Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Jul 6th

Jul 6, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


E-commerce hackers

Researchers discovered that hackers are hiding malicious code implants in the metadata of image files to steal payment card information. The Hacker News:



Hackers post “Vote for Trump” messages on the Roblox gaming platform, which has 90m users. Forbes:


University of California San Francisco

UCSF paid a $1m ransom to recover medical-school data from hackers; the school is the third university targeted by cyberattacks in the past two months. The Mercury News:



Old Lenovo devices are being targeted by hackers who are blackmailing victims for $200-$275 to return their data. TechTimes:


Apache Guacamole

Researchers discovered multiple reverse RDP vulnerabilities in Apache Guacamole, a remote-desktop application used by system administrators. The Hacker News: 



Microsoft released out-of-band software updates to patch two vulnerabilities in Windows 10 and various Windows Server editions. The Hacker News:



Researchers discovered a new type of ransomware targeting macOS users that spreads through pirated apps. The Hacker News:


Arizona schools

An analysis of 15 years of school-data breaches identified Arizona as a top target with more than 2.8m private records leaked. Patch:


V Shred

Customer data belonging to fitness company V Shred was exposed online due to misconfigured cloud storage. SiliconAngle:


Knoxville Police Department

This Tennessee police department regained access to its in-car computers two weeks after a ransomware attack shut down IT systems. Knox News: 


Heartland Farm Mutual

This Waterloo, Canada-based insurance company announced that it had experienced a data breach involving access to an employee’s email. Global News:



The personal information of 400,000 UK-based BMW customers is available for sale on an online black market. Tom’s Guide:



A hacker that uploaded ransomware on 23,000 unprotected MongoDB databases gave victims an ultimatum: pay up, or be reported to the European Commission for breaching its General Data Protection Regulation (which applies globally, and could impose hefty fines). SCMagazine:


F5 Networks

F5 Networks, an application-services company, is urging customers to patch a security vulnerability in its BIG-IP networking product immediately. ZDNet:


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.