Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 22nd 2021

Mar 22, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Sky Global

The US Department of Justice indicted the CEO of encrypted-messaging company Sky Global for participating in a criminal enterprise to help drug traffickers evade law enforcement. The Hacker News: https://thehackernews.com/2021/03/ceo-of-encrypted-chat-platform-indicted.html

 

Premier Diagnostics

Security researchers discovered exposed S3 buckets belonging to Premier Diagnostics, a US COVID-19 testing firm, that contained the personal information of 52,000 patients. Security Boulevard: https://securityboulevard.com/2021/03/another-s3-bucket-leads-to-breach-of-50k-patient-records/

 

Mimecast

This email-security company announced that SolarWinds hackers broke into its internal network and downloaded source code from several repositories. The Hacker News: https://thehackernews.com/2021/03/mimecast-finds-solarwinds-hackers-stole.html

 

WordPress

Researchers disclosed vulnerabilities in Elementor and WP Super Cache plugins for WordPress that enable an attacker to run arbitrary code and take over a website. The Hacker News: https://thehackernews.com/2021/03/flaws-in-two-popular-wordpress-plugins.html

 

Windows, iOS, Android

A team of hackers exploited 11 zero-day vulnerabilities that used compromised websites to infect patched devices running Windows, iOS, and Android. Ars Technica: https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/

 

Xcode

Researchers disclosed a new attack where hackers use Xcode, Apple’s integrated development environment, as an attack vector to compromise Apple platform developers. The Hacker News: https://thehackernews.com/2021/03/hackers-infecting-apple-app-developers.html

 

Eastern Health, Melbourne

After experiencing a cyberattack, Eastern Health postponed elective surgeries and took its IT systems offline. IT News: https://www.itnews.com.au/news/melbournes-eastern-health-hit-by-suspected-cyber-attack-562325

 

Acer

Hackers hit Taiwanese electronics and computer maker Acer with REvil ransomware, and are demanding $50 million in ransom. Bleeping Computer: https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

 

Spectre variant

Google released a proof-of-concept exploit that leverages the Spectre attack against Chrome browsers to leak data from websites. Threatpost: https://threatpost.com/google-spectre-poc-exploit-chrome/164787/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.