Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Aug. 9th 2021

Aug 9, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



A security researcher disclosed a set of vulnerabilities known as “PwndPiper” that enables attacks on pneumatic-tube systems. The vulnerabilities impact Translogic’s PTS system, which is installed in 80% of large North American hospitals. The Hacker News:


Advanced Technology Ventures

A Silicon Valley venture-capital firm experienced a ransomware attack. The cybercriminals stole information on the firm’s private investors and limited partners. TechCrunch:


Harris County

This Texas county reported a data breach that impacted the health information of more than 26,000 patients in the county jail system’s healthcare service. Health IT Security:



The website of the Lazio region of Italy is down following a cyberattack. The attack accessed the booking system for the region’s Covid-vaccination campaign, and prevented officials from accepting new bookings. Wanted in Rome:


Russian federal agencies

State-sponsored threat groups from China are targeting Russian federal agencies with cyberattacks. The Hacker News:



Researchers disclosed 14 vulnerabilities impacting NicheStack, a commonly-used TCP/IP stack used in operational-technology devices. The Hacker News:


US federal agencies 

In a report by a US Senate Committee on cybersecurity at eight federal agencies, four scored Ds, three Cs, and only one received a B. Arstechnica:


DNS as-a-service

Researchers disclosed a security issue impacting DNS service providers that can hijack the platform’s notes and intercept incoming DNS traffic. Amazon and Google patched the vulnerabilities. The Record:


Microsoft Exchange

Researchers discovered five gigabytes of data in the cloud that was stolen from foreign ministries and energy companies. The cybercriminals hacked into the organizations’ on-premise Microsoft Exchange servers. Bloomberg:



Researchers disclosed multiple vulnerabilities in Mitsubishi safety programmable logic controllers (PLCs) that enable an attacker to acquire legitimate usernames, login to the CPU module, and execute a DoS. The Hacker News:



India’s Twitter clone patched a severe cross-site scripting vulnerability that could enable an attacker to execute arbitrary JavaScript against thousands of users. The Hacker News:


Eskenazi Health

An Indiana healthcare service provider turned ambulances away and diverted patients to other hospitals because of a ransomware attack. The Daily Beast:


LockBit 2.0

According to the Australian Cyber Security Centre, hackers targeted multiple organizations across various industries with LockBit 2.0 ransomware. Business News Australia:



A Singapore telco announced that it had discovered the personal data of its customers on a dark web forum. The company nonetheless claims that none of its systems were breached. ZDNet:



Ibex announced a data breach that may have impacted the personal information of employees and their families. Globe Newswire:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.