read more:

Shitcoin Wallet

Researchers caught a Google Chrome extension injecting JavaScript code on web pages to steal passwords and private keys from crypto-wallets. The extension lets users manage Ether coins and Ethereum ERC20-based tokens. To read more:


UK New Year Honors list 

The UK government accidentally exposed the addresses of 1,000 people who received honors. The list included politicians, senior police chiefs, security operatives, politicians and Ministry of Defence staff. To read more:


North Korean hackers

Microsoft announced that it successfully took down 50 web domains previously used by a North Korean-backed hacking group. To read more:



Travelex, an international foreign-currency exchange, suspended some services after being hit by malware. The London-based company operates 1,500 stores globally and took systems offline as a precaution to protect data and stop the malware. To read more:


Poloniex cryptocurrency exchange

This exchange was forced to reset account-holder passwords following a phishing data breach. To read more:


Xiaomi Mijia camera

A Xiaomi camera linked to a Google account is receiving random images from other people’s homes when trying to stream content from the camera to a Google Nest Hub. The images include people sleeping and a baby in a cradle. To read more:


Roosevelt General Hospital

A New Mexico-based hospital found malware on the digital imaging server of its radiology department. To read more:


Michigan schools

A Michigan school district’s servers were attacked by ransomware during the holiday break, and three schools were closed for a week to solve the problem. To read more:



A US restaurant chain that operates brands such as Bubba Gump Shrimp Co and Rainforest Cafe disclosed a malware breach that enabled attackers to steal customer’s credit-card information. To read more:



Last December, hackers used Maze ransomware to attack the city of Pensacola. The city did not pay the ransom, so the group behind the threat posted a 2GB archive of the exfiltrated data. To read more:


BusKill cable

An engineer designed a USB “kill cable” that shuts down and wipes a Linux laptop if the device gets stolen in a public place. If someone yanked the computer and the USB cable disconnects, it triggers a udev script. To read more:


Air China

An Air China employee published the personal details of 20 celebrities who flew on a flight with him. The employee posted the information on Weibo, China’s Twitter-like platform. To read more:




Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.