Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Jan 3rd 2022

Jan 3, 2022By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


The biggest data breaches of 2021

Researchers reported an increase of 17% in the number of recorded breaches during 2021 compared to the previous year. ZDNet:


Garrett Metal Detectors

Researchers discovered several security flaws in Garrett Metal Detectors’ networking component that enables a remote hacker to bypass authentication requirements. The Hacker News:


The British Council

The British Council experienced two successful ransomware attacks over the past five years, leading to 12 days of downtime. There were also six unsuccessful attacks in the same period. Security Brief:


Superior Plus

A natural gas supplier discovered a ransomware attack that disrupted its computer systems. CPO Magazine:



Photography company Shutterfly experienced a Conti ransomware attack that encrypted thousands of devices and stole corporate data. Bleeping Computer:


Spiderman Pirated Downloads

Researchers discovered crypto mining malware in pirated versions of Spiderman: No Way Home. The Hacker News:



A hacker may have illegally reassigned some T-Mobile customers’ SIM cards. This is the second data breach that T-Mobile experienced in the last six months. PhoneArena:



LastPass launched an investigation after a surge in blocked login attempts. The company announced no evidence that users’ accounts were compromised. The Daily Swig:



Hackers attacked the Iceland Public Bus Network’s web servers. Iceland Review:


Rhode Island Public Transit Authority (RIPTA)

The Rhode Island Attorney General opened an investigation into a data breach at the RIPTA. ZDNet:



An investigating team discovered that Sega left personal data and sensitive files in a publicly accessible AWS S3 bucket. MSN:


Gloucestershire Council

Gloucester City Council is trying to fix several online services, including its website, after a cyberattack. BBC:



PulseTV disclosed a breach of customer credit cards that impacted over 200,000 shoppers. Bleeping Computer:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.