Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – May 31st 2021

Jun 2, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Conti ransomware

According to the FBI, the hacker behind Conti ransomware targeted at least 16 healthcare and first responder networks in the US over the past year. Conti emerged as a ransomware-as-a-service tool in July 2020. The Hacker News:https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html

 

macOS

Researchers discovered a new XCSSET malware exploiting a vulnerability that let them bypass macOS security features. TechCrunch: https://techcrunch.com/2021/05/24/malware-xcsset-macos/

 

Pulse Secure VPN

The company behind Pulse Secure VPN appliances published a security advisory for a vulnerability that enables an authenticated remote user to execute arbitrary code with elevated privileges. The Hacker News: https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

 

Boeing 747

Pen Testers established a persistent shell on the inflight entertainment system on a Boeing 747 airplane by exploiting a vulnerability from 1999. The Register: https://www.theregister.com/2021/05/21/boeing_747_ife_windows_nt4_shell_access/

 

NGINX

NGINX announced a buffer overwrite security vulnerability that could enable arbitrary code execution. NGINX: https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

 

VMware vCenter Server

VMware rolled out patches to fix a severe vulnerability that enables hackers to execute arbitrary code on the server. The Hacker News: https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html

 

Canada Post

Canada Post announced that a cyberattack breached an electronic data interchange supplier and compromised the information of 1m parcel recipients. Modern Shipper: https://www.freightwaves.com/news/data-breach-hits-44-big-canada-post-shippers-exposing-nearly-1m-customers

 

Hydra

A Russian dark web marketplace made $1.37b in cryptocurrencies in 2020. The service facilitates narcotics trades, BTC cash-out services, and stolen credit cards. The Hacker News: https://thehackernews.com/2021/05/russian-hydra-darknet-market-made-over.html

 

ZocDoc

A New York-based platform booking provider discovered a bug in its software that enabled patient data to be accessed by medical and dental practices when access was supposed to be restricted. HIPPA Journal:https://www.hipaajournal.com/zocdoc-says-programming-error-resulted-in-exposure-of-patient-data/

 

VSCode

Researchers discovered several security flaws in Visual Studio Code extensions that enable hackers to compromise local machines and build and deployment systems. The Hacker News: https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

 

Fujitsu

Hackers stole data from several Japanese government organizations in a cyberattack that impacted Fujitsu’s ProjectWEB platform. Fujitsu took down the platform. ZDNet: https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/

 

Klarna

Klarna users complained that they could log in as other people and access strangers’ personal information, including past purchases and addresses. The fintech company shut down its app and announced that a technical error caused the security incident. Sifted: https://sifted.eu/articles/klarna-data-breach/

 

N3tw0rm gang

An Iranian ransomware gang is masquerading as a Russian ransomware gang to target more than 80 Israeli companies. CPO Magazine: https://www.cpomagazine.com/cyber-security/suspected-iranian-ransomware-gang-n3tw0rm-starts-another-cyber-attack-wave-against-israel/

 

USAID

The hacking group behind the SolarWinds attack is conducting a malicious email campaign to deliver malware to 150 government agencies. They first compromised an account belonging to USAID, an agency that administers civilian foreign aid, and sent emails through USAID’s Constant Contact account. ArsTechnica: https://arstechnica.com/gadgets/2021/05/microsoft-says-solarwinds-hackers-targeted-us-agencies-in-a-new-campaign/

 

Apple M1 chip

A design flaw in the Apple M1 chip enables different processes to communicate with each other, violating OS security principles. The Register: https://www.theregister.com/2021/05/27/apple_m1_chip_bug/

 

Flashcard apps

US service members are inadvertently exposing sensitive nuclear security protocols via flashcard learning apps. Bellingcat: https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/

 

Caravus

An independent health care insurance broker provided notice of a 2020 ransomware attack that breached users’ personal information. PRNewswire: https://www.prnewswire.com/news-releases/caravus-informs-individuals-of-potential-data-security-incident-involving-service-provider-301301771.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.