Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Jan 3rd 2022

Jan 3, 2022By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

The biggest data breaches of 2021

Researchers reported an increase of 17% in the number of recorded breaches during 2021 compared to the previous year. ZDNet: https://www.zdnet.com/article/the-biggest-data-breaches-of-2021/

 

Garrett Metal Detectors

Researchers discovered several security flaws in Garrett Metal Detectors’ networking component that enables a remote hacker to bypass authentication requirements. The Hacker News: https://thehackernews.com/2021/12/garrett-walk-through-metal-detectors.html

 

The British Council

The British Council experienced two successful ransomware attacks over the past five years, leading to 12 days of downtime. There were also six unsuccessful attacks in the same period. Security Brief: https://securitybrief.com.au/story/the-british-council-falls-victim-to-two-successful-ransomware-attacks

 

Superior Plus

A natural gas supplier discovered a ransomware attack that disrupted its computer systems. CPO Magazine: https://www.cpomagazine.com/cyber-security/natural-gas-supplier-superior-plus-suffers-a-ransomware-attack-similar-to-colonial-pipelines/

 

Shutterfly

Photography company Shutterfly experienced a Conti ransomware attack that encrypted thousands of devices and stole corporate data. Bleeping Computer:https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/

 

Spiderman Pirated Downloads

Researchers discovered crypto mining malware in pirated versions of Spiderman: No Way Home. The Hacker News: https://thehackernews.com/2021/12/spider-man-no-way-home-pirated.html

 

T-Mobile

A hacker may have illegally reassigned some T-Mobile customers’ SIM cards. This is the second data breach that T-Mobile experienced in the last six months. PhoneArena: https://www.phonearena.com/news/t-mobile-christmas-data-breach-leaked-documents_id137443

 

LastPass

LastPass launched an investigation after a surge in blocked login attempts. The company announced no evidence that users’ accounts were compromised. The Daily Swig: https://portswigger.net/daily-swig/lastpass-quells-cyber-attack-fears-blames-email-notification-surge-on-glitch

 

Straeto

Hackers attacked the Iceland Public Bus Network’s web servers. Iceland Review: https://www.icelandreview.com/news/straeto-was-hit-by-cyber-attack/

 

Rhode Island Public Transit Authority (RIPTA)

The Rhode Island Attorney General opened an investigation into a data breach at the RIPTA. ZDNet: https://www.zdnet.com/article/rhode-island-attorney-general-opening-investigation-into-transit-authority-after-data-breach/

 

Sega

An investigating team discovered that Sega left personal data and sensitive files in a publicly accessible AWS S3 bucket. MSN: https://www.msn.com/en-us/sports/esports/sega-narrowly-avoids-huge-data-breach/ar-AAShu1I?li=BB15ms5q

 

Gloucestershire Council

Gloucester City Council is trying to fix several online services, including its website, after a cyberattack. BBC: https://www.bbc.com/news/uk-england-gloucestershire-59831468

 

PulseTV

PulseTV disclosed a breach of customer credit cards that impacted over 200,000 shoppers. Bleeping Computer: https://www.bleepingcomputer.com/news/security/pulsetv-discloses-potential-compromise-of-200-000-credit-cards/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.