Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – February 1st 2021

Feb 1, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

TikTok

Researchers disclosed a now-patched security flaw in TikTok that enabled attackers to build a database of app users and their phone numbers. The Hacker News: https://thehackernews.com/2021/01/tiktok-bug-could-have-exposed-users.html

 

Palfinger 

One of the world’s largest crane manufacturers confirmed a cyberattack is crippling the company’s IT infrastructure. Hot for Security: https://hotforsecurity.bitdefender.com/blog/worlds-largest-crane-maker-suffers-global-cyber-attack-operations-at-a-halt-25184.html

 

Centre Hospitalier de Wallonie Picarde

A hospital in Belgium is redirecting all incoming patients after a cyberattack took down systems. At least 80 of its 300 servers are infected. TechNadu: https://www.technadu.com/hospital-in-belgium-forced-to-redirect-patients-due-to-cyberattack/242982/

 

Microsoft Azure

Researchers disclosed an unpatched vulnerability in Microsoft Azure Functions that enables an attacker to escape a Docker container used for hosting them. The Hacker News: https://thehackernews.com/2021/01/new-docker-container-escape-bug-affects.html

 

Australian Securities and Investment Commission

The ASIC experienced a cyberattack on a server it uses to transfer files, including credit license applications. It does not appear that the hacker downloaded any forms or attachments. Reuters: https://www.reuters.com/article/us-australia-cyber-asic/australias-securities-regulator-says-server-hit-by-cyber-security-breach-idUSKBN29U0S7

 

PupBox

A law firm is investigating a data breach at PupBox, a subsidiary of America’s Petco. The breach exposed the payment-card information of thousands of customers. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/law-firm-investigating-pupbox-data/

 

MeetMindful

Hackers stole the personal information of more than 2.28m members of an online dating site called MeetMindful. Threatpost: https://threatpost.com/meetmindful-daters-compromised-data-breach/163313/

 

WestRock

An Atlanta-based paper and packaging company said it experienced a ransomware attack that impacted its operational and IT systems. Biz Journals:https://www.bizjournals.com/atlanta/news/2021/01/25/westrock-company-faces-ransomware-attack.html

 

Oscorp

Researchers discovered this new family of Android malware, which abuses accessibility services to hijack credentials and record audio and video. The Hacker News: https://thehackernews.com/2021/01/italy-cert-warns-of-new-credential.html

 

SELinux

A vulnerability in SELinux enables hackers to gain file ownership and escalate privileges within a system. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23240

 

Hezbollah hacking group

A hacking group with ties to Hezbollah is targeting telecom companies in the US, UK, Egypt, Jordan, Lebanon, Saudia Arabia, Israel and the Palestinian National Authority. The Hacker News: https://thehackernews.com/2021/01/hezbollah-hacker-group-targeted.html

 

USCellular

America’s fourth-largest wireless carrier announced a data breach after an employee accidentally downloaded malware. Security Magazine: https://www.securitymagazine.com/articles/94476-uscellular-suffers-data-breach-hackers-accessed-its-crm-software

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.