Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Dec. 20th 2021

Dec 20, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Apache Log4j 

Hackers are actively exploiting a remote code execution vulnerability in Log4j, a Java-based software used throughout the world’s largest tech companies. CNN:


NSO zero-click iMessage exploit

Google Project Zero takes a deep dive into an NSO iMessage-based zero-click exploit used to target a Saudi activist. Google Project Zero:



HR Management platform Kronos experienced a ransomware attack on its Kronos Private Cloud that exposed many of its high-profile customers. ZDNet:


Quebec government websites

Authorities shut down 4,000 Quebec government websites as a preventative measure following the threat of a cyberattack using the Log4j vulnerability. Global News:


Oregon Anesthesiology Group

The Oregon Anesthesiology Group experienced a ransomware attack that exposed the personal information of 750,000 patients and 522 current and former employees. ZDNet:



A Portland-based hotel and brewpub chain experienced a ransomware attack that may have compromised employees’ personal information, but at this point, no customer payment information was exposed. KGW:


Online sports gear websites

Four affiliated sports gear websites disclosed a cyberattack where hackers stole credit cards for almost two million customers. Bleeping Computer:


Pro Wrestling Tees

Pro Wrestling Tees is notifying customers that a cyberattack compromised a few credit card numbers but did not expose any personal information. Mandatory:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.