Weekly Breach Report – February 15th

Feb 15, 2021By Shaina Raskin

 

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Oldsmar, Florida

Hackers gained access to a software program that treats water for the city of Oldsmar, and attempted to increase the amount of lye (a metal hydroxide that can be deadly in high concentrations) in the water supply. Reuters: https://www.reuters.com/article/us-usa-cyber-florida-idUSKBN2A82FV

 

U-Admin 

Law enforcement in Ukraine shut down one of the world’s largest phishing services. It had been used to attack financial institutions in a range of countries. The Hacker News: https://thehackernews.com/2021/02/ukrainian-police-arrest-author-of.html

 

Supply-chain attack

A researcher breached more than 35 companies’ internal systems, including Microsoft, Apple, PayPal and Netflix, in a software supply-chain attack. The researcher was able to compromise specific open-source repositories such as PyPI, npm and RubyGems. Bleeping Computer: https://www.bleepingcomputer.com/news/security/researcher-hacks-microsoft-apple-more-in-novel-supply-chain-attack/

 

CD Projekt Red

The Cyberpunk 2077 video-game maker announced that hackers accessed the company’s internal network and scrambled data servers to extort a ransom. BBC:https://www.bbc.com/news/technology-55994787

 

Apple

Apple patched a critical Sudo vulnerability in macOS Big Sur, Catalina and Mojave that enabled unauthenticated local users to gain root-level privileges. The Hacker News: https://thehackernews.com/2021/02/apple-patches-10-year-old-macos-sudo.html

 

Microsoft

Microsoft issued fixes for 56 bugs on its monthly “Patch Tuesday,” including a zero-day actively exploited in the wild. The Hacker News: https://thehackernews.com/2021/02/microsoft-issues-patches-for-in-wild-0.html

 

SIM swapping

Police arrested ten people in various countries who were connected to a SIM-swapping campaign that resulted in the theft of more than $100m in cryptocurrencies via the cellphone accounts of high-profile people. The Hacker News: https://thehackernews.com/2021/02/10-sim-swappers-arrested-for-stealing.html

 

Tokyo Gas

This game developer (and utility company) announced that hackers had exposed 10,000 email addresses of customers of an online anime dating game. The Daily Swig:https://portswigger.net/daily-swig/tokyo-gas-discloses-data-breach-impacting-anime-style-dating-simulation-game

 

No Support Linux Hosting

This British web-hosting company announced that it was shutting down, after a hacker breached internal systems and compromised its entire operation. ZDNet: https://www.zdnet.com/article/web-hosting-provider-shuts-down-after-cyber-attack/

 

Telegram

This messaging app fixed a bug in its macOS app that enabled it to access self-destructing audio and video messages after they disappear from chats. The Hacker News: https://thehackernews.com/2021/02/secret-chat-in-telegram-left-self.html

 

Singtel

A Singapore telco is investigating a cybersecurity breach that compromised customer data. The attack compromised a file-sharing system developed by Accellion, a third-party vendor. ZDNet: https://www.zdnet.com/article/singtel-hit-by-third-party-vendors-security-breach-customer-data-may-be-leaked/

 

Syracuse University

Syracuse recently informed about 9,800 students and alumni of a security breach that exposed their names and social-security numbers. Campus Life Security:https://campuslifesecurity.com/articles/2021/02/11/data-breach-at-syracuse-university-leaves-almost.aspx

 

QIMR Berghofer Medical Research Institute

This Australian research institute is investigating a data breach, after its Accellion file-sharing system was compromised. Accellion announced that it experienced a cyberattack on Christmas Day 2020. Port Swigger: https://portswigger.net/daily-swig/australian-research-institute-confirms-likely-data-breach-after-third-party-accellion-hack

 

Big Huge Games

Big Huge Games informed players that it experienced a cyberattack that impacted company data. An investigation is ongoing. Business Wire: https://www.businesswire.com/news/home/20210212005123/en/Big-Huge-Games-Reports-a-Data-Security-Incident

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.