Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – August 3rd

Aug 3, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


This analytics platform, which is used by various software companies, disclosed a data breach where hackers stole GitHub and GitLab OAuth tokens from its internal database. ZDNet:


Online alcohol-delivery company Drizly informed customers of a data breach that exposed their personal data. TechCrunch:

Linux malware

Researchers discovered Linux malware that scans the internet for misconfigured Docker API endpoints to infect vulnerable servers. Black Hat Ethical Hacking:


Researchers disclosed several issues in OKCupid’s dating app that could enable attackers to remotely spy on users’ private messages. The Hacker News:


Researchers discovered a buffer-overflow vulnerability in the Secure Boot function that impacts a majority of laptops, desktops, workstations, and servers running Microsoft and Linux. Forbes:


Zoom recently fixed a bug that enabled attackers to crack the numeric passcode used in secure private meetings. The Hacker News:


A hacker known as ShinyHunters offered 386m new stolen records from 18 breaches for free on the dark web. Forbes:

This video-creation platform confirmed a data breach after hackers posted a database containing 22m user records online. Security Boulevard: 


China-backed hackers are targeting Moderna, one of the firms working to produce a COVID-19 vaccine. Reuters:


Twitter published an update on its investigation into the causes of its recent security breach, which started with a spear-phishing attack on company employees. Cointelegraph:

Digital-banking app reported a data breach after a hacker published a database of information on 7.5m users. Security Boulevard:

UK universities

According to new research, more than half of UK universities experienced a data breach in the past year. Infosecurity Magazine:

ExamSoft Worldwide

Law-school graduates taking an online bar exam were locked out because of a cyberattack on ExamSoft, which produced the exam. Detroit News:


According to a cybersecurity firm, threat actors linked to the Chinese government broke into Vatican computer networks. Gadgets360:


Avon, a cosmetics company, suffered its second security incident in the past two months after accidentally leaving a Microsoft Azure server exposed on the internet without a password. ComputerWeekly:

Front Rush

In January researchers informed this athlete-recruiting software company of an S3 bucket exposed on the internet. The company finally sent letters to those potentially impacted by the breach at the end of July. Security Boulevard:


One of the largest providers of fundraising and financial-management software to U.K. charities announced a ransomware attack. This attack impacted more than 30 charities. Third Sector:


This Israeli marketing-video firm announced a data breach that impacted 14m accounts. OODA Loop:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.