Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Nov. 29th 2021

Nov 29, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Punjab National Bank

A vulnerability in a server belonging to the Punjab National Bank exposed the personal and financial information of 180m customers over seven months.

Mahan Air

A private airline in Iran announced that it foiled a cyberattack attempt that targeted internal systems. Haaretz:


The world’s largest supplier of wind turbines announced that a cyberattack compromised company data. The Daily Swig:

Bureau Veritas

A French company specializing in laboratory testing, inspection and certification services announced that a cyberattack impacted its cybersecurity systems. The company took all servers and data offline after the breach was detected. Ship Technology:

NSO Group

Apple is suing the NSO Group and its parent company to hold it accountable for developing state-sponsored spyware against Apple devices. Apple:

TriValley Primary Care

A Pennsylvania-based primary care organization is notifying patients whose information was involved in a cybersecurity breach. Yahoo:

True Health New Mexico

A data breach at a New Mexico-based health insurer compromised the personal information of more than 62,000 US citizens. The Daily Swig:

Swire Pacific Offshore

Singapore-based offshore operator Swire Pacific Offshore filed a notice to report a cybersecurity incident. The attack has “not materially affected global operation.” The Maritime Executive:


Due to data security concerns, Chinese regulators are pressing ride-hailing company Didi Global to delist from the New York Stock Exchange. Business Standard:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.