Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – August 2nd 2021

Aug 2, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Exploit statistics

A new report from NTT Application Security found that the average time to fix severe vulnerabilities rose from 194 days at the start of 2021 to 246 days by the end of June. ZDNet: https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

 

Apple

Apple patched a zero-day vulnerability in its iOS, iPadOS and macOS operating systems. The bug was in a kernel extension for managing the screen frame buffer, and could run malicious code. The Register: https://www.theregister.com/2021/07/27/apple_patches_zeroday/

 

LemonDuck malware

This cryptomining malware targets both Windows and Linux operating systems through older unpatched vulnerabilities. The Hacker News: https://thehackernews.com/2021/07/microsoft-warns-of-lemonduck-malware.html

 

Windows domain controllers

Microsoft provided detailed instructions to protect Windows servers from an NTLM relay attack, which makes a remote Windows server authenticate with an attacker and share credentials. ZDNet: https://www.zdnet.com/article/microsoft-heres-how-to-shield-your-windows-servers-against-this-credential-stealing-attack/

 

Malware evolution

Hackers are using “newer” programming languages such as Go, Rust, Nim and Dlang to get around conventional security protections. The Hacker News: https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html

 

Transnet 

Transnet Port Terminals, South Africa’s state-run port operator, experienced a cyberattack that appears to have crippled the operations of the entire Transnet Group. Moneyweb: https://www.moneyweb.co.za/news/companies-and-deals/transnet-cyber-attack-confirmed-port-terminals-division-declares-force-majeure/

 

Microsoft Exchange Server

A Chinese hacking group deployed an undocumented variant of a remote-access trojan that leverages flaws in Exchange. The Hacker News: https://thehackernews.com/2021/07/chinese-hackers-implant-plugx-variant.html

 

PyPI

Software package repositories are popular targets for supply-chain attacks. Recently eight Python packages were removed from the PyPI portal for containing malicious code. The Hacker News: https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html

 

UC San Diego Health

This Californian healthcare system announced a breach of employee email accounts, which impacted an undisclosed number of patients and employees. La Jolla Light: https://www.lajollalight.com/news/story/2021-07-27/uc-san-diego-health-announces-data-breach

 

Discoverable US city data

Researchers found personal documents collected by 86 US municipalities sitting in AWS S3 buckets that were open online. Security Boulevard: https://securityboulevard.com/2021/07/shared-intel-ramifications-of-86-cities-storing-citizens-data-in-misconfigured-aws-s3-buckets/

 

Beijing One Pass

Researchers at Recorded Future reported that a software application called Beijing One Pass is spyware. Beijing One Pass is employee-benefits software that the Chinese government requires companies doing business in the country to use. Recorded Future: https://www.recordedfuture.com/beijing-one-pass-benefits-software-spyware/

 

Phantom warships

Cybercriminals are faking locations of warships using the automatic identification system, a wireless radio technology designed to prevent collisions. Wired: https://www.wired.com/story/fake-warships-ais-signals-russia-crimea/

 

Estonian Information System Authority

Estonian officials arrested a suspect who used a vulnerability to access a government database and download ID photos of more than 286,000 citizens. The Record: https://therecord.media/estonia-says-a-hacker-downloaded-286000-id-photos-from-government-database/

 

Northern Ireland vaccine passports

Northern Ireland’s Department of Health stopped Covid vaccine certification online after a data breach exposed some users’ data. Bleeping Computer: https://www.bleepingcomputer.com/news/security/northern-ireland-suspends-vaccine-passport-system-after-data-leak/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.