Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – April 12th

Apr 12, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

AMD Zen 3

The US chipmaker confirmed that the optimization inside Zen 3 CPUs is vulnerable to Spectre-style exploits. TechSpot: https://www.techspot.com/news/89173-amd-admits-zen-3-cpus-vulnerable-new-spectre.html

 

SAP

Researchers detected more than 300 successful exploits of SAP vulnerabilities and insecure configurations. The targeted applications include enterprise resource planning, supply-chain management, human-capital management, and more. The Hacker News: https://thehackernews.com/2021/04/watch-out-mission-critical-sap.html

 

Vietnamese military and government

A Chinese-speaking hacking group is conducting a cyber-espionage campaign targeting government and military organizations in Vietnam. The Hacker News: https://thehackernews.com/2021/04/hackers-from-china-target-vietnamese.html

 

FlixOnline

Researchers discovered a wormable Android malware disguised as rogue Netflix app called “FlixOnline,” and downloadable from the Google Play Store. It propagates via WhatsApp messages. The Hacker News: https://thehackernews.com/2021/04/whatsapp-based-wormable-android-malware.html

 

VMware 

Researchers discovered a critical vulnerability in VMware’s Carbon Black Cloud Workload appliance that can bypass authentication and take control of vulnerable systems. The Hacker News: https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

 

Fortinet VPN

Hackers are targeting unpatched Fortinet VPN devices to break into European companies. One hack led to the temporary shutdown of a firm’s production facility. The Hacker News: https://thehackernews.com/2021/04/hackers-exploit-unpatched-vpns-to.html

 

Connecticut DMV

A cyberattack disabled the Connecticut DMV’s online emissions-testing system. The DMV detected the attack on March 30th, and the system is still offline. WSHU: https://www.wshu.org/post/cyber-attack-targeting-connecticuts-dmv-disrupted-emissions-testing#stream/0

 

California Department of State Hospitals

California’s Department of State Hospitals discovered a data breach that impacted almost 3,000 people. Becker’s Health IT: https://www.beckershospitalreview.com/cybersecurity/nearly-3-000-more-people-affected-by-california-hospital-s-data-breach.html

 

European Union

Several EU institutions experienced cyberattacks last week. There is no conclusive information yet about the attack. Insurance Journal:https://www.insurancejournal.com/news/international/2021/04/07/608854.htm

 

Slack and Discord

Hackers are using Slack and Discord to evade security and deliver malware to victim’s systems. Threatpost: https://threatpost.com/attackers-discord-slack-malware/165295/

 

Cisco

Cisco announced that it does not plan to fix a critical security vulnerability that impacts its older Small Business routers. The company is urging users to replace the devices. The Hacker News: https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html

 

Carding Mafia

Hackers breached a forum for stealing and trading credit cards, exposing 300,000 user accounts. CPO Magazine: https://www.cpomagazine.com/cyber-security/hackers-compromised-a-popular-carding-site-exposing-300000-user-account-details/

 

Zoom

Researchers discovered a zero-day vulnerability in Zoom that launches remote code execution attacks on targeted machines. ZDNet: https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/

 

University of Colorado

Hackers are attempting to extort the University of Colorado after a cyberattack that compromised the personal information of students and staff. The university has not paid the ransom. KRDO: https://krdo.com/news/2021/04/10/hackers-try-to-extort-university-of-colorado-in-cyberattack/

 

Education organizations

Hackers are targeting education organizations with cryptomining software that generates Monero, Litecoin, Bitcoin and Ethereum. ZDNet: https://www.zdnet.com/article/washington-state-educational-organizations-targeted-in-cryptojacking-spree/

 

Call of Duty: Warzone

Activision published research showing how hackers had hidden malware as a cheat program for the video game Call of Duty: Warzone. Activision: https://research.activision.com/publications/2021/03/cheating-cheaters-malware-delivered-as-call-of-duty-cheats

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.