Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – July 26th 2021

Jul 26, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Diicot brute

A hacking group from Romania is behind an active cryptojacking campaign targeting Linux machines with an secure-socket-shell brute-forcer. The Hacker News:https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html

 

Zero-days 

The Chinese government will require any Chinese citizen who finds a zero-day vulnerability to pass the details to the government and not provide it to anyone outside China. Security Week: https://www.securityweek.com/new-law-will-help-chinese-government-stockpile-zero-days

 

Pegasus spyware

Researchers discovered that the hard-to-detect Pegasus spyware made by Israel’s NSO Group is unsurprisingly being used to spy on and potentially endanger activists, dissidents, journalists, lawyers and others worldwide. The Hacker News: https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html

 

HP, Xerox and Samsung printers

Researchers discovered a 16-year-old buffer-overflow vulnerability in a software driver still used by HP, Xerox and Samsung printers. The Hacker News: https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html

 

Campbell Conroy & O’Neil

This US law firm, which counsels numerous large companies worldwide, belatedly disclosed a data breach following a ransomware attack back in February 2021. Bleeping Computer: https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/

 

Aruba.it

This Italian web-hosting company announced a data breach that exposed customer billing and personal data. The Daily Swig: https://portswigger.net/daily-swig/italian-hosting-firm-aruba-it-defends-data-breach-notification-delay

 

Saudi Aramco

Hackers stole a terabyte of proprietary data belonging to Saudi Aramco and put it up for sale on the darknet. Bleeping Computer: https://www.bleepingcomputer.com/news/security/saudi-aramco-data-breach-sees-1-tb-stolen-data-for-sale/

 

Northern Trains, UK

Ticket machines operated by the state-run Northern Trains are out of commission after a suspected ransomware attack. Reuters: https://www.reuters.com/world/uk/uks-northern-rails-self-service-ticket-machines-hit-by-ransomware-cyber-attack-2021-07-19/

 

Rogue NPM package

Researchers discovered that a package from the official NPM repository is a front for a tool that steals saved passwords from Chrome. The Hacker News:https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.html

 

Syrian e-Government Web Portal

An APT group deployed Android malware via the Syrian e-Government Web Portal to compromise targets. The Hacker News: https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.html

 

XCSSET malware

Hackers updated the XCSSET malware, adding more features to a toolset that targets macOS operating systems and exfiltrates sensitive data from Chrome and Telegram. The Hacker News: https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html

 

ClearBalance

ClearBalance, a loan-servicing company, experienced a phishing attack in March, and the hackers accessed highly confidential personal information. Business Wire: https://www.businesswire.com/news/home/20210721005798/en/Federman-Sherwood-Announces-an-Investigation-of-the-ClearBalance-Data-Breach

 

Guntrader.uk

A security breach at Guntrader.uk led to thousands of names and addresses of UK gun owners being published on the dark web. BBC: https://www.bbc.com/news/technology-57932823

 

Department of Economic Opportunity, Florida

Hackers breached Florida’s online unemployment-benefit system and stole data on over 57,000 unemployed individuals. WFLA: https://www.wfla.com/news/florida/over-57000-unemployment-accounts-involved-in-florida-deo-data-breach/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.