Weekly Breach Report – Jul 6th

Jul 6, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


E-commerce hackers

Researchers discovered that hackers are hiding malicious code implants in the metadata of image files to steal payment card information. The Hacker News:https://thehackernews.com/2020/06/image-credit-card-skimmers.html



Hackers post “Vote for Trump” messages on the Roblox gaming platform, which has 90m users. Forbes:



University of California San Francisco

UCSF paid a $1m ransom to recover medical-school data from hackers; the school is the third university targeted by cyberattacks in the past two months. The Mercury News:




Old Lenovo devices are being targeted by hackers who are blackmailing victims for $200-$275 to return their data. TechTimes:



Apache Guacamole

Researchers discovered multiple reverse RDP vulnerabilities in Apache Guacamole, a remote-desktop application used by system administrators. The Hacker News:https://thehackernews.com/2020/07/apache-guacamole-hacking.html 



Microsoft released out-of-band software updates to patch two vulnerabilities in Windows 10 and various Windows Server editions. The Hacker News: https://thehackernews.com/2020/07/windows-security-update.html



Researchers discovered a new type of ransomware targeting macOS users that spreads through pirated apps. The Hacker News: https://thehackernews.com/2020/07/macos-ransomware-attack.html


Arizona schools

An analysis of 15 years of school-data breaches identified Arizona as a top target with more than 2.8m private records leaked. Patch:



V Shred

Customer data belonging to fitness company V Shred was exposed online due to misconfigured cloud storage. SiliconAngle: https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/


Knoxville Police Department

This Tennessee police department regained access to its in-car computers two weeks after a ransomware attack shut down IT systems. Knox News: https://www.knoxnews.com/story/news/local/2020/06/30/knoxville-police-regain-computer-system-access-after-ransomware-attack/5350331002/ 


Heartland Farm Mutual

This Waterloo, Canada-based insurance company announced that it had experienced a data breach involving access to an employee’s email. Global News:https://globalnews.ca/news/7124198/heartland-farm-mutual-data-breach/



The personal information of 400,000 UK-based BMW customers is available for sale on an online black market. Tom’s Guide: https://www.tomsguide.com/news/bmw-call-centre-data-breach



A hacker that uploaded ransomware on 23,000 unprotected MongoDB databases gave victims an ultimatum: pay up, or be reported to the European Commission for breaching its General Data Protection Regulation (which applies globally, and could impose hefty fines). SCMagazine:https://www.scmagazine.com/home/security-news/mongodb-hacker-threatens-to-report-breach-to-gdpr/


F5 Networks

F5 Networks, an application-services company, is urging customers to patch a security vulnerability in its BIG-IP networking product immediately. ZDNet: https://www.zdnet.com/article/f5-patches-vulnerability-that-received-a-cvss-10-severity-score/


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.