Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Nov. 15th 2021

Nov 15, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


FBI hack

The FBI confirmed that a hacker used its domain name and internet address to send fake emails about a cybercrime investigation. The hacker said he wanted to highlight a vulnerability in the FBI’s system. Krebs on Security:


DarkSide ransomware gang

The US State Department is offering a reward of $10m to anyone with information on leaders of the DarkSide ransomware gang. DarkSide attacked the Colonial Pipeline and caused temporary gas shortages on the East Coast. Wired:


Dallas Police Department

Distributed Denial of Secrets, an activist group similar to WikiLeaks, released a 600-hour leak of Dallas Police Department helicopter and Georgia State Patrol footage. Courthouse News:


Central Depository Services (India) Limited

A vulnerability at a CDSL subsidiary exposed the personal and financial data of 40m Indian investors twice in ten days. Business Standard:



Robinhood’s shares fell after the company acknowledged a security breach that exposed two million people’s email addresses and personal information. Coin Desk:


Centara Hotels & Resorts

The Desorden hacking group attacked this luxury hotel group a second time after a $900,000 ransom deal with the company collapsed. CPO Magazine:


City of Bridgeport, West Virginia

Researchers discovered data belonging to the City of Bridgeport on the dark web after a ransomware attack. WBOY:


Lister Fertility Clinic

Hackers stole data from this private UK fertility clinic in a ransomware attack that hit Stor-a-file Limited, a document-management company. Six of the 13 organizations impacted by the breach are in healthcare. Infosecurity Magazine:



Costco recently reported that it discovered a card skimmer at one of its Canadian warehouses. Costco notified shoppers of the hack but is unsure whether the criminal who installed the device retrieved any customer data. Forbes:



A data breach at hospitality platform RedDoorz exposed the personal information of 5.9m customers. The Business Times:


Damn Brewery

Spain’s second-largest beer maker stopped production at its main brewery outside Barcelona following a cyberattack. Reuters:



More than 1,000 branches of Germany’s Mediamarkt, Europe’s largest consumer-electronics retailer, are dealing with a $50m ransomware attack that has apparently crippled the company’s retail systems. The Brussels Times:


Void Balaur

A cyber-mercenary group is offering a hackers-for-hire service, and has already targeted thousands of individuals and organizations across the globe since 2015. ZDNet:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.