Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report – Mar. 16th 2020

Mar 16, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


AMD processors produced from 2011 to 2019 are vulnerable to two side-channel attacks. These could exploit a cache-related vulnerability to leak sensitive data. To read more:


Hacking tools

Attackers are injecting existing hacking tools with a remote-access trojan and then baiting other hackers with the altered tools. The modified tools open backdoors in the victim-hackers’ systems as well as any systems that these hackers have already breached. To read more:



Microsoft issued a warning about an unpatched, wormable vulnerability affecting Server Message Block (SMB) version 3.0. An attacker can exploit the vulnerability to execute arbitrary code on the target SMB server or client. To read more:



To mitigate a vulnerability in dynamic random access memory (DRAM) chips, manufacturers added so-called target row refresh defenses on DDR4 DRAMs. These defenses may prove insufficient, however, as they ultimately fail to prevent bad actors from executing bit-flip attacks. To read more:


Coronavirus outbreak maps

Hackers are spreading malware using illegally copied maps and dashboards of the novel coronavirus outbreak. The maps can trick users into downloading and running malicious applications. To read more:


Android cookie malware

A new strain of malware steals users’ authentication cookies from web browsers and other apps installed on their devices. To read more:


Manheim Auctions

A car-auction company from Australia was hit by a malware attack that demanded AU$30m in ransom. The attack locked staff out of IT systems for several weeks. To read more:–30m-cyber-ransom.html


Melbourne Polytechnic

Australia’s Melbourne Polytechnic issued a security alert after a hacker logged in to its systems and accessed 55,000 files, potentially compromising personal data. To read more:


Czech hospital

A Czech hospital was hit by a cyberattack in the middle of the COVID-19 outbreak. The attack postponed surgical appointments and forced patients to be routed to other hospitals. To read more:


Princess Cruises

Princess Cruises suspended operations due to COVID-19 and has now reported that a data breach may have compromised passenger data. To read more:


Open Exchange Rates

Open Exchange Rates announced a data breach that exposed customers’ personal information as well as salted and hashed passwords.To read more:

Entercom, a US radio company, announced a data breach related to its domain. A hacker accessed the backup cloud database, which contained user data. To read more:


University of Kentucky and its UK HealthCare

The University of Kentucky finally rebooted its computer systems after a month-long cyberattack. To read more:



A browser vendor leaked user data through an exposed Elasticsearch server. The browser belongs to an Estonian company and is tailored for web and app development. To read more:



Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.