Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – June 7th 2021

Jun 7, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Fancy Product Designer plugin

Hackers are exploiting a zero-day vulnerability in the Fancy Product Designer WordPress plugin to upload malware to websites. Bleeping Computer:https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-zero-day-under-active-exploitation/amp/

 

Cryptocurrency hacking contest

A Russian-language forum is running a contest for cryptocurrency attacks with $115,000 in prize money awarded to the best research. The Hacker News:https://thehackernews.com/2021/06/cybercriminals-hold-115000-prize.html

 

New York MTA

The New York transit agency experienced a cyberattack by hackers with ties to China. The New York Times: https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html

 

Tegut

Hackers targeted this German supermarket chain with a cyberattack, and the company shut down its entire central IT network and disconnected from the internet. The attack caused gaps in its supply chain and other services for several weeks. Security Boulevard: https://securityboulevard.com/2021/06/data-breach-at-german-supermarket-chain-tegut/

 

Anchorage Police Department

Since 2019 a bug in the Anchorage Police Department records system has accidentally published 11,400 people’s birth dates and driver’s license numbers. Alaska Public: https://www.alaskapublic.org/2021/06/02/more-than-11000-peoples-personal-information-released-in-apd-data-leak/

 

Realtek WiFi module

Researchers disclosed a new set of vulnerabilities in this WiFi module that enable a hacker to gain elevated privileges and hijack wireless communications. The Hacker News: https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

 

Poisoned update installer

Researchers discovered a new malware artifact that hackers can use in future supply-chain attacks like SolarWinds. Security Week: https://www.securityweek.com/poisoned-installers-found-solarwinds-hackers-toolkit

 

CODESYS

Researchers disclosed ten critical vulnerabilities impacting CODESYS control-system automation software that, if exploited, could enable remote code execution. The Hacker News: https://thehackernews.com/2021/06/10-critical-flaws-found-in-codesys.html

 

Tokyo Games

The organizing committee running the Olympic games experienced a data breach after a cyberattack exploited a third-party Fujitsu application. The Japan Times: https://www.japantimes.co.jp/news/2021/06/04/national/tokyo-olympics-data-breach/

 

Capcom

An artist filed a lawsuit against Capcom, a Japanese video-game publisher, following a data breach that showed the company allegedly using dozens of unlicensed images in its Resident Evil 4 and Devil May Cry games. Video Games Chronicles: https://www.videogameschronicle.com/news/capcom-faces-a-12m-lawsuit-after-data-leak-allegedly-shows-it-stole-photos-for-resident-evil/

 

Apache Pizza

This Irish pizza chain emailed customers that their personal information may have been compromised in a data breach. Cork Safety Alerts: https://corksafetyalerts.com/news/irish-pizza-chain-suffer-data-breach/

 

Battle for the Galaxy

Researchers discovered an unprotected ElasticSearch server with 5.9m profiles belonging to a Chinese-based mobile-game developer. The data included profile information, payment history, and feedback messages. Illinois News Today: https://illinoisnewstoday.com/6m-battle-for-the-galaxy-player-data-leaked-via-unprotected-cloud-server/235420/

 

Asuza Police Department

Officials at this Californian city acknowledged a second ransomware attack that they hid from the public for the past two years. The department paid $65,000 in ransom to regain control of ten servers. San Gabriel Valley Tribune: https://www.sgvtribune.com/2021/06/06/azusa-officials-hid-2018-cyber-attack-used-insurance-to-pay-65k-ransom-to-hackers/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.