Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Polyverse Weekly Breach Report

Jul 16, 2018By Shaina Raskin

A snapshot look at the breaches and reported vulnerabilities of last week

AUR package repository

Malware was discovered in at least three Arch Linux packages available on the official Arch Linux repository of user-submitted packages. The malware incident happened because AUR allows anyone to take over and make changes to “orphaned” repositories that have been abandoned by their original authors. To read more:

US Air Force

US Air Force documents were found on the dark web as part of an attempted sale of drone manuals. The documents found pertain to the MQ-9 Reaper drone. To read more:

Thomas Cook Airlines

A programmer came across an enumeration bug in the systems of Britain’s Thomas Cook Airlines. The bug leaked the full name of all travelers and flight details of booked flights. To read more:


This American retailer’s website was hit by a data breach: hackers stole the names and passwords of some customers, and also potentially accessed credit card information. The breach affected about 0.5% of customers registered on or To read more:


An Ether wallet service informed users that the Google Chrome Hola VPN extension was breached, enabling the hackers to monitor customer wallet activity. MEW advised users to immediately move their funds to a secure wallet in order to mitigate the risk of theft. To read more:


Bancor, a crypto-asset exchange, suffered a cyberattack in which hackers attempted to steal up to $23.5 million in cryptocurrencies. The wallet being used to “upgrade” smart contracts was compromised, and the hackers successfully withdrew $12.5 million worth of Ethereum and $1 million of Pundi X tokens. To read more:


Researchers published a MIT paper called Speculative Buffer Overflows: Attacks and Defenses, which examines two new Spectre-style CPU attacks. To read more:


A Portuguese web-hosting firm accused of helping spammers hijack large sections of dormant internet address space was kicked off the web last week. Dormant address ranges are easy to abuse because of the way the global-routing system works. To read more:

Airport security

Researchers at McAfee found remote access to a major airport’s security system for sale on the dark web. The access came from an online market for remote-desktop-protocol accounts. To read more:

Reported Vulnerabilities


Cisco patched a variety of security flaws discovered in VoIP phones. The most critical would enable command injection and remote code execution on IP phones. To read more:


Dorkbot, a banking trojan that steals credentials by using web-injects that are activated when a customer tries to log in to their bank’s website, has resurfaced after a six-year absence. To read more:


A hacker gained access to a developer’s npm account and injected code into a popular JavaScript library. The code attempted to steal the npm credentials of users who utilize the package inside their projects. To read more:

Want to learn more?

Sign up below and receive weekly breach reports directly in your inbox.

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.