Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – May 17th 2021

May 17, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Tor

A dark web infrastructure study discovered that a hacker controlled more than 27% of the entire Tor network exit capacity in February 2021. The Hacker News:https://thehackernews.com/2021/05/over-25-of-tor-exit-relays-are-spying.html

 

Fake Amazon reviews

Researchers discovered an open ElasticSearch database that contained messages between Amazon vendors and customers about fake reviews. Slash Gear:https://www.slashgear.com/amazon-fake-reviews-scam-revealed-in-data-breach-with-massive-potential-10672136/

 

Adobe

Adobe released patches to fix vulnerabilities across 12 products, including a zero-day bug in Adobe Reader. The Hacker News: https://thehackernews.com/2021/05/alert-hackers-exploit-adobe-reader-0.html

 

Metropolitan Police Department

The hackers behind Babuk ransomware leaked more personal files belonging to the Metropolitan Police Department as negotiations with the police broke down. The Hacker News: https://thehackernews.com/2021/05/ransomware-gang-leaks-metropolitan.html

 

WiFi 

A dozen WiFi flaws made it possible for hackers to steal transmitted data and bypass firewalls to attack home networks. The Register: https://www.theregister.com/2021/05/12/krack_hack_wifi/

 

Alaskan court system

The Alaskan court system restored its email after being down for two weeks following a cyberattack. The court system does not know who was behind the attack or why it was targeted. Associated Press: https://apnews.com/article/ak-state-wire-alaska-courts-technology-email-32115ec34446aa3cd824b40cfce69752

 

WordPress 

An XML External Entity injection bug enables attackers to steal a victim’s files remotely. The Daily Swig: https://portswigger.net/daily-swig/wordpress-xxe-injection-vulnerability-could-allow-attackers-to-remotely-steal-host-files

 

COVID-19

Fake COVID-19 test results, vaccination cards, and vaccines are emerging on the dark web as hackers are commoditizing the pandemic. The Hacker News:https://thehackernews.com/2021/05/dark-web-getting-loaded-with-bogus.html

Rapid7

Rapid7 announced that hackers accessed some source code repositories due to the security breach at third-party coverage tool Codecov. Bleeping Computer:https://www.bleepingcomputer.com/news/security/rapid7-source-code-credentials-accessed-in-codecov-supply-chain-attack/

 

Website favicons

Hackers distribute PHP web shells hidden inside favicons to gain access and compromise servers of online shopping platforms. The Hacker News: https://thehackernews.com/2021/05/magecart-hackers-now-hide-php-based.html

 

Herff Jones

A company that rents graduation attire to Indiana University students is alerting customers that a data breach exposed their payment information. Indiana Public Media: https://indianapublicmedia.org/news/cap-and-gown-rental-company-reports-data-breach.php

 

DarkSide ransomware – Colonial Pipeline

The DarkSide ransomware hackers that caused the outage at Colonial Pipeline announced that they are shutting down after an unknown entity seized its servers. Krebs on Security: https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/

 

Ireland’s health service

Irish health services shut down computer systems during a ransomware cyberattack to protect them from the attack. Bloomberg: https://www.bloomberg.com/news/articles/2021-05-14/irish-health-service-shuts-down-it-system-amid-cyber-attack

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.