Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 15th 2021

Mar 15, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Microsoft Exchange

The White House is warning organizations that they have “hours, not days” to fix Microsoft Exchange’s vulnerabilities. CNN: https://www.cnn.com/2021/03/12/politics/microsoft-solarwinds-biden-administration/index.html

 

University of the Highlands and Islands

IT engineers are working to isolate and minimize the extent of a cyberattack’s damage that disrupted 13 colleges and research institutions. BBC: https://www.bbc.com/news/uk-scotland-highlands-islands-56320852

 

Benefit Recovery Specialists

A Texas Medicaid contractor ended its relationship with its billing and collection provider following a cyberattack that exposed the personal information of 275,000 patients. Beckers Hospital Review: https://www.beckershospitalreview.com/cybersecurity/texas-medicaid-subcontractor-dumped-after-data-breach.html

 

SolarWinds

Researchers discovered a new SolarWinds malware strain on servers backdoored in the SolarWinds hack. The strain is known as SUNSHUTTLE and is written in Go. The Register: https://www.theregister.com/2021/03/08/in_brief_security/

 

BADHATCH malware

The FIN8 hacking group is back after a year and a half break with a new backdoor tool that steals payment card data from PoS systems. The Hacker News:https://thehackernews.com/2021/03/fin8-hackers-return-with-more-powerful.html

 

Verkada

A security startup that provides cloud-based security camera services suffered a major security breach. Hackers accessed over 150,000 cameras, including those in Tesla factories, Cloudflare offices, Equinox gyms, and more. The Verge: https://www.theverge.com/2021/3/9/22322122/verkada-hack-150000-security-cameras-tesla-factory-cloudflare-jails-hospitals

 

F5

F5 published an advisory warning for four critical vulnerabilities that impact multiple products and could result in remote code execution on target networks. The Hacker News: https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

 

OVHCloud

A fire destroyed an OVHCloud datacenter and damaged other server buildings. OVHCloud is the largest European cloud provider, and government hackers and sophisticated criminal groups used several of the destroyed servers. Vice: https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure

 

Molson Coors

Brewing company Molson Coors disclosed that it experienced a cyberattack that disrupted operations and beer production. ZDNet: https://www.zdnet.com/article/molson-coors-discloses-cyberattack-disrupting-its-brewery-operations/

 

WordPress

Hackers used a zero-day security vulnerability in the Plus Addons for Elementor plugin to remotely take over a website. Threatpost: https://threatpost.com/cyberattackers-exploiting-critical-wordpress-plugin-bug/164663/

 

2gether

In July 2020, a collaborative crypto-trading platform experienced a cyberattack where hackers stole 114 BTC and 281 ETH worth 1.18m Euros. 2gether announced that it is compensating users to give back the cryptocurrency stolen from their accounts. HackerNoon: https://hackernoon.com/2gether-compensates-for-its-crypto-cyber-attack-losses-98n33qa

 

Norwegian Parliament

The Norwegian Parliament announced a cyberattack hit IT systems six months after the previous one was publicized. Reuters: https://www.reuters.com/article/norway-cyber-idUSO9N2C801E

 

Saint Alphonsus Health System

An Idaho-based health system began notifying patients of an email hacking incident that exposed their personal information. Some letters mailed to victims mistakenly said they were dead. Beckers Hospital Review:https://www.beckershospitalreview.com/cybersecurity/idaho-health-system-data-breach-letters-mistakenly-tell-some-patients-they-are-dead.html

 

Nim

Researchers discovered a new malware written in Nim, a relatively unknown programming language. The Hacker News: https://thehackernews.com/2021/03/researchers-spotted-malware-written-in.html

 

Fastway Couriers

Fastway Couriers confirmed that one of its IT systems experienced a cyberattack in February. The compromise impacted The personal information of over 446,000 package deliveries in Ireland. SiliconRepublic: https://www.siliconrepublic.com/enterprise/data-breach-fastway-couriers

 

ZHtrap botnet

A new botnet is infecting routers, DVRs, and UPnP network devices and turning them into honeypots to help find other targets. Bleeping Computer:https://www.bleepingcomputer.com/news/security/new-zhtrap-botnet-malware-deploys-honeypots-to-find-more-targets/amp/

 

Linux kernel

Researchers discovered three vulnerabilities in the Linux kernel that have been in the code since 2006. SCMagazine: https://www.scmagazine.com/home/security-news/vulnerabilities/three-flaws-that-sat-in-linux-kernel-since-2006-could-deliver-root-privileges-to-attackers/

 

Ticketcounter

A Dutch e-ticketing platform experienced a data breach after a hacker stole a database of 1.9m email addresses from an unsecured staging server. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/unsecured-server-triggers-ticketcounter-data-breach/article/586447

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.