Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Dec. 13th 2021

Dec 13, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

CS Energy Australia

Hackers shut off power to three million Australian homes in a ransomware attack on CS Energy’s two thermal coal plants. Daily Mail: https://www.dailymail.co.uk/news/article-10283839/Chinese-cyberattack-shut-power-three-million-Australians.html

 

WordPress Gravatar

Gravatar experienced one of the largest data breaches in history that exposed 167m names, usernames, and hashes of email addresses. The Digital Hacker: https://thedigitalhacker.com/firefox-confirmed-wordpress-gravatar-data-breach-in-mails/

 

Spar supermarket

A cyberattack forced Spar to close 300 of its UK stores. The attack left some stores without the ability to take payments by card. ZDNet: https://www.zdnet.com/article/a-cyber-attack-has-forced-supermarket-spar-to-close-some-stores/

 

SolarWinds

Mandiant published new research on the SolarWinds hackers’ proficiency and a few of their failures as they continue to breach high-value targets. Ars Technica:https://arstechnica.com/information-technology/2021/12/solarwinds-hackers-have-a-whole-bag-of-new-tricks-for-mass-compromise-attacks/

 

Bitmart

Hackers stole $150m from the Cayman Islands-based cryptocurrency trading platform. Bitmart then suspended withdrawals until it sorted the situation. MSSP Alert: https://www.msspalert.com/cybersecurity-breaches-and-attacks/bitmart-hack-crypto-breach-timeline-and-recovery-details/

 

NPM packages

Researchers discovered 17 malicious packages in NPM that hackers used to hack Discord servers. Ars Technica: https://arstechnica.com/information-technology/2021/12/malicious-packages-sneaked-into-npm-repository-stole-discord-tokens/

 

Cox

Cox disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. Bleeping Computer: https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/

 

Confluence and GitLab

A ransomware group is leveraging several exploits to gain access to unpatched Confluence and GitLab servers to encrypt their files and ask owners to pay a ransom to recover the data. The Record: https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain/

 

Google Pixel

Google announced that the security breach of mail-in Pixel repairs did not occur at the hands of Google employees. Google updated its instructions for mail-in repairs to help customers better lock down their data. 9to5Google: https://9to5google.com/2021/12/08/google-pixel-repair-privacy-breach-statement/

 

Israel National Insurance Institute

Israel’s National Insurance Institute announced that its website experienced a DDoS attack that caused it to go offline for several hours. The Times of Israel: https://www.timesofisrael.com/national-insurance-website-briefly-downed-in-cyberattack-no-data-accessed/

 

Delta-Montrose Electric Association

A Colorado energy company is trying to recover from a cyberattack that took down 90% of its internal systems and caused 25 years of historical data to be lost. ZDNet: https://www.zdnet.com/article/colorado-energy-company-loses-25-years-of-data-after-cyberattack-still-rebuilding-network/#ftag=RSSbaffb68

 

South Australian government

As many as 80,000 government employees were part of a security breach in a cyberattack on Frontier Software, an external payroll software provider. ABC News: https://www.abc.net.au/news/2021-12-10/thousands-of-sa-government-employees-affected-by-cyber-attack/100690564

 

Fujitsu

Fujitsu attributed a data breach on the Japanese government earlier this year with its ProjectWEB tool. Fujitsu discontinues the tool and plans to create “a new project information sharing tool that addresses issues raised by the incident.” ZDNet: https://www.zdnet.com/article/fujitsu-attributes-data-breaches-to-projectweb-vulnerabilities/

 

Volvo

Volvo is investigating a cybersecurity breach and the theft of some of the company’s research and development information. Tech Crunch: https://techcrunch.com/2021/12/10/volvo-had-some-rd-data-stolen-in-security-breach/

 

Hellmann

German logistics company Hellman reported a cyberattack that forced it to remove all connections to its primary data center temporarily. ZDNet: https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.