Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – July 19th 2021

Jul 19, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



Cybersecurity agencies warn users of ForgeRock’s OpenAM access management solution of a vulnerability that can execute arbitrary code on an affected system. The Hacker News:


Iran transport agency

Iran’s transport and urbanization ministry websites went offline after a cyberattack, which also caused train delays and cancellations. The Guardian:



SolarWinds issued patches to mitigate a remote code execution flaw in its Serv-U managed file transfer service. The Hacker News:



The American fashion retailer is notifying customers of a data breach after a ransomware attack that led to data theft. Bleeping Computer:



Microsoft and Citizen Lab discovered Israeli spyware made by Candiru that targets people in Europe based on their political beliefs. The spyware leverages two zero-day vulnerabilities in Windows. Vice:



The hackers that orchestrated the SolarWinds attack also exploited a vulnerability in iOS to steal authentication credentials from Western European governments. Arstechnica:


Team Shirts

An online organization that creates soccer jerseys for amateur clubs experienced a cyberattack where hackers gained access to servers and stored data like addresses and passwords. Herald Scotland:



Hackers launched a ransomware attack on the Swiss price comparison website and stole client data.


EA Games

Hackers released 1.3GB of the data stolen from EA Games in a cyberattack that occurred in June. The data includes references to internal tools and its Origin store. Video Games Chronicle:


Russian Defense Ministry

Foreign hackers targeted the Russian Defense Ministry with a DDoS attack but did not breach the technical infrastructure. The Jerusalem Post:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.