Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Oct. 18th 2021

Oct 18, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

ReproSource

A Quest Diagnostics-owned fertility clinic experienced a ransomware attack that exposed the personal and financial information of 350,000 patients. ZDNet: https://www.zdnet.com/article/quest-owned-fertility-clinic-announces-data-breach-after-august-ransomware-attack/

 

San Juan Regional Medical Center

A hacker deleted patient data at this New Mexico hospital. The attack impacted 68,792 people. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/hospital-hacker-steals-patients/

 

Visible

Verizon-owned Visible announced that it had experienced a security breach and that user accounts were impacted. ZDNet: https://www.zdnet.com/article/verizon-owned-visible-acknowledges-hack-confirms-account-manipulations/

 

OpenSea

A vulnerability in OpenSea, a non-fungible-token (NFT) marketplace, could have been abused by hackers to drain cryptocurrency funds from a victim. The platform was patched within an hour of the flaw’s disclosure. The Hacker News: https://thehackernews.com/2021/10/critical-flaw-in-opensea-could-have-let.html

 

US water and wastewater systems

CISA is warning US water and wastewater operators that hackers are attempting to disrupt operations. Facilities in California, Maine and Nevada experienced attacks earlier this year. ZDNet: https://www.zdnet.com/article/cisa-outlines-cyberthreats-targeting-us-water-and-wastewater-systems/

 

Bitcoin transactions

A new report found that $5.2b in bitcoin transactions relate to the top ten ransomware variants in recent years. ZDNet: https://www.zdnet.com/article/5-2-billion-in-btc-transactions-tied-to-top-10-ransomware-variants-us-treasury/

 

Porto Seguro

Brazilian insurance group Porto Seguro reported a cyberattack that caused instability in its service channels and some systems. Infosec Today: https://infosectoday.com/cybersecurity/brazilian-insurance-giant-porto-seguro-hit-by-cyberattack/

 

Telegram Bot

Iranian hacking group APT35 is using the messaging app Telegram to ascertain whether they successfully compromised their victims. Wired: https://www.wired.com/story/apt35-iran-hackers-phishing-telegram-bot/

 

Acer

Acer confirmed a cyberattack in its India offices by hackers known as the Desorden Group. The criminals breached servers and stole 60GB of data. ZDNet:https://www.zdnet.com/article/acer-confirms-second-cyberattack-in-2021/

 

Hillel Yaffe Medical Center

This Israeli hospital experienced a ransomware attack, the first such attack on a hospital in the country. Security Week: https://www.securityweek.com/israeli-hospital-targeted-ransomware-attack

 

iCloud

Several women, including Britney Spears, were spied on through their iCloud accounts. Vice:https://www.vice.com/en/article/7kv5da/icloud-phone-spying-britney-jamie-spears-india

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.