Weekly Breach Report – February 8th 2021

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Washington State auditor

Thieves stole the personal unemployment-claim data of 1.6m people in America’s Washington State in a hack of the state auditor’s office. Seattle Times: https://www.seattletimes.com/seattle-news/politics/personal-data-of-1-6-million-washington-unemployment-claimants-exposed-in-hack-of-state-auditor/

SonicWall SMA 100

This US internet-security company announced that hackers are actively exploiting a zero-day vulnerability in its Secure Mobile Access 100 series devices. The Hacker News: https://thehackernews.com/2021/02/hackers-exploiting-critical-zero-day.html

NoxPlayer

Researchers discovered a supply-chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, an Android emulator. The Hacker News: https://thehackernews.com/2021/02/a-new-software-supplychain-attack.html

Security patches

A security researcher revealed that software vendors are pushing inadequate or incomplete security patches. Six of the 24 zero-days exploited in 2020 were variants of previously disclosed vulnerabilities, and another three were incompletely patched. The Register: https://www.theregister.com/2021/02/03/enigma_patch_zero/

HPC clusters

A new malware is targeting high-performance computing clusters at universities, government agencies and internet service providers. It enables attackers to execute arbitrary commands on the systems. The Hacker News:https://thehackernews.com/2021/02/a-new-linux-malware-targeting-high.html

Microsoft Defender ATP

Microsoft Defender Advanced Threat Detection labeled Google Chrome’s browser update as a backdoor trojan. System admins are waiting for Microsoft’s statement to confirm that this is a false positive and not an actual threat. ZDNet: https://www.zdnet.com/article/microsoft-defender-atp-is-detecting-yesterdays-chrome-update-as-a-backdoor/

Stormshield

This French cybersecurity company announced that it had suffered a security breach. The hackers stole sensitive data and source code. Graham Cluley:https://grahamcluley.com/cybersecurity-firm-stormshield-hacked-data-including-source-code-stolen/

Chrome

Google patched a zero-day vulnerability in Chrome that hackers are exploiting in the wild. The vulnerability is a heap buffer overflow in the V8 JavaScript rendering engine. The Hacker News: https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html

SolarWinds

SolarWinds pushed out fixes for three severe vulnerabilities unrelated to the original SolarWinds backdoor. Ars Technica: https://arstechnica.com/information-technology/2021/02/solarwinds-patches-vulnerabilities-that-could-allow-full-system-control/

Ransomware

The UK’s National Cyber Security Centre revealed that an unnamed company had paid £6.5m ($8.9m) to restore its network and retrieve its files following a ransomware attack. The hackers then returned, infected its systems again, and extracted a second ransom. ZDNet: https://www.zdnet.com/google-amp/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/

Serco

This British outsourcing company confirmed that a double extortion ransomware attack hit parts of its infrastructure in Europe. Computer Weekly: https://www.computerweekly.com/news/252495684/Serco-confirms-Babuk-ransomware-attack

Leon Medical Centers and Nocona General Hospital

Hackers published patient information from two US hospital chains after attempting to extort ransom for the data. NBC: https://www.nbcnews.com/tech/security/hackers-post-detailed-patient-medical-records-two-hospitals-dark-web-n1256887

British Mensa

The British branch of Mensa, a society for “high-IQ” people, reported that it had experienced a cyberattack. Computing: https://www.computing.co.uk/news/4026515/british-mensa-falls-victim-cyber-attack

Nissan North America

Nissan North America suffered a data leak in which source code for its mobile apps and several internal tools appeared on the internet due to a misconfigured Git server. Industry Week: https://www.industryweek.com/technology-and-iiot/article/21151660/data-leak-hits-nissan-north-america

EscortReviews.com

A data breach on EscortReviews.com exposed personal information belonging to 427,000 site members, including sex workers and their customers. Tom’s Guide: https://www.tomsguide.com/news/escort-reviews-data-breach

Foxtons Group

A data breach at Britain’s Foxtons forced the real-estate agency to shut down its customer portal. Though the company claimed no sensitive data was compromised, a recent investigation found more than 16,000 credit-card details and other information uploaded on the dark web. Tess: https://www.teiss.co.uk/foxtons-group-data-breach/

Oxfam Australia

Oxfam Australia is investigating a data breach after a hacker claimed to be selling a database on a hacking forum. Bleeping Computer: https://www.bleepingcomputer.com/news/security/oxfam-australia-investigates-data-breach-after-database-sold-online/

The Woodland Trust

This British conservation charity disclosed that it is investigating a cyberattack from last December. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/cyber-attack-on-woodland-trust/

Like the report? Sign up below and get it in your inbox.