Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Dec. 27th 2021

Dec 27, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

WordPress

Hackers are conducting large-scale cyberattacks against WordPress websites. At least 1.6m domains experienced 13.7m attacks within 36 hours. CPO Magazine: https://www.cpomagazine.com/cyber-security/13-7-million-cyber-attacks-from-16000-ip-addresses-target-four-vulnerable-wordpress-plugins-and-15-themes-striking-1-6-million-websites/

 

UK Police

Data stolen from the UK police was posted and then removed from the dark web. A hacking group launched a supply chain attack against a company that handles access to the Police National Computer database. Tech Monitor: https://techmonitor.ai/technology/cybersecurity/uk-police-data-breach-cl0p-ransomware

 

Belgian Defense Ministry

Part of the Belgian Ministry of Defense’s network went down due to a cyberattack that used a security vulnerability in its software. Brussels Times:https://www.brusselstimes.com/belgium/198521/belgian-defence-ministry-network-partially-down-following-cyber-attack

 

Monongalia Health System

A West Virginia hospital system experienced a data breach after a phishing attack gave hackers access to several email accounts. ZDNet: https://www.zdnet.com/article/phishing-incident-causes-data-breach-at-west-virginia-hospitals/

 

National Service Secretariat

Researchers discovered a massive data breach at Ghana’s National Service Secretariat. The breach exposed the personal information of 700,000 people. Ghana Web: https://www.ghanaweb.com/GhanaHomePage/NewsArchive/NSS-allegedly-hit-by-data-breach-as-700-000-people-s-documents-leak-online-1428826

 

Ubisoft

The French gaming company announced that a misconfiguration of its IT infrastructure accidentally caused a breach on some Just Dance player data. Hackers accessed and possibly copied the information. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/ubisoft-player-data-breach/

 

US Commission on International Religious Freedom

According to a cybersecurity company, the USCIRF experienced a cyberattack that compromised systems on its network and enabled hackers to run code as the operating system. ZDNet: https://www.zdnet.com/article/cybersecurity-company-identifies-months-long-attack-on-us-federal-commission/

 

Alibaba Cloud

The Chinese government suspended its partnership with Alibaba Cloud Computing over accusations that it failed to address a cybersecurity vulnerability in Apache Log4j2. Reuters: https://www.reuters.com/world/china/china-regulator-suspends-cyber-security-deal-with-alibaba-cloud-2021-12-22/

 

Health Ministry of Brazil

The Brazilian Health Ministry experienced two ransomware attacks targeting COVID vaccination data in one week. It is not yet clear if the two attacks are connected. CPO Magazine: https://www.cpomagazine.com/cyber-security/health-ministry-of-brazil-hit-by-two-ransomware-attacks-in-one-week-vaccination-data-stolen-taken-offline/

 

Bansley and Kiener CPA

Individuals filed a lawsuit against CPA firm Bansley and Kiener after failing to notify people of a ransomware attack that impacted their health information. SC Magazine: https://www.scmagazine.com/analysis/breach/bansley-and-kiener-cpa-firm-sued-over-delayed-breach-notification-data-theft

 

Albania

The Albanian prime minister issued an apology after exposing hundreds of thousands of Albanian citizens’ data. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/albanias-prime-minister-issues/

 

Azure App Service

A security flaw in Microsoft’s Azure App Service exposed the source code of customer applications written in Java, Node PHP, Python, and Ruby since 2017. The Hacker News: https://thehackernews.com/2021/12/4-year-old-bug-in-azure-app-service.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.