Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Nov. 29th 2021

Nov 29, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Punjab National Bank

A vulnerability in a server belonging to the Punjab National Bank exposed the personal and financial information of 180m customers over seven months. Telecom.com: https://telecom.economictimes.indiatimes.com/news/vulnerability-in-pnb-server-exposed-customer-data-for-about-seven-months-cyberx9/87832554

Mahan Air

A private airline in Iran announced that it foiled a cyberattack attempt that targeted internal systems. Haaretz: https://www.haaretz.com/middle-east-news/cyberattack-against-blacklisted-iranian-airline-thwarted-1.10403512

Vestas

The world’s largest supplier of wind turbines announced that a cyberattack compromised company data. The Daily Swig: https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incident

Bureau Veritas

A French company specializing in laboratory testing, inspection and certification services announced that a cyberattack impacted its cybersecurity systems. The company took all servers and data offline after the breach was detected. Ship Technology: https://www.ship-technology.com/news/bureau-veritas-hit-cyberattack/

NSO Group

Apple is suing the NSO Group and its parent company to hold it accountable for developing state-sponsored spyware against Apple devices. Apple: https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/

TriValley Primary Care

A Pennsylvania-based primary care organization is notifying patients whose information was involved in a cybersecurity breach. Yahoo: https://www.yahoo.com/now/trivalley-primary-care-notifies-patients-190000832.html

True Health New Mexico

A data breach at a New Mexico-based health insurer compromised the personal information of more than 62,000 US citizens. The Daily Swig: https://portswigger.net/daily-swig/data-breach-at-new-mexico-healthcare-business-impacts-62-000-state-residents

Swire Pacific Offshore

Singapore-based offshore operator Swire Pacific Offshore filed a notice to report a cybersecurity incident. The attack has “not materially affected global operation.” The Maritime Executive: https://www.maritime-executive.com/article/ransomware-attack-on-swire-pacific-offshore-breaches-personnel-data

Didi

Due to data security concerns, Chinese regulators are pressing ride-hailing company Didi Global to delist from the New York Stock Exchange. Business Standard: https://www.business-standard.com/article/international/china-presses-didi-global-to-delist-from-us-over-data-security-fears-121112601424_1.html

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.