Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 29th

Mar 29, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

GE universal relays

America’s Cybersecurity and Infrastructure Security Agency warned of security issues in GE’s universal relay power-management devices. The Hacker News:https://thehackernews.com/2021/03/critical-flaws-affecting-ges-universal.html

Apache OFBiz

Apache Software Foundation released a patch to address a high-severity flaw in Apache OFBiz ERP software that would enable hackers to seize control of it remotely. The Hacker News: https://thehackernews.com/2021/03/critical-rce-vulnerability-found-in.html

F5

Ten days after F5, a US application-services provider, released patches for critical vulnerabilities in its products, hackers are scanning and targeting unpatched systems. The Hacker News: https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

Roll

This “social currency” platform, which enables individuals to distribute their own social tokens, disclosed that a hacker had stolen $5.7m from its hot wallet. Roll still does not know how the hacker broke in or stole its private keys. TechCrunch: https://techcrunch.com/2021/03/23/roll-still-doesnt-know-how-its-hot-wallet-was-hacked/

Facebook

Facebook discovered a network of China-based hackers using fake Facebook accounts to target the Uyghur community worldwide. TechCrunch: https://techcrunch.com/2021/03/24/facebook-earth-empusa-evil-eye-china-uyghur/

Black Kingdom ransomware

There are still almost 30,000 Microsoft Exchange servers exposed to attack. Hackers are targeting the vulnerable servers with Black Kingdom ransomware, which encrypts files and demands bitcoin ransom in exchange for the private key. The Hacker News: https://thehackernews.com/2021/03/black-kingdom-ransomware-hunting.html

Cisco Jabber

Cisco patched its Jabber messaging clients because of vulnerabilities that would enable attackers to execute arbitrary programs on the underlying operating system. The Hacker News: https://thehackernews.com/2021/03/critical-cisco-jabber-bug-could-let.html

FatFace

This British fashion retailer emailed its customers two months after a security breach that exposed some of their financial and personal information. Graham Cluley: https://grahamcluley.com/fatface-would-like-everyone-to-keep-its-data-breach-strictly-private-and-confidential/

Royal Dutch Shell

The energy giant disclosed that the Accellion File Transfer Appliance data breach had impacted its network. Bank Infosecurity: https://www.bankinfosecurity.com/accellion-data-breach-ensnares-energy-giant-shell-a-16246

AFCEA International and US Geospatial Intelligence Foundation

These two large government conference organizers sent emails warning past attendees that hackers may have stolen their personal information. The breach occurred at SPARGO, a third-party vendor that both organizers use for registration. Federal News Network: https://federalnewsnetwork.com/federal-newscast/2021/03/two-large-government-conference-organizers-suffer-data-breach/

California State Controller

A phishing attack gave hackers access to email and files at the California State Controller’s Office. Krebs on Security: https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/

University of Northampton

The UK’s University of Northampton announced that a cyberattack had interrupted services to its IT and phone systems. BBC: https://www.bbc.com/news/uk-england-northamptonshire-56500434

MangaDex

A website that hosts manga comics was taken offline after hackers gained access to a database that housed user data. Port Swigger: https://portswigger.net/daily-swig/mangadex-website-taken-offline-following-cyber-attack-data-breach

Israeli voter database

Hackers leaked a database with the names and ID numbers of Israeli voters a year after an identical breach occurred. Haaretz: https://www.haaretz.com/israel-news/elections/.premium-just-before-election-entirety-of-israel-s-voter-data-leaked-online-again-1.9642920

SolarWinds

SolarWinds released an update to its Orion network-monitoring tool to fix four security vulnerabilities, including two remote code execution bugs. The Hacker News: https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html

Solairus Aviation

A private aviation-services provider announced that hackers compromised some employee and customer data due to a security breach at a third-party business-management provider. Security Week: https://www.securityweek.com/air-charter-firm-solairus-aviation-suffers-data-breach

Android spyware

Security researchers found new Android malware that masquerades as a critical system update, and can take complete control of a targeted device. TechCrunch: https://techcrunch.com/2021/03/26/android-malware-system-update/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.