Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – March 8th 2021

Mar 8, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Gab (1)

This social-networking service used by far-right extremists reported that hackers had stolen more than 40m public and private posts, messages and user profiles. Hot for Security: https://hotforsecurity.bitdefender.com/blog/mentally-ill-demon-hackers-blamed-for-massive-gab-data-leak-25395.html

 

Gab (2)

The company’s CTO accidentally introduced a critical vulnerability into Gab’s open-source code. He then appeared to try to cover up his error. Ars Technica:https://arstechnica.com/gadgets/2021/03/rookie-coding-mistake-prior-to-gab-hack-came-from-sites-cto/

 

Spectre

Hackers uploaded a fully weaponized exploit for Spectre, a major hardware bug discovered in 2018, to the malware-scanning website VirusTotal. The Record: https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

 

Microsoft Exchange

Microsoft released emergency patches for four security flaws that Chinese state-sponsored hackers are actively exploiting. The vulnerabilities enable them to access on-premise Exchange servers. Krebs on Security:https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

 

Mumbai blackout

Officials are investigating whether Chinese cyberattacks could have been behind the blackout in Mumbai last year that left millions without power. The Wall Street Journal: https://www.wsj.com/articles/india-suspects-china-may-be-behind-major-mumbai-blackout-11614615383?mod=djemwhatsnews

 

Dependency confusion packages

Sonatype, a US software company, identified new “dependency confusion” packages published to the npm tool. These packages are named after components used by companies such as Amazon, Zillow, Lyft and Slack. Sonatype: https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files

 

Ticketcounter

This Dutch e-ticketing platform experienced a data breach that exposed 1.9m email addresses, names, phone numbers and hashed passwords. Bleeping Computer:https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/

 

Navajo Nation

Hackers hit Rehoboth McKinley Christian Health Care Services with a ransomware attack that forced the hospital’s staff to use pen and paper to keep it running. Rehoboth is a not-for-profit hospital that serves the Navajo Nation in New Mexico. NBC News: https://www.nbcnews.com/tech/security/ripe-extortion-navajo-nation-hospital-targeted-large-scale-ransomware-hack-n1259457

 

Microsoft

Microsoft awarded a security researcher $50,000 as a part of a bug-bounty program for finding a flaw that could enable hackers to hijack users’ Microsoft accounts. The Hacker News: https://thehackernews.com/2021/03/a-50000-bug-couldve-allowed-hackers.html

 

Qualys

Hackers breached enterprise cloud-security company Qualys using a vulnerability announced a few weeks ago in the Accellion File Transfer Appliance server. The Hacker News: https://thehackernews.com/2021/03/extortion-gang-breaches-cybersecurity.html

 

SolarWinds

FireEye and Microsoft discovered three more malware strains that are connected to the SolarWinds attack. The Hacker News: https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html

 

Intel CPU

Researchers discovered that hackers could abuse the way Intel’s CPU ring interconnects work for side-channel attacks. Side-channel attacks exploit characteristics in chip architectures to expose their data. The Register: https://www.theregister.com/2021/03/08/intel_ring_flaw/

 

Malaysian Airlines

Hackers attacked Malaysian Airlines’ frequent-flyer program and compromised its users’ personal information from 2010 to 2019. The breach originated in a third-party IT service provider. ZDNet: https://www.zdnet.com/article/malaysia-airlines-suffers-data-security-incident-spanning-nine-years/

 

Oxfam Australia

Oxfam Australia confirmed that a data breach occurred, and that the hackers put its donor databases up for sale on the web. Bleeping Computer: https://www.bleepingcomputer.com/news/security/oxfam-australia-confirms-data-breach-after-stolen-info-sold-online/

 

Czech Republic

The Czech capital city of Prague, along with the country’s Labour Ministry, said that hackers had attacked their email systems. Reuters: https://www.reuters.com/article/us-czech-cyber/czech-capital-prague-labour-ministry-face-cyber-attacks-idUSKBN2AX16B?il=0

 

American Airlines

Hackers compromised American Airlines’ loyalty program via a breach at third-party technology company SITA, whose software is used by much of the airline industry. Travel Weekly: https://www.travelweekly.com/Travel-News/Airline-News/American-Airlines-is-hit-in-global-aviation-data-breach

 

Singapore Airlines

Singapore Airline’s frequent-flyer program also suffered a breach due to the breach at SITA. ZDNet: https://www.zdnet.com/article/singapore-airlines-frequent-flyer-members-hit-in-third-party-data-security-breach/

 

Maza forum

The Maza cybercriminal forum suffered a data breach that exposed user information. ZDNet:https://www.zdnet.com/article/maza-russian-cybercriminal-forum-suffers-data-breach/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.