Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – January 18th 2021

Jan 18, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


SolarWinds (1)

Researchers found a connection between the Sunburst backdoor used in the SolarWinds hack and Kazuar malware, a .NET-based malware first documented in 2017. The Hacker News:


Reserve Bank of New Zealand 

New Zealand’s central bank is responding to a security breach in one of its systems. A hacker accessed a third-party file-sharing service used by the bank to store sensitive information.


JP Morgan Chase

US courts sentenced a Russian hacker to 12 years in prison for his role in the 2012-15 JP Morgan Chase cyberattack, one of the largest data thefts from a single financial institution. The Hacker News:


Online banking

Researchers discovered a fraud campaign in which hackers use a mobile emulator to create a virtual clone of a victim’s smartphone to break into their bank accounts. Tech Radar:



This vendor of cloud-enabled IoT devices is urging customers to change their passwords and enable multi-factor authentication. The company said that a third-party cloud provider might have exposed customer account information. Krebs on Security:


SolarWinds (2)

CrowdStrike identified a third malware strain, Sunspot, involved in the SolarWinds supply chain attack. Sunspot was installed on the SolarWinds build server to watch for build commands that assembled Orion software. ZDNet:


Solarwinds (3)

SolarWinds hackers breached email-security provider Mimecast and obtained a digital certificate to access its customers’ Microsoft Office services. The hackers appear to have gained access to Mimecast without the SolarWinds software. The Wall Street Journal:



Europol shut down the world’s largest online marketplace for illicit goods. DarkMarket has 500,000 users and more than 2,400 vendors. The Hacker News:


Watering hole attacks

Google Project Zero researchers discovered two malicious servers targeting Windows and Android users that used remote-code-execution vulnerabilities on affected devices. TechRepublic:


Microsoft Defender

Hackers are exploiting a remote code execution vulnerability in Microsoft Defender in the wild. Microsoft:


Amazon Ring Neighbors app

A security flaw in Ring’s Neighbors neighborhood-watch app exposed the precise locations and home addresses of users who posted in the app. Tech Crunch:


United States Capitol

The cybersecurity consequences from the US Capitol attack will take months to sort out after at least one laptop was stolen. ZDNet:


United Nations Environmental Programme (UNEP)

Researchers disclosed a vulnerability that would enable access to over 100,000 employee records at UNEP. Security Magazine:



A bug in the currently disabled social-media platform, frequently used by far-right extremists and US domestic terrorists, enabled hackers to download almost all of the site’s public contents and create millions of accounts with administrator privileges. Wired:



Hackers stole the personal and public details of more than 214m users of social-media platforms stored in a misconfigured database by this Chinese data-management company. Digital Information World:



For the last five years, hackers distributed macOS malware disguised as pirated games and software that hijacks hardware resources to mine cryptocurrency. ZDNet:


Windows 10

An unpatched zero-day bug in Windows 10 enables attackers to corrupt an NTFS-formatted hard drive with one command. Bleeping Computer:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.