Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – June 1st

Jun 1, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Unc0ver tool

Hackers released a new version of the unc0ver jailbreaking tool that can unlock all iPhones, including those running the latest iOS 13.5. The Hacker News:

Android OS

Researchers described details of a new and critical vulnerability that impacts the Android operating system. The Hacker News:


A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. ThreatPost:

Hack-for-hire Firms

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spear-phishing email campaigns, Google’s Threat Analysis Group said Wednesday. CyberScoop:

Bank of America

Bank of America notified customers of a data breach impacting Paycheck Protection Program loan applications.

Wichita State University

A data breach impacting current and former students of Wichita State University is now the subject of a federal lawsuit. Government Technology:

Arbonne International

This multi-level marketing company disclosed a data breach that impacted 3,500 California residents. Security Boulevard:

NTT Communications

This Japan-based multinational, one of the world’s largest suppliers of telecoms and IT-services, revealed that attackers had stolen data from internal systems, affecting over 600 customers. Infosecurity:


Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. Bleeping Computer:

Cisco Systems

Cisco said that attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which is used in some Cisco networking products. Threatpost:


The Minneapolis Police Department’s website has shown signs of a cyberattack since late Saturday, days after a video purported to be from the hacktivist group Anonymous promised retribution for the death of George Floyd during an arrest. Bloomberg:

Russian Hackers

A new report from the US National Security Agency reveals that a group of Russian hackers associated with that government’s military-intelligence agency, GRU, has been exploiting a technical vulnerability to hack into American computers. Salon:

Daniel’s Hosting

A hacker has leaked online the database of Daniel’s Hosting, the largest free web-hosting provider for dark-web services. ZDnet:

Home Chef

Hackers leaked Home Chef’s customer records, including emails, names, phone numbers and encrypted passwords. OODA Loop:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.