Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – April 26th

Apr 26, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Russian SVR 

The NSA, CISA and FBI are encouraging organizations to patch their networks now against five vulnerabilities that Russian Foreign Intelligence Service (SVR) hackers are actively exploiting. Malwarebytes: https://blog.malwarebytes.com/malwarebytes-news/2021/04/patch-now-nsa-cisa-and-fbi-warn-of-russian-intelligence-exploiting-5-vulnerabilities/amp/

 

Geico

Geico fixed a security vulnerability that enabled hackers to steal customers’ driver’s-license numbers from its website. TechCrunch:https://techcrunch.com/2021/04/19/geico-driver-license-numbers-scraped/

 

Ad servers

Hackers compromised more than 120 ad servers to serve malicious advertisements that then directed users to websites delivering malware. The Hacker News:https://thehackernews.com/2021/04/120-compromised-ad-servers-target.html

 

BMP images

A North Korean hacker targeted South Korean organizations with malicious code in a bitmap image file. The code drops a remote-access trojan to steal sensitive information. The Hacker News: https://thehackernews.com/2021/04/lazarus-apt-hackers-are-now-using-bmp.html

 

ParkMobile

This mobile parking-payment company released information about a cybersecurity breach that exposed user data such as license-plate numbers, email addresses and phone numbers. Herald Dispatch: https://www.herald-dispatch.com/news/parkmobile-notifies-parking-board-about-data-breach/article_00a71513-bd4c-5f34-a1b4-5391a29101a0.html

 

University of Hertfordshire

This UK university suffered a cyberattack that knocked out its IT systems, resulting in the cancellation of all online classes for several days. ZDNet:https://www.zdnet.com/article/cyberattack-on-uk-university-knocks-out-online-learning-teams-and-zoom/

 

Quanta

Hackers attempted to extort Quanta, an Apple contractor, after acquiring internal engineering schematics of Apple devices. The hackers are now asking Apple for the ransom, threatening to publish the documents online. 9to5Mac: https://9to5mac.com/2021/04/20/ransomware-gang-claims-to-have-breached-apple-contractor-quanta-threatening-to-release-mac-product-details/

 

Google Chrome

Google shipped emergency security patches for another Chrome zero-day that attackers are already exploiting in the wild. SecurityWeek: https://www.securityweek.com/google-chrome-hit-another-mysterious-zero-day-attack

 

LinkedIn

MI5 is warning UK nationals that hostile actors are using fake LinkedIn profiles to steal sensitive personal information. BBC: https://www.bbc.com/news/technology-56812746

 

Linux kernel

The kernel’s maintainers caught researchers from the University of Minnesota trying to submit patches to the Linux kernel that contained security vulnerabilities. The researchers were writing a broader paper on the topic. The Linux kernel banned all contributions from the university and removed all patches. FOSS Post: https://fosspost.org/researchers-secretly-tried-to-add-vulnerabilities-to-linux-kernel/

 

SonicWall

SonicWall patched three zero-day vulnerabilities in its hosted and on-premises email-security products that hackers were exploiting in the wild. The Hacker News: https://thehackernews.com/2021/04/3-zero-day-exploits-hit-sonicwall.html

 

Pulse Secure VPN

Hackers exploited vulnerabilities in Pulse Secure to gain access into networks belonging to the US defense industry. ArsTechnica: https://arstechnica.com/gadgets/2021/04/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world/

 

Cosori Smart Air Fryer

Researchers discovered two remote code executions in the smart air fryer that enable hackers to take control of the device. ZDNet: https://www.zdnet.com/article/remote-code-execution-vulnerabilities-uncovered-in-smart-air-fryer/

 

Hoya

Hackers deployed a ransomware attack against this Japanese optical-products company, and stole 300 gigabytes of confidential data. Bloomberg: https://www.bloomberg.com/news/articles/2021-04-21/hackers-target-iconic-japan-s-toshiba-rival-hoya-with-ransomware

 

Cellebrite

The CEO of Signal announced that he had hacked Cellebrite, a company that sells software designed to unlock phones and extract data. Gizmodo: https://gizmodo.com/signals-ceo-just-hacked-the-cops-favorite-phone-crackin-1846733412

 

Eversource

New England’s largest energy provider discovered a misconfiguration error in one of its cloud data-storage folders that exposed customer data. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/eversource-data-breach/

 

Telegram

Hackers are using Telegram, a secure messaging app, as a command-and-control system to distribute ToxicEye malware. The Hacker News: https://thehackernews.com/2021/04/cybercriminals-using-telegram-messenger.html

 

Fastway Couriers

This New Zealand company confirmed that one of its IT systems experienced a cyberattack that exposed the personal details of more than 446,000 parcel deliveries. Mancunian Matters: https://www.mancunianmatters.co.uk/news/22042021-fastway-couriers-experience-data-breach/

 

Douglas Elliman Property Management

This US co-op/condo management company experienced a data breach that exposed the personal information of building residents and employees. Habitat:https://www.habitatmag.com/Publication-Content/Board-Operations/2020/2020-December/Hundreds-of-Co-ops-and-Condos-Suffer-Data-Breach

 

Supernova malware

Hackers used the Supernova backdoor to compromise SolarWinds Orion installations by first gaining access to the network through vulnerable Pulse Secure VPN devices. The Hacker News: https://thehackernews.com/2021/04/hackers-exploit-vpn-flaw-to-deploy.html

 

Bourbon

A French offshore-vessel owner and provider confirmed that a cyberattack had hit its computer network earlier this month. Splash247.com: https://splash247.com/bourbon-confirms-cyber-attack/

 

Passwordstate

Some 29,000 users of this password manager downloaded a malicious update that enabled hackers to extract data from the app. ArsTechnica: https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/

 

Laurent Perrier

This French champagne group announced that a cyberattack had impacted its IT network and forced it to disconnect servers. Reuters: https://www.reuters.com/article/france-champagne-laurentperrier/corrected-french-champagne-group-laurent-perrier-has-been-victim-of-cyber-attack-idUSFWN2MH0GP

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.