Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – August 10th

Aug 10, 2020By Shaina Raskin


A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

IoT botnets

Researchers found that hackers could deploy high-wattage IoT botnets made up of devices such as air conditioners and smart thermostats to manipulate private energy markets around the U.S. Wired:


The Blacklist Alliance

A company that helps telemarketing companies avoid getting sued for violating federal laws leaked personal data on customers and the lawyers they have hired to go after telemarketers. Krebs on Security:


Email vulnerabilities

Researchers discovered 18 instances of flaws in three protocols used in email sender authentication: Sender Policy Framework; Domain Keys Identified Mail; and Domain-Based Message Authentication, Reporting and Conformance. The vulnerabilities make spear-phishing attacks even harder to detect. Wired:



Last week Canon suffered an outage of its photo-sharing site due to a ransomware attack. Forbes:


UK dentists

The British Dental Association suffered a data breach that may have exposed UK dentists’ bank-account information. Infosecurity Magazine:


Lafayette, Colorado

City officials announced that hackers deployed ransomware on their computer systems, and the city opted to pay a $45,000 ransom to regain access. Beloit Daily News:



This push-to-talk app disclosed a data breach that potentially enabled malicious actors to access users’ email addresses and passwords. Security Boulevard:



This U.S. business-travel company said that its systems were up and running again following a cybersecurity breach. Reuters revealed that the company paid $4.5m in ransom. PhocusWire:



This interior-design and decorating company confirmed that it had experienced a data breach in which 1.3m user records were stolen. Tom’s Guide:


York, Pennsylvania

A burglar breached the security system at York’s City Hall, causing significant physical damage to the city’s information-technology infrastructure He was arrested onsite. ABC27:


Chrome extensions

Researchers discovered a group of 295 Chrome extensions hijacking and inserting ads in Google and Bing search results. ZDNet:


PulseSecure VPN servers

A hacker published plaintext usernames, passwords and IP addresses for more than 900 PulseSecure VPN enterprise servers. ZDNet:



Intel is investigating a security breach after 20GB of internal documents, some marked “confidential,” were leaked online. ZDNet:


Capital One

Capital One was fined $80m for a data breach last year that exposed the personal information of more than 100m credit-card applicants. The Hacker News: 



A database belonging to this U.S. online academic-testing-platform company was published by the ShinyHunters hacker group, exposing the data of several Australian universities. Infosecurity Magazine:



A hacker claims to have breached backend servers and stolen 8,225 databases belonging to cybersecurity firm DataViper. Digital Journal:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.