Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – April 26th

Apr 26, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Russian SVR 

The NSA, CISA and FBI are encouraging organizations to patch their networks now against five vulnerabilities that Russian Foreign Intelligence Service (SVR) hackers are actively exploiting. Malwarebytes:



Geico fixed a security vulnerability that enabled hackers to steal customers’ driver’s-license numbers from its website. TechCrunch:


Ad servers

Hackers compromised more than 120 ad servers to serve malicious advertisements that then directed users to websites delivering malware. The Hacker News:


BMP images

A North Korean hacker targeted South Korean organizations with malicious code in a bitmap image file. The code drops a remote-access trojan to steal sensitive information. The Hacker News:



This mobile parking-payment company released information about a cybersecurity breach that exposed user data such as license-plate numbers, email addresses and phone numbers. Herald Dispatch:


University of Hertfordshire

This UK university suffered a cyberattack that knocked out its IT systems, resulting in the cancellation of all online classes for several days. ZDNet:



Hackers attempted to extort Quanta, an Apple contractor, after acquiring internal engineering schematics of Apple devices. The hackers are now asking Apple for the ransom, threatening to publish the documents online. 9to5Mac:


Google Chrome

Google shipped emergency security patches for another Chrome zero-day that attackers are already exploiting in the wild. SecurityWeek:



MI5 is warning UK nationals that hostile actors are using fake LinkedIn profiles to steal sensitive personal information. BBC:


Linux kernel

The kernel’s maintainers caught researchers from the University of Minnesota trying to submit patches to the Linux kernel that contained security vulnerabilities. The researchers were writing a broader paper on the topic. The Linux kernel banned all contributions from the university and removed all patches. FOSS Post:



SonicWall patched three zero-day vulnerabilities in its hosted and on-premises email-security products that hackers were exploiting in the wild. The Hacker News:


Pulse Secure VPN

Hackers exploited vulnerabilities in Pulse Secure to gain access into networks belonging to the US defense industry. ArsTechnica:


Cosori Smart Air Fryer

Researchers discovered two remote code executions in the smart air fryer that enable hackers to take control of the device. ZDNet:



Hackers deployed a ransomware attack against this Japanese optical-products company, and stole 300 gigabytes of confidential data. Bloomberg:



The CEO of Signal announced that he had hacked Cellebrite, a company that sells software designed to unlock phones and extract data. Gizmodo:



New England’s largest energy provider discovered a misconfiguration error in one of its cloud data-storage folders that exposed customer data. Infosecurity Magazine:



Hackers are using Telegram, a secure messaging app, as a command-and-control system to distribute ToxicEye malware. The Hacker News:


Fastway Couriers

This New Zealand company confirmed that one of its IT systems experienced a cyberattack that exposed the personal details of more than 446,000 parcel deliveries. Mancunian Matters:


Douglas Elliman Property Management

This US co-op/condo management company experienced a data breach that exposed the personal information of building residents and employees. Habitat:


Supernova malware

Hackers used the Supernova backdoor to compromise SolarWinds Orion installations by first gaining access to the network through vulnerable Pulse Secure VPN devices. The Hacker News:



A French offshore-vessel owner and provider confirmed that a cyberattack had hit its computer network earlier this month.



Some 29,000 users of this password manager downloaded a malicious update that enabled hackers to extract data from the app. ArsTechnica:


Laurent Perrier

This French champagne group announced that a cyberattack had impacted its IT network and forced it to disconnect servers. Reuters:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.