Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – February 1st 2021

Feb 1, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



Researchers disclosed a now-patched security flaw in TikTok that enabled attackers to build a database of app users and their phone numbers. The Hacker News:



One of the world’s largest crane manufacturers confirmed a cyberattack is crippling the company’s IT infrastructure. Hot for Security:


Centre Hospitalier de Wallonie Picarde

A hospital in Belgium is redirecting all incoming patients after a cyberattack took down systems. At least 80 of its 300 servers are infected. TechNadu:


Microsoft Azure

Researchers disclosed an unpatched vulnerability in Microsoft Azure Functions that enables an attacker to escape a Docker container used for hosting them. The Hacker News:


Australian Securities and Investment Commission

The ASIC experienced a cyberattack on a server it uses to transfer files, including credit license applications. It does not appear that the hacker downloaded any forms or attachments. Reuters:



A law firm is investigating a data breach at PupBox, a subsidiary of America’s Petco. The breach exposed the payment-card information of thousands of customers. Infosecurity Magazine:



Hackers stole the personal information of more than 2.28m members of an online dating site called MeetMindful. Threatpost:



An Atlanta-based paper and packaging company said it experienced a ransomware attack that impacted its operational and IT systems. Biz Journals:



Researchers discovered this new family of Android malware, which abuses accessibility services to hijack credentials and record audio and video. The Hacker News:



A vulnerability in SELinux enables hackers to gain file ownership and escalate privileges within a system. CVE:


Hezbollah hacking group

A hacking group with ties to Hezbollah is targeting telecom companies in the US, UK, Egypt, Jordan, Lebanon, Saudia Arabia, Israel and the Palestinian National Authority. The Hacker News:



America’s fourth-largest wireless carrier announced a data breach after an employee accidentally downloaded malware. Security Magazine:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.