Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Aug. 30th 2021

Aug 30, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Linux threats

Trend Micro published a study that found Linux malware threats are on the rise, and that there are over 14m devices exposed on the internet. Trend Micro:https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-threat-report-2021-1h-linux-threats-in-the-cloud-and-security-recommendations

 

Microsoft Power Apps

Researchers discovered multiple data leaks that exposed 38m data records via Microsoft power Apps portals. ZDNet: https://www.zdnet.com/article/microsoft-power-apps-misconfiguration-exposes-38-million-data-records/

 

F5

F5, a U.S. application-services company, released patches for two dozen security vulnerabilities impacting versions of its BIG-IP and BIG-IQ devices. The Hacker News: https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

 

U.S. State Department

The Department of Defense’s Cyber Command issued a breach notification after the U.S. State Department experienced a severe cyber attack. The State Department has not released any information about the breach. Gizmodo:https://gizmodo.com/the-state-department-has-reportedly-been-hacked-1847536299

 

Tehran’s Evin Prison

A hacking group leaked surveillance footage shot inside an Iranian prison for political prisoners. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/hackers-leak-footage-of-iranian/

 

Eye & Retina Surgeons

A private eye clinic in Singapore experienced a ransomware attack that impacted the personal and clinical information of nearly 73,500 patients. The Straits Times: https://www.straitstimes.com/tech/tech-news/nearly-73500-patients-data-affected-in-ransomware-attack-on-eye-clinic-in-spore

 

Realtek

Hackers targeted a vulnerability in devices from the Taiwanese semiconductor with a botnet based on the IoT malware Mirai. ZDNet: https://www.zdnet.com/article/realtek-hardware-bugs-expose-dozens-of-brands-to-supply-chain-cyber-attack/

 

T-Mobile

A 21-year-old American told the Wall Street Journal that he was behind T-Mobile’s recent security breach and that the wireless company’s security was lax. The Wall Street Journal: https://www.wsj.com/articles/t-mobile-hacker-who-stole-data-on-50-million-customers-their-security-is-awful-11629985105

 

Palantir

A bug in a Palantir program used by the FBI enabled unauthorized employees to access private data for over a year. New York Post: https://nypost.com/2021/08/25/fbi-palantir-glitch-allowed-unauthorized-access-to-private-data/

 

Boston Public Library

Due to a cyberattack, Boston Public Library took all public computers, printing services and online resources offline. Homeland Security Today: https://www.hstoday.us/subject-matter-areas/cybersecurity/boston-public-library-victim-of-cyber-attack/

 

Offshore drilling rigs

Cyber-defense experts Naval Dome published findings that offshore drilling rigs are susceptible to cyberattack due to increased remote monitoring and autonomous control, IoT and digitalization. Splash 247: https://splash247.com/study-finds-offshore-drilling-rigs-open-to-cyber-attacks/

 

DDoS attack

Cloudflare reported that it stopped a massive DDoS attack that was sending 17.2m requests-per-second. ZDNet: https://www.zdnet.com/article/cloudflare-says-it-stopped-the-largest-ddos-attack-ever-reported/

 

Azure Cosmos DB

Security researchers gained unrestricted access to accounts and databases of several thousand Microsoft Azure customers using Cosmos DB. Wiz: https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases?ck_subscriber_id=512831035

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.