Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Nov. 1st 2021

Nov 8, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

GitLab

GitLab recently patched a critical remote-code-execution vulnerability in its web interface. The Hacker News: https://thehackernews.com/2021/11/alert-hackers-exploiting-gitlab.html

 

Huawei

The US Federal Communications Commission started a reimbursement program to replace Huawei hardware installed in their American telecom networks. Bloomberg: https://www.bloomberg.com/news/newsletters/2021-11-01/u-s-telecoms-are-going-to-start-physically-removing-huawei-gear

 

Newfoundland and Labrador

A computer network failure forced Newfoundland and Labrador’s healthcare workers to use a paper-based system and to cancel thousands of non-emergency appointments. Toronto Star: https://www.thestar.com/news/canada/2021/11/01/newfoundland-forced-to-revert-to-paper-based-system-after-possible-cyber-attack-on-health-care-network.html

 

Daewoo Shipbuilding & Marine Engineering

This South Korean shipbuilder and defense contractor confirmed that it is investigating a possible breach of its computer systems. The attack is thought to be the second on its systems in the last year. The Maritime Executive: https://www.maritime-executive.com/article/south-korean-shipbuilder-dsme-confirms-new-possible-cyber-attack

 

Atento

The cybercriminal group behind a cyberattack on a Brazilian call-center company announced that it had leaked the company’s data on the darkweb. Playcrazygame:https://playcrazygame.com/2021/11/03/after-cyber-attack-criminals-put-atento-data-for-sale-on-the-deep-web-companies/

 

Danaos Management Consultants

Several Greek shipping companies experienced cyberattacks over the weekend that resulted in lost files. The companies used communication systems from Danaos Management Consultants, and the cyberattack blocked communications with ships, suppliers, agents, and others. Splash247:https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/

 

UK Labour Party

The Labour Party confirmed that a cyberattack occurred at a third-party company that handles the party’s IT systems. The Independent: https://www.independent.co.uk/news/uk/politics/labour-cyber-attack-members-data-b1950682.html

 

Washington State

Washington State’s Attorney General released his sixth annual Data Breach Report, which found that 2021 to date has been the worst-ever year for data breaches. More than 6.3m residents were sent breach notices, up from 3.5m in 2018. Washington State Attorney General: https://www.atg.wa.gov/news/news-releases/ag-data-breach-report-2021-sets-new-record-number-data-breaches-and-ransomware

 

New York Psychotherapy and Counseling Center

This mental-health non-profit is notifying patients whose information was exposed in a data security incident back in September. PR Newswire: https://www.prnewswire.com/news-releases/notice-of-data-security-incident-301417774.html

 

Nationwide Laboratory Services

This Florida-based laboratory is dealing with a ransomware attack that has exposed the personal health information of more than 30,000 patients. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/ransomware-attack-on-florida-lab/

 

Monterey County, California

The Seneca Family of Agencies, a behavioral-healthcare-services firm, informed Monterey County residents that their data may have been compromised by a data breach. California News Times: https://californianewstimes.com/4000-monterey-county-resident-may-have-been-impacted-by-data-breach/583139/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.