Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – April 19th 2021

Apr 19, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

NAME: WRECK

Researchers disclosed nine vulnerabilities impacting the Domain Name System protocol in network communication stacks running on more than 100m devices. Bleeping Computer: https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

 

Browsers

A researcher published proof-of-concept exploit code for a new flaw impacting Chrome and other Chromium-based browsers. The exploit uses a remote code-execution vulnerability in the V8 JavaScript rendering engine. The Hacker News: https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

 

Kubernetes

A vulnerability in one of the Go libraries that Kubernetes is based on enables denial-of-service attacks against the CRI-O and Podman container engines. Threatpost: https://threatpost.com/security-bug-brick-kubernetes-clusters/165413/

 

APKPure Store

Hackers infected APKPure Store, an alternative to the Google Play Store, with malware enabling them to distribute trojans to Android devices. The Hacker News:https://thehackernews.com/2021/04/hackers-tampered-with-apkpure-store-to.html

 

Brown University

America’s Brown University was hit by a cyberattack that forced it to shut down some of its Microsoft Windows-based computer programs. GovTech: https://www.govtech.com/education/higher-ed/Brown-University-Recovering-from-Cyber-Attack.html

 

Albert Heijn, Netherlands

The Netherlands’ largest supermarket chain suffered a shortage of cheese thanks to a ransomware attack that hit a food-transportation and logistics company. The attack halted deliveries from warehouses to the grocery store. Hot for Security: https://hotforsecurity.bitdefender.com/blog/ransomware-attack-causes-supermarket-cheese-shortage-in-the-netherlands-25649.html

 

LogicGate

This risk and compliance startup confirmed a data breach after a third-party obtained credentials to the company’s AWS cloud-storage servers. TechCrunch:https://techcrunch.com/2021/04/13/logicgate-risk-cloud-data-breach/

 

Upstox

This Indian stock-trading company revealed a security breach after a hacker gained access to millions of customers’ personal information. Graham Cluley:https://grahamcluley.com/upstox-warns-of-serious-data-breach-resets-passwords/

 

Counter Strike: Global Offensive

Hackers are taking control of victims’ computers by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive. Vice: https://www.vice.com/en/article/dyvgej/counter-strike-bug-allows-hackers-to-take-over-a-pc-with-a-steam-invite

 

Microsoft

Microsoft delivered Patch Tuesday updates, which consisted of fixes for more than 100 CVEs, including four Exchange Server vulnerabilities reported by the NSA. The Register: https://www.theregister.com/2021/04/13/patch_tuesday_april/

 

JavaScript exploit

Researchers discovered a new Rowhammer attack technique that can trigger an attack from JavaScript on DDR4 RAM cards. The Hacker News: https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

 

Manhunt

A gay dating app confirmed that it had experienced a data breach in February. A hacker gained access to the company’s accounts database. TechCrunch:https://techcrunch.com/2021/04/14/gay-dating-site-manhunt-hacked/

 

ProxyLogon web shells

The FBI cleared hundreds of malicious web shells from computers that were compromised via the ProxyLogon Microsoft Exchange vulnerabilities. Threatpost: https://threatpost.com/fbi-proxylogon-web-shells/165400/

 

Codecov

A hacker gained access to Codecov’s Bash Uploader script and modified it using a vulnerability in Codecov’s Docker image-creation process. The altered version of the script could expose customer credentials, tokens or keys, and enable access to other services. Codecov: https://about.codecov.io/security-update/

 

Malicious PDFs

Hackers are using business forms such as invoices, templates, questionnaires and receipts to deliver Remote Access Trojans via malicious PDFs. The Hacker News:https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html

 

Software applications

Researchers discovered several one-click vulnerabilities in popular apps such as Telegram, Nextcloud, VLC, LibreOffice and more that can execute arbitrary code on target systems. The Hacker News: https://thehackernews.com/2021/04/1-click-hack-found-in-popular-desktop.html

 

Houston Rockets

The US basketball team is working with the FBI to investigate a cyberattack that attempted to install ransomware on the team’s internal systems. Montreal Gazette: https://montrealgazette.com/sports/basketball/nba/houston-rockets-probing-cyber-attack-working-closely-with-fbi

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.