Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – November 9th

Nov 9, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Google Chrome

Google patched its second zero-day flaw in Chrome in the past two weeks. The bug concerned an inappropriate implementation of its V8 JavaScript rendering engine. The Hacker News:


Munich Security Conference

Hackers posing as conference organizers are targeting more than one hundred high-profile individuals, including former government officials, academics and policy experts, attending two key global policy summits. National Herald India:



Hackers stole the personal information from 2.8m accounts at Eatigo, Asia’s leading restaurant-reservation platform. Channel News Asia:



Google Project Zero disclosed a high-severity flaw in GitHub after the code-hosting company apparently failed to heed Google’s private warnings about the bug. ZDNet:



Google disclosed a new zero-day privilege-escalation flaw in Windows that hackers are actively exploiting… thanks to the flaw in Google Chrome mentioned above. The vulnerability is a buffer overflow present in versions since Windows 7. The Hacker News:


Folksam Group

One of Sweden’s largest private insurers announced that it had accidentally shared client data with Facebook, Google, Microsoft, LinkedIn and Adobe. Bloomberg:


Ransomware report

A new report says that almost half of all ransomware cases include the threat of releasing exfiltrated data. Krebs on Security:

This “data breach index” made some 23,000 hacked databases available for download on several hacker forums. ZDNet:



An online community of marijuana growers suffered a significant data breach after two apps were found to be accessible online without passwords. Tech Radar:


Club Fitness Holdings

This U.S. gym chain notified its members of a data-security incident involving personal information. PRNewswire:



This Japanese game developer announced that it had suffered a data breach and that hackers had accessed internal systems. Tripwire:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.