Weekly Breach Report – Jun 29th

Jun 29, 2020By Shaina Raskin


A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Chrome browser extensions

Google removed 106 extensions from the Chrome Web Store that illegally collected sensitive user data. The Hacker News: https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html 



The Indonesian government denies claims that COVID-19 tests leaked online, but it is nonetheless investigating the alleged hack. Straits Times: https://www.straitstimes.com/asia/se-asia/indonesia-probing-alleged-covid-19-test-data-breach


Google analytics

Hackers are exploiting Google Analytics to steal credit-card information from hacked e-commerce sites. The Hacker News: https://thehackernews.com/2020/06/google-analytics-hacking.html 


Docker Hub

Hackers are distributing cryptominers using Docker containers and leveraging the Docker Hub repository to distribute the images. The Hacker News:https://thehackernews.com/2020/06/cryptocurrency-docker-image.html 



GeoVision patched critical vulnerabilities in its video surveillance systems and IP cameras. The Hacker News: https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html


Cryptocurrency exchanges

The Eastern European CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges. ZDNet: 



Julian Assange

WikiLeaks’ Julian Assange has been charged with recruiting and conspiring with hackers. CNet:



Fake COVID-19 contract tracing

Hackers target Canadians with fake COVID-19 contact-tracing app disguised as official government software. National Post:



Evil Corp

This Russian hacking group has launched ransomware attacks against several US companies, targeting employees working from home due to COVID-19. BBC:



Stalker Online

Hackers put 1.2M user records from the Stalker Online MMO game up for purchase on a forum. Daily Star: https://www.dailystar.co.uk/tech/gaming/stalker-online-data-breach-exposes-22232009



Almost 270 gigabytes of potentially sensitive police files, dubbed BlueLeaks, were posted online last week after a security breach at a Texas web-design and hosting company. Krebs on Security: https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/


Cano Health

A cybersecurity breach at Cano Health, a Florida senior care provider, went unnoticed for two years and exposed patient data. Infosecurity Magazine:https://www.infosecurity-magazine.com/news/2year-data-breach-at-florida/



A data breach at social-media marketing firm Preen.Me exposed the personal data of 100,000 social-media influencers. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/data-breach-social-media/



Twitter notified business customers that their personal information might have been compromised in a security incident. TechNewsWorld: https://www.technewsworld.com/story/86726.html


Aspire News App

Researchers discovered a major breach of victims’ and other personal data from a domestic-violence prevention app built by non-profit When Georgia Smiled. Security Magazine: https://www.securitymagazine.com/articles/92697-domestic-abuse-prevention-app-exposes-victims-in-massive-data-breach

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.