Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Jun 29th

Jun 29, 2020By Shaina Raskin


A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Chrome browser extensions

Google removed 106 extensions from the Chrome Web Store that illegally collected sensitive user data. The Hacker News: 



The Indonesian government denies claims that COVID-19 tests leaked online, but it is nonetheless investigating the alleged hack. Straits Times:


Google analytics

Hackers are exploiting Google Analytics to steal credit-card information from hacked e-commerce sites. The Hacker News: 


Docker Hub

Hackers are distributing cryptominers using Docker containers and leveraging the Docker Hub repository to distribute the images. The Hacker News: 



GeoVision patched critical vulnerabilities in its video surveillance systems and IP cameras. The Hacker News:


Cryptocurrency exchanges

The Eastern European CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges. ZDNet:


Julian Assange

WikiLeaks’ Julian Assange has been charged with recruiting and conspiring with hackers. CNet:


Fake COVID-19 contract tracing

Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software. National Post:


Evil Corp

This Russian hacking group has launched ransomware attacks against several US companies, targeting employees working from home due to COVID-19. BBC:


Stalker Online

Hackers put 1.2M user records from the Stalker Online MMO game up for purchase on a forum. Daily Star:



Almost 270 gigabytes of potentially sensitive police files, dubbed BlueLeaks, were posted online last week after a security breach at a Texas web-design and hosting company. Krebs on Security:


Cano Health

A cybersecurity breach at Cano Health, a Florida senior care provider, went unnoticed for two years and exposed patient data. Infosecurity Magazine:



A data breach at social-media marketing firm Preen.Me exposed the personal data of 100,000 social-media influencers. Infosecurity Magazine:



Twitter notified business customers that their personal information might have been compromised in a security incident. TechNewsWorld:


Aspire News App

Researchers discovered a major breach of victims’ and other personal data from a domestic-violence prevention app built by non-profit When Georgia Smiled. Security Magazine:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.