Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 1st 2021

Mar 1, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Accellion

Several companies in the US, Canada, Netherlands and Singapore had their data stolen after hackers breached US enterprise-firewall company Accellion. Dark Reading: https://www.darkreading.com/attacks-breaches/accellion-data-breach-resulted-in-extortion-attempts-against-multiple-victims/d/d-id/1340226

Sequoia Capital

Sequoia Capital warned investors that sensitive information might have been exposed in a data breach at the firm. Dark Reading: https://www.darkreading.com/attacks-breaches/sequoia-capital-suffers-data-breach–/d/d-id/1340224

Clubhouse

This audio-based social app recently experienced a data breach due to a third-party developer from China, who had designed an app enabling Android users to eavesdrop on the invite-only, iPhone-only service. SiliconAngle: https://siliconangle.com/2021/02/22/clubhouse-suffers-data-breach-third-party-developer-designs-app-android-users/

Beneteau SA

This French boat maker shut down systems and curtailed production following a cyberattack. Business Insurance: https://www.businessinsurance.com/article/20210222/STORY/912339940/Cyber-attack-hampers-French-boat-maker%E2%80%99s-production

Firefox extension

Researchers found a new Chinese hacking campaign that spies on Tibetan communities worldwide by deploying malicious Firefox extensions on target systems. The Hacker News: https://thehackernews.com/2021/02/chinese-hackers-using-firefox-extension.html

Ukrainian System of Electronic Interaction of Executive Bodies 

Russian hackers targeted the SEI EB with a supply-chain attack that distributed malicious documents to officials. The Hacker News: https://thehackernews.com/2021/02/russian-hackers-targeted-ukraine.html

ThreatNeedle

North Korean state-sponsored hackers are attacking the defense industry using so-called “ThreatNeedle” malware. This delivers COVID-themed emails with malicious attachments that, if opened, run a macro to execute payloads on targeted systems. The Hacker News: https://thehackernews.com/2021/02/north-korean-hackers-targeting-defense.html

Bombardier

This Canadian airline manufacturer announced that it had suffered a cyberattack, and that hackers had accessed confidential information belonging to employees, customers and suppliers. BNN: https://www.bnnbloomberg.ca/bombardier-says-confidential-information-was-exposed-in-recent-data-breach-1.1567646

French medical laboratories

Hackers released the confidential medical data of 500,000 French people online. The information came from 30 medical laboratories in northwest France. Connexion: https://www.connexionfrance.com/index.php/French-news/Medical-data-of-500-000-put-online-in-France-cyber-attack

Cobb County School District, Atlanta

Hackers targeted this school district with a cyberattack that made the emergency alert system malfunction and placed 112 schools on lockdown. AJC:https://www.ajc.com/news/atlanta-news/district-says-cyber-attack-prompted-code-red-lockdown-of-cobb-schools/P26MYZAJZZCGFK5CG522SLR2EY/

Oxford University

Oxford University is investigating a cyberattack at one of its COVID-19 research labs. Evening Standard: https://www.standard.co.uk/news/uk/hackers-oxford-university-coronavirus-research-lab-cyber-attack-b921297.html

Covenant HealthCare

A Michigan hospital is alerting 45,000 patients of a data breach that compromised two employee email accounts. ABC12: https://www.abc12.com/2021/02/26/45000-patients-at-covenant-healthcare-potentially-exposed-by-data-breach/

?nova Yönetim

This Turkish actuarial consultancy accidentally exposed 15,000 cases involving people killed or injured in traffic accidents due to a cloud misconfiguration. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/legal-firm-leaks-15000-cases-via/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.