Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – November 9th

Nov 9, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Google Chrome

Google patched its second zero-day flaw in Chrome in the past two weeks. The bug concerned an inappropriate implementation of its V8 JavaScript rendering engine. The Hacker News: https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html

 

Munich Security Conference

Hackers posing as conference organizers are targeting more than one hundred high-profile individuals, including former government officials, academics and policy experts, attending two key global policy summits. National Herald India: https://www.nationalheraldindia.com/national/hackers-attack-100-key-people-to-collect-intelligence-microsoft

 

Eatigo

Hackers stole the personal information from 2.8m accounts at Eatigo, Asia’s leading restaurant-reservation platform. Channel News Asia: https://www.channelnewsasia.com/news/singapore/eatigo-data-breach-personal-information-millions-account-13425082

 

GitHub

Google Project Zero disclosed a high-severity flaw in GitHub after the code-hosting company apparently failed to heed Google’s private warnings about the bug. ZDNet: https://www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/

 

Windows

Google disclosed a new zero-day privilege-escalation flaw in Windows that hackers are actively exploiting… thanks to the flaw in Google Chrome mentioned above. The vulnerability is a buffer overflow present in versions since Windows 7. The Hacker News: https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html

 

Folksam Group

One of Sweden’s largest private insurers announced that it had accidentally shared client data with Facebook, Google, Microsoft, LinkedIn and Adobe. Bloomberg:https://www.bloomberg.com/news/articles/2020-11-03/data-breach-hits-1-million-swedes-as-insurance-firm-admits-error

 

Ransomware report

A new report says that almost half of all ransomware cases include the threat of releasing exfiltrated data. Krebs on Security: https://krebsonsecurity.com/2020/11/why-paying-to-delete-stolen-data-is-bonkers/

 

Cit0day.in

This “data breach index” made some 23,000 hacked databases available for download on several hacker forums. ZDNet: https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/

 

GrowDiaries

An online community of marijuana growers suffered a significant data breach after two apps were found to be accessible online without passwords. Tech Radar:https://www.techradar.com/news/millions-of-marijuana-growers-hit-in-major-data-breach

 

Club Fitness Holdings

This U.S. gym chain notified its members of a data-security incident involving personal information. PRNewswire:https://www.prnewswire.com/news-releases/club-fitness-provides-notice-of-data-security-incident-301166797.html

 

Capcom

This Japanese game developer announced that it had suffered a data breach and that hackers had accessed internal systems. Tripwire: https://www.tripwire.com/state-of-security/featured/capcom-hacked-resident-evil-game-developer-discloses-cyber-attack/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.