Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report

Feb 5, 2018By Shaina Raskin

A snapshot look at the breaches and reported vulnerabilities of last week


The semiconductor company warned Chinese firms about Meltdown and Spectre vulnerabilities before informing the US government. To read more:


Car-sharing service GoGet issued a statement alerting customers to unauthorized activity on its system. A hacker used the information gathered to access vehicles without consent. The information compromised included personal information. To read more:


Trend Micro spotted YouTube ads running JavaScript that mine Monero digital coins. To read more:


Security researchers have found flaws in Bluetooth based panic buttons. The vulnerabilities render the products essentially useless. To read more:


This fitness app accidentally mapped out US military bases and secret facilities based on data it collected from wearables using the software. To read more:

Spectre and Meltdown

An antivirus-testing firm has identified 139 samples of malware attempting to exploit Spectre and Meltdown. To read more:


North Korean hackers exploited a critical flaw in Adobe Flash against South Korea. The bug is a use-after-free vulnerability that allows remote code execution. Adobe says the flaw will be patched the week of February 5th. To read more:—threats/adobe-to-patch-flash-zero-day-discovered-in-south-korean-attacks/d/d-id/1330962


Cisco is being criticized for releasing software that fixed a bug with the highest severity rating 80 days before telling customers how dangerous the flaw was. To read more:

Reported Vulnerabilities


A bug in Oracle’s Micros point-of-sale systems could be leveraged to compromise and download a company’s business data. An attacker can gain unauthenticated read/write access to the machines’ databases. To read more:


Researchers have found multiple flaws in IT-helpdesk software known as ManageEngine. Seven vulnerabilities were discovered, each enabling an attacker to take control of host servers running the suite of applications. To read more:

Smominru miner

A massive cryptocurrency mining botnet has taken over half a million machines by using the EternalBlue exploit. The botnet turns infected machines into miners of Monero and is believed to have made $3.6 million since it started operating. To read more:

JenX Botnet

Researchers have discovered a new botnet that uses vulnerabilities linked with Satori and leverages the Grand Theft Auto video-game community to infect certain local devices. The vulnerabilities affect certain Huawei and Realtek routers. To read more:

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.