Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 8th 2021

Mar 8, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Gab (1)

This social-networking service used by far-right extremists reported that hackers had stolen more than 40m public and private posts, messages and user profiles. Hot for Security:


Gab (2)

The company’s CTO accidentally introduced a critical vulnerability into Gab’s open-source code. He then appeared to try to cover up his error. Ars Technica:



Hackers uploaded a fully weaponized exploit for Spectre, a major hardware bug discovered in 2018, to the malware-scanning website VirusTotal. The Record:


Microsoft Exchange

Microsoft released emergency patches for four security flaws that Chinese state-sponsored hackers are actively exploiting. The vulnerabilities enable them to access on-premise Exchange servers. Krebs on Security:


Mumbai blackout

Officials are investigating whether Chinese cyberattacks could have been behind the blackout in Mumbai last year that left millions without power. The Wall Street Journal:


Dependency confusion packages

Sonatype, a US software company, identified new “dependency confusion” packages published to the npm tool. These packages are named after components used by companies such as Amazon, Zillow, Lyft and Slack. Sonatype:



This Dutch e-ticketing platform experienced a data breach that exposed 1.9m email addresses, names, phone numbers and hashed passwords. Bleeping Computer:


Navajo Nation

Hackers hit Rehoboth McKinley Christian Health Care Services with a ransomware attack that forced the hospital’s staff to use pen and paper to keep it running. Rehoboth is a not-for-profit hospital that serves the Navajo Nation in New Mexico. NBC News:



Microsoft awarded a security researcher $50,000 as a part of a bug-bounty program for finding a flaw that could enable hackers to hijack users’ Microsoft accounts. The Hacker News:



Hackers breached enterprise cloud-security company Qualys using a vulnerability announced a few weeks ago in the Accellion File Transfer Appliance server. The Hacker News:



FireEye and Microsoft discovered three more malware strains that are connected to the SolarWinds attack. The Hacker News:


Intel CPU

Researchers discovered that hackers could abuse the way Intel’s CPU ring interconnects work for side-channel attacks. Side-channel attacks exploit characteristics in chip architectures to expose their data. The Register:


Malaysian Airlines

Hackers attacked Malaysian Airlines’ frequent-flyer program and compromised its users’ personal information from 2010 to 2019. The breach originated in a third-party IT service provider. ZDNet:


Oxfam Australia

Oxfam Australia confirmed that a data breach occurred, and that the hackers put its donor databases up for sale on the web. Bleeping Computer:


Czech Republic

The Czech capital city of Prague, along with the country’s Labour Ministry, said that hackers had attacked their email systems. Reuters:


American Airlines

Hackers compromised American Airlines’ loyalty program via a breach at third-party technology company SITA, whose software is used by much of the airline industry. Travel Weekly:


Singapore Airlines

Singapore Airline’s frequent-flyer program also suffered a breach due to the breach at SITA. ZDNet:


Maza forum

The Maza cybercriminal forum suffered a data breach that exposed user information. ZDNet:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.