Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – July 13th

Jul 13, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Kaseya

The REvil ransomware group targeted US IT company Kaseya with a zero-day vulnerability that deployed ransomware in a supply-chain attack that compromised thousands of businesses. BBC: https://www.bbc.com/news/technology-57719820

 

Android apps

Google removed nine apps that had been downloaded more than 5.8m times after it found that they stole Facebook login credentials. The Hacker News: https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html

 

Microsoft Azure

Microsoft urged Azure users to update PowerShell to protect against a remote code execution vulnerability in .NET Core. The Hacker News: https://thehackernews.com/2021/07/microsoft-urges-azure-users-to-update.html

 

GETTR

Days after its launch, hackers scraped email addresses and other data from more than 90,000 GETTR users. GETTR is a new “social media platform” launched by one of Donald Trump’s former spokesmen. Vice: https://www.vice.com/en/article/dyv44m/hackers-scrape-90000-gettr-user-emails-surprising-no-one

 

Indian government

A cyber-espionage group known as SideCopy is targeting the Indian government and military with spear-phishing attacks to infect them with malware. The Record: https://therecord.media/sidecopy-cyber-espionage-group-targets-indian-government-military/

 

Philips Healthcare

Researchers disclosed multiple security vulnerabilities in the Philips Clinical Collaboration Platform Portal, used by hospitals and others for medical-image management. The flaws would enable hackers to take almost total control of any targeted system. The Hacker News: https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html

 

Marsh McLennan

This global professional-services company experienced a data breach in April that enabled hackers to access Social Security numbers and other personal information of staff and clients. Business Insurance: https://www.businessinsurance.com/article/20210706/NEWS06/912343010/Marsh-McLennan-reveals-April-data-breach

 

NSW Department of Education

Hackers hit Australia’s New South Wales Department of Education with a cyberattack. The Department took several internal systems offline as a precaution. ZDNet: https://www.zdnet.com/article/nsw-department-of-education-struck-by-cyber-attack/

 

Morgan Stanley

Morgan Stanley disclosed that a data breach involving a third-party vendor enabled hackers to steal some of its corporate clients’ data. Reuters: https://www.reuters.com/business/finance/morgan-stanley-says-some-personal-data-stolen-after-data-breach-2021-07-08/

 

Practicefirst

This medical-management company, which processes data, billing, and coding services for healthcare providers, notified 1.2m patients that their data had been stolen from its network. SC Magazine: https://www.scmagazine.com/home/health-care/data-of-1-2m-patients-stolen-prior-to-third-party-vendor-ransomware-attack/

 

Anhalt-Bitterfeld

The German district of Anhalt-Bitterfeld experienced a cyberattack and declared a state of disaster after hackers infiltrated its computer systems. The district said it was “almost completely paralyzed.” DW:https://www.dw.com/en/rural-german-district-declares-disaster-after-cyberattack/a-58227484

 

Mint Mobile

US telecoms company Mint Mobile said it had experienced a data breach that enabled hackers to access customer phone numbers and subscriber data. Apple Insider: https://appleinsider.com/articles/21/07/10/mint-mobile-data-breach-allowed-attacker-to-port-phone-numbers

 

Dotty’s

A company that operates 120 gaming taverns in Nevada announced that it had experienced a cyberattack, and the hackers stole personal information. Casino.org: https://www.casino.org/news/dottys-confirms-data-breach-gaming-company-latest-cyberattack-victim/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.