Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Aug. 30th 2021

Aug 30, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Linux threats

Trend Micro published a study that found Linux malware threats are on the rise, and that there are over 14m devices exposed on the internet. Trend Micro:


Microsoft Power Apps

Researchers discovered multiple data leaks that exposed 38m data records via Microsoft power Apps portals. ZDNet:



F5, a U.S. application-services company, released patches for two dozen security vulnerabilities impacting versions of its BIG-IP and BIG-IQ devices. The Hacker News:


U.S. State Department

The Department of Defense’s Cyber Command issued a breach notification after the U.S. State Department experienced a severe cyber attack. The State Department has not released any information about the breach. Gizmodo:


Tehran’s Evin Prison

A hacking group leaked surveillance footage shot inside an Iranian prison for political prisoners. Infosecurity Magazine:


Eye & Retina Surgeons

A private eye clinic in Singapore experienced a ransomware attack that impacted the personal and clinical information of nearly 73,500 patients. The Straits Times:



Hackers targeted a vulnerability in devices from the Taiwanese semiconductor with a botnet based on the IoT malware Mirai. ZDNet:



A 21-year-old American told the Wall Street Journal that he was behind T-Mobile’s recent security breach and that the wireless company’s security was lax. The Wall Street Journal:



A bug in a Palantir program used by the FBI enabled unauthorized employees to access private data for over a year. New York Post:


Boston Public Library

Due to a cyberattack, Boston Public Library took all public computers, printing services and online resources offline. Homeland Security Today:


Offshore drilling rigs

Cyber-defense experts Naval Dome published findings that offshore drilling rigs are susceptible to cyberattack due to increased remote monitoring and autonomous control, IoT and digitalization. Splash 247:


DDoS attack

Cloudflare reported that it stopped a massive DDoS attack that was sending 17.2m requests-per-second. ZDNet:


Azure Cosmos DB

Security researchers gained unrestricted access to accounts and databases of several thousand Microsoft Azure customers using Cosmos DB. Wiz:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.