Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – June 29th 2021

Jun 29, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Microsoft

Microsoft confirmed distributing a signed malicious driver within gaming environments. The driver was a rootkit communicating with Chinese command-and-control IPs. Bleeping Computer: https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/?fbclid=IwAR3IebfS6N1uqgV6sKbbAZyWvXRZSNtY6UhF77FvAfTHJXIJ9mEqFarVj4Q

 

Cosmolog Kozmetik

A leaky Amazon S3 bucket exposed the personal information of thousands of retail customers of a popular Turkis beauty products company. Infosecurity:https://www.infosecurity-magazine.com/news/aws-misconfiguration-exposes/

 

Korea Atomic Energy Research Institute (KAERI)

North Korean hackers used a vulnerability in a VPN to infiltrate South Korea’s state-run KAERI. The think tank blocked the attacker’s IP address and applied security patches to the vulnerable VPN. The Hacker News:https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html

 

DarkRadiation ransomware

Researchers discovered a new ransomware strain implemented in Bash that targets Linux and Docker cloud containers while using Telegram for command-and-control communications. The Hacker News: https://thehackernews.com/2021/06/wormable-darkradiation-ransomware.html

 

NVIDIA

Graphics chip company NVIDIA released software updates to patch 26 vulnerabilities in its Jetson system-on-module series to enable an attacker to escalate privileges. The Hacker News: https://thehackernews.com/2021/06/nvidia-jetson-chipsets-found-vulnerable.html

 

San Francisco Bay Area water facility

NBC reported that an unidentified hacker used a former plant employee’s account to gain entry to a Bay Area water treatment facility. Industry Week:https://www.industryweek.com/technology-and-iiot/article/21167530/bay-area-water-system-apparent-cyber-victim

 

Wegmans

A supermarket chain experienced a data breach due to two misconfigured cloud storage databases. The CyberWire: https://thecyberwire.com/newsletters/privacy-briefing/3/117

 

Reproductive Biology Associates

A Georgia fertility clinic disclosed a data breach due to a ransomware attack where hackers stole files containing sensitive patient information. Bleeping Computer: https://www.bleepingcomputer.com/news/security/fertility-clinic-discloses-data-breach-exposing-patient-info/

 

WorkForce West Virginia

West Virginia’s unemployment agency announced that it experienced a security breach and took its systems offline. WTRF: https://www.wtrf.com/news/west-virginia-headlines/west-virginia-workforce-hit-by-data-breach/

 

Mercedes-Benz USA

Mercedes-Benz USA announced that sensitive personal information of almost 1,000 customers and interested buyers were accessible on a cloud storage platform. Reuters: https://www.reuters.com/technology/mercedes-us-data-breach-affects-nearly-1000-customers-2021-06-24/

 

Western Digital

Hard drive company Western Digital urges users of MyBook network storage drives to disconnect them from the internet because of a critical flaw that can be triggered to wipe the drives remotely. Krebs on Security:https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/

 

BootHole

Nine months after researchers first published their findings on the BootHole vulnerability, there is renewed interest in GRUB2 and boot security. Eclypsium:https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/

 

Microsoft

Microsoft announced that an attacker accessed one of its customer-service agents and used the information to launch hacking attempts on customers. Microsoft discovered the compromise while investigating the SolarWinds breach. Reuters: https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/

 

Zyxel

A Taiwanese networking company is warning customers of ongoing attacks targeting its firewall and VPN servers. The Hacker News: https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.