Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Jan. 10th 2022

Jan 10, 2022By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

UK MOD Defence Academy

A cyberattack on the UK MOD Defence Academy prompted the organization to accelerate plans to rebuild their entire network to make it more resilient. Sky News: https://news.sky.com/story/cyber-attack-on-uks-defence-academy-had-significant-impact-officer-in-charge-at-the-time-reveals-12507570

Ravkoo

An internet-based pharmacy service disclosed a data breach that impacted the organization’s AWS-hosted cloud prescription portal. Bleeping Computer: https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/

 

Broward Health

A Florida-based hospital system announced that it suffered a data breach that exposed patients and staff’s personal and medical information. The Hill: https://thehill.com/homenews/state-watch/587931-florida-hospital-system-suffers-data-breach-including-medical

Tourisme Montreal

Montreal’s tourism agency announced that it experienced a cyberattack by the Karakurt hacking group. ITWorld Canada: https://www.itworldcanada.com/article/montreal-tourism-agency-confirms-cyber-attack/469873

DatPiff

A data breach at a popular mixtape hosting service DatPiff exposed the passwords of 7.5m members. Users can check if they are part of the data breach through Have I Been Pwned. Bleeping Computer: https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-datpiff-data-breach-impacting-millions/

OG department store

A data breach at a Singapore-based OG department store exposed customers’ personal data of people in the basic and gold tiers. The Straits Times: https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leaked

UScellular

The fourth-largest wireless carrier in the US disclosed a data breach that impacted the company’s billing system. Bleeping Computer: https://www.bleepingcomputer.com/news/security/uscellular-discloses-data-breach-after-billing-system-hack/

FlexBooker

Hackers stole more than 3m user accounts of FlexBooker, an appointment scheduling service. Bleeping Computer: https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/

Albuquerque Bernalillo County 

Government offices from New Mexico’s most populous county experienced a ransomware attack that closed public offices. Security Magazine: https://www.securitymagazine.com/articles/96847-albuquerque-impacted-by-ransomware-attack

Amedia

A Norwegian media company experienced a cyberattack that shut down its computer systems and prevented the company from printing newspapers. CPO Magazine: https://www.cpomagazine.com/cyber-security/norwegian-media-company-amedia-suffered-a-serious-cyber-attack-that-left-newspapers-unprinted/

Fertility Centers of Illinois

A Chicago-based fertility center reported a cyberattack that impacted the health information of 80,000 individuals. Gov Info Security: https://www.govinfosecurity.com/fertility-clinic-hacking-incident-affected-nearly-80000-a-18269

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.