Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Oct. 25th 2021

Oct 25, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Sinclair Broadcast Group

Sinclair Broadcast Group confirmed a ransomware attack on its servers and workstations that caused outages at numerous local TV stations. The group controls hundreds of stations across the US. ZDNet:


University of Sunderland

This UK-based university is relaunching its core IT systems after a cyberattack took them offline last week. ZDNet:


Missouri teachers

A data breach in Missouri exposed around 100,000 teachers’ social-security numbers. Officials are estimating the cost to the state at $50m for credit monitoring alone. Victoria Advocate:


Millburn New Jersey fertility clinic

A Millburn-based fertility clinic has to pay more than $450,000 and implement new cybersecurity measures as part of a settlement with the state after a data breach compromised patient data. North Jersey:



This Madrid-based business-process outsourcing and CRM company experienced a cyberattack. The most significant impact was in Brazil. ZDNet:


Phone data

Consumer-grade spyware uses a security issue in phones to extract call records, text messages, photos, geolocations and more. Tech Crunch:



A ransomware attack against Hong Kong digital-marketing company Fimmick exposed the personal information of 35,000 citizens. The company’s clients include L’Oreal and several other multinational companies in Hong Kong. The Standard:


Linux kernel

McAfee researchers disclosed a memory-corruption bug in the Linux kernel’s UDP fragmentation offload, enabling hackers to gain local privilege escalation. Hack Read:


JavaScript threats

Researchers analyzed 10,000 diverse malwares written in JavaScript and discovered that around a quarter of it is obfuscated to evade detection. Bleeping Computer:


Bastion Secure

A cybercrime gang known as FIN7 set up another fake cybersecurity company to recruit software engineers for fake penetration-testing services. The group has done this before with Combi Security, a company that claims to offer such services. The Hacker News:


HIV Scotland

British authorities fined this Scottish charity £10,000 because of a data-protection breach that exposed the personal information of 105 people. BBC:


Gigabyte Technology

This Taiwanese manufacturer and distributor of computer hardware experienced a massive data breach because of a ransomware attack. Security Magazine:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.