Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – November 16th

Nov 16, 2020By Shaina Raskin


Apple released multiple security updates to patch three zero-day vulnerabilities in the FontParser component and the kernel of iOS. The Hacker News:


Tech news website Mashable announced that its users’ personal information was discovered in a leaked database. Port Swigger:

Prestige Software

Used by hotels to integrate their reservation systems with online booking websites, Prestige’s software left 10m files related to hotel guests worldwide exposed for seven years, thanks to a misconfigured AWS S3 bucket. ThreatPost:


Indian online grocery BigBasket suffered a data breach in which details of 20m users ended up on the dark web. Economic Times:

University of Vermont Medical Center

The University of Vermont Medical Center is working to restore systems disabled in a cyberattack that prevented the hospital’s from providing some cancer treatments. The Wilton Bulletin:

Brazilian Superior Court of Justice

The Brazilian court was hit by a cyberattack that brought all of its operations to a halt for an entire week. ZDNet:


A data breach exposed the personal and health information of patients of LensCrafters, Target Optical, EyeMed and several other eye-care practices. Bleeping Computer:


The FBI issued a security alert warning that hackers are abusing misconfigured SonarQube applications to steal source-code repositories from U.S. government agencies and businesses. SonarQube’s software is used to test code for security flaws before applications are released. ZDNet:


Hackers are attacking businesses running Magento’s 1.x e-commerce platform; this obsolete version of the platform has been unsupported by Magento since June 2020, but is still widely used. The Hacker News:


A new backdoor targets Oracle’s MICROS point-of-sale restaurant-management software to steal payment information stored in the devices. The Hacker News:


A children’s online-gaming platform that builds a virtual world known as Animal Jam suffered a data breach impacting 46m accounts. Bleeping Computer:


This insurance-software provider disclosed a data breach in which a third-party accessed the details of 27.7m Texas drivers. ZDNet:

Facebook ads

A ransomware group is using hacked Facebook accounts to run ads to pressure ransomware victims into paying for their data. Krebs on Security:


Hackers used a flash loan attack against cryptocurrency borrowing and lending service Akropolis to steal 2m in Dai cryptocurrency. ZDNet:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.