Weekly Breach Report – August 17th

Aug 17, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Researchers disclosed proof-of-concept exploit code for an unpatched zero-day remote code execution vulnerability in vBulletin online-forum software that is already being actively exploited in the wild. The Hacker News: https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html 


Michigan State University

Hackers breached Michigan State University’s online store, gaining access to more than 2,600 customer credit-card numbers and other personal information. Detroit News: https://www.detroitnews.com/story/news/local/michigan/2020/08/11/hackers-breach-customer-data-michigan-state-online-store/113014252/



Walgreens reported a data breach affecting more than 180 US stores and 72,000 individuals containing healthcare information and customer records. Health Leaders Media: 



Citrix Endpoint Management

Citrix released patches for security vulnerabilities that impact its Endpoint Management product, which helps companies to manage and secure employees’ mobile devices remotely. The Hacker News: https://thehackernews.com/2020/08/citrix-endpoint-management.html


SANS Institute

This U.S.-based institute, which trains cybersecurity professionals worldwide, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday. CyberScoop: 



Amazon Alexa

Researchers disclosed several security vulnerabilities in Amazon’s Alexa that could enable hackers to spy on users. The Hacker News: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html



Hackers are installing malware in projects using Xcode, an integrated development environment used to develop Apple-related software. The malware compromises Safari and other browsers. ZDNet: https://www.zdnet.com/article/mac-malware-spreads-through-xcode-projects-abuses-previously-unknown-vulnerabilities/



A cyberattack on this alcoholic-beverage manufacturer including Jack Daniels impacted employee data and other information. Forbes: https://www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/#2582509b4da0



This online exam-proctoring platform confirmed a data breach after a hacker released a stolen database of user information on a hacker forum. Bleeping Computer: https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/


Boston University and Emerson College

These schools notified students and alumni about a potential data breach at Blackbaud, one of their third-party technology vendors. Boston Globe: https://www.bostonglobe.com/2020/08/08/metro/hackers-access-personal-information-bu-emerson/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.