Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Dec. 20th 2021

Dec 20, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Apache Log4j 

Hackers are actively exploiting a remote code execution vulnerability in Log4j, a Java-based software used throughout the world’s largest tech companies. CNN: https://www.cnn.com/2021/12/15/tech/log4j-vulnerability/index.html

 

NSO zero-click iMessage exploit

Google Project Zero takes a deep dive into an NSO iMessage-based zero-click exploit used to target a Saudi activist. Google Project Zero: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

 

Kronos

HR Management platform Kronos experienced a ransomware attack on its Kronos Private Cloud that exposed many of its high-profile customers. ZDNet: https://www.zdnet.com/article/hr-platform-kronos-brought-down-by-ransomware-attack-ukg-warns-of-data-breach/

 

Quebec government websites

Authorities shut down 4,000 Quebec government websites as a preventative measure following the threat of a cyberattack using the Log4j vulnerability. Global News: https://globalnews.ca/news/8444811/massive-software-flaw-quebec-government-websites/

 

Oregon Anesthesiology Group

The Oregon Anesthesiology Group experienced a ransomware attack that exposed the personal information of 750,000 patients and 522 current and former employees. ZDNet: https://www.zdnet.com/article/oregon-medical-group-notifies-patients-of-cybersecurity-breach-says-fbi-seized-hellokitty-accounts/

 

McMenamins

A Portland-based hotel and brewpub chain experienced a ransomware attack that may have compromised employees’ personal information, but at this point, no customer payment information was exposed. KGW: https://www.kgw.com/article/news/local/mcmenamins-ransomware-attack/283-dc039d56-cf82-4f06-8862-c2f6223e3893

 

Online sports gear websites

Four affiliated sports gear websites disclosed a cyberattack where hackers stole credit cards for almost two million customers. Bleeping Computer:https://www.bleepingcomputer.com/news/security/credit-card-info-of-18-million-people-stolen-from-sports-gear-sites/

 

Pro Wrestling Tees

Pro Wrestling Tees is notifying customers that a cyberattack compromised a few credit card numbers but did not expose any personal information. Mandatory:https://www.mandatory.com/wrestlezone/news/1271184-pro-wrestling-tees-releases-statement-following-data-breach

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.