Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – April 5th

Apr 5, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



OpenSSL, a software library for applications that secure communications over computer networks, patched a high-severity vulnerability that made it simple for hackers to shut down large numbers of servers. The bug causes servers to crash if they receive a maliciously crafted request from an unauthenticated user. Ars Technica:



Researchers disclosed two new vulnerabilities in Linux that could enable hackers to circumvent mitigations for attacks such as Spectre, and obtain information from kernel memory. The Hacker News:



Hackers pushed two malicious commits to this scripting language’s source repository that could install a backdoor on vulnerable systems. Vice:



Apple released updates for iPhone, iPad and Watches to patch a security vulnerability actively under attack. Researchers at Google’s Project Zero discovered the vulnerability. TechCrunch:


Japanese companies

Researchers disclosed details of a hacking campaign that deploys malicious backdoors to steal sensitive information from a range of Japanese industrial sectors. The Hacker News:


Kansas water facility

The Department of Justice indicted a 22-year-old man from Kansas on charges of accessing a public water facility’s computer system and jeopardizing local residents’ safety. The Hacker News:



A North Korean-backed hacking campaign targeting cybersecurity researchers with malware is using new social engineering tactics. The hackers set up a fake security company and try to trick researchers into visiting its website. The Hacker News:


Microsoft Background Intelligent Transfer Service

Hackers are using Microsoft’s Background Intelligent Transfer Service, which helps transfer files between machines, to deploy malicious payloads on Windows machines, evading firewalls. The Hacker News:


Nine Network Australia

Channel Nine suffered a cyberattack that took its Sydney television and digital production systems offline for more than 24 hours, and forced the channel to transfer operations to its Melbourne studios. The National Law Review:



A whistleblower accused the secure-router company of covering up a “catastrophic” security breach. The company has since issued a statement that does not deny the claims. The Verge:



This Indian payment-services provider has denied a report that a data breach jeopardized millions of its customers. The Daily Swig:


Wake Forest Baptist Health

This North Carolina hospital is notifying patients that their personal information was exposed in a security breach at a former vendor, Healthgrades. Becker’s Health IT:


Stanford and University of California

These US universities warned users that a nationwide cyberattack had affected their computer systems. The universities were part of the breach involving the Accellion file-sharing system. San Francisco Chronicle:



A hacking forum published the personal data of more than 533m Facebook users from 106 countries. Facebook claimed that the data is old and came from a patched 2019 vulnerability. Business Insider:



Several healthcare entities are reporting data breaches after a Med-Data employee accidentally uploaded patient data to GitHub. GovInfoSecurity:



This Singapore furniture retailer announced that hackers had broken into its servers and posted customers’ personal information online. The Straits Times:


Scottish Environment Protection Agency (SEPA)

On Christmas Eve hackers stole more than 4,000 digital files from SEPA. Four months later, the agency has spent almost £800,000 ($1.1m) responding to the attack. BBC:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.