Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – July 27th

Jul 27, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Since last month, older Samsung Blu-ray players stopped working because of a rogue XML file downloaded by the network-connected devices from Samsung servers. The Register:

University of York

Britain’s University of York disclosed a data breach that exposed staff and student records. ZDNet:

Prometei botnet

Researchers discovered a new botnet exploiting the Windows SMB protocol to mine for cryptocurrency. ZDNet:

More Chinese hacks

The U.S. charged two Chinese nationals in a coronavirus-vaccine hacking scheme. CNBC:


New information on last week’s Twitter breacher suggests that two hackers who spoke with The New York Times operated a service that resold access to Twitter employees’ accounts. Krebs on Security:


This DNA-analysis site, which is often used by U.S. police, was taken offline after the parent company noticed a permission change caused by a data breach. Tech Crunch:


Rhode Island School of Design announced a data breach at a third-party company that held museum data. GoLocalProv:


Garmin shut down several services because of a ransomware attack that encrypted its internal network and production systems. ZDNet:

Digital-banking app confirmed a hack that exposed the personal information of 7.5m users on a public forum. ZDNet:

New Orleans

The city is apparently only 80% recovered from a cyberattack in December 2019, and its public-contract database is still non-functional. The Lens:


This Toronto-based startup confirmed that it is investigating a data breach after researchers from Cyble found 270m user records for sale. BetaKit:

Free VPN apps

Researchers say they found an unsecured server shared by multiple VPNs containing the personal information of 20m users. The affected apps include UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. Sydney Morning Herald:


Instacart claimed it found no evidence of a data breach after customer data was found on the dark web. This statement follows a Buzzfeed News report that names and partial credit-card numbers belonging to Instacart customers were sold online. USA Today:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.