Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Oct. 25th 2021

Oct 25, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Sinclair Broadcast Group

Sinclair Broadcast Group confirmed a ransomware attack on its servers and workstations that caused outages at numerous local TV stations. The group controls hundreds of stations across the US. ZDNet: https://www.zdnet.com/article/sinclair-confirms-ransomware-attack-after-tv-station-disruptions/

 

University of Sunderland

This UK-based university is relaunching its core IT systems after a cyberattack took them offline last week. ZDNet: https://www.zdnet.com/article/university-still-recovering-from-major-cyberattack-that-disrupted-it-systems/

 

Missouri teachers

A data breach in Missouri exposed around 100,000 teachers’ social-security numbers. Officials are estimating the cost to the state at $50m for credit monitoring alone. Victoria Advocate: https://www.victoriaadvocate.com/ap/state/missouri-budget-officials-outline-50m-cost-of-data-breach/article_c92bf39a-542a-511e-ba13-0f6b2d3fb6f5.html

 

Millburn New Jersey fertility clinic

A Millburn-based fertility clinic has to pay more than $450,000 and implement new cybersecurity measures as part of a settlement with the state after a data breach compromised patient data. North Jersey:https://www.northjersey.com/story/news/essex/millburn-short-hills/2021/10/19/millburn-nj-fertility-clinic-data-breach/8526728002/

 

Atento

This Madrid-based business-process outsourcing and CRM company experienced a cyberattack. The most significant impact was in Brazil. ZDNet: https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/

 

Phone data

Consumer-grade spyware uses a security issue in phones to extract call records, text messages, photos, geolocations and more. Tech Crunch: https://techcrunch.com/2021/10/19/stalkerware-security-phone-data-thousands/

 

Fimmick

A ransomware attack against Hong Kong digital-marketing company Fimmick exposed the personal information of 35,000 citizens. The company’s clients include L’Oreal and several other multinational companies in Hong Kong. The Standard: https://www.thestandard.com.hk/section-news/section/4/235310/Alarm-over-data-breach

 

Linux kernel

McAfee researchers disclosed a memory-corruption bug in the Linux kernel’s UDP fragmentation offload, enabling hackers to gain local privilege escalation. Hack Read: https://www.hackread.com/linux-kernel-memory-corruption-bug-system-compromise/

 

JavaScript threats

Researchers analyzed 10,000 diverse malwares written in JavaScript and discovered that around a quarter of it is obfuscated to evade detection. Bleeping Computer: https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/

 

Bastion Secure

A cybercrime gang known as FIN7 set up another fake cybersecurity company to recruit software engineers for fake penetration-testing services. The group has done this before with Combi Security, a company that claims to offer such services. The Hacker News: https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html

 

HIV Scotland

British authorities fined this Scottish charity £10,000 because of a data-protection breach that exposed the personal information of 105 people. BBC: https://www.bbc.com/news/uk-scotland-59008366

 

Gigabyte Technology

This Taiwanese manufacturer and distributor of computer hardware experienced a massive data breach because of a ransomware attack. Security Magazine: https://www.securitymagazine.com/articles/96364-gigabyte-victim-to-ransomware-again

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.