Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Oct. 4th 2021

Oct 4, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

Giant Group

Payroll service provider Giant Group discovered suspicious network activity and took its Giant Pay systems offline. Contractors are unable to receive their salary payments. The Register: https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/

 

Bandwidth

A Raleigh, North Carolina-based technology company that makes software for internet-based voice and text communication experienced a cyberattack over the weekend and is still experiencing outages. Charlotte Observer: https://www.charlotteobserver.com/news/business/article254588122.html

 

PIX Payment System

Two Android applications target Brazil’s instant payment ecosystem users to lure them into transferring their account balances to an account that hackers control. The Cyber Social Hub: https://cybersocialhub.com/csh/hackers-targeting-brazils-pix-payment-system-to-drain-users-bank-accounts/

 

Azure Active Directory

A new bug in Microsoft Azure’s Active Directory implementation enables a single-factor brute-forcing of a victim’s credentials. The attempts are also not logged on to the server, so the victim doesn’t know the attack occurred. ArsTechnica: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

 

Microsoft Exchange

Since 2016 Exchange clients have been supplying unprotected credentials due to a bug in Autodiscover. The Register: https://www.theregister.com/2021/09/27/microsoft_exchange_autodiscover/

 

Tomiris backdoor

Researchers uncovered a new connection between the Tomiris backdoor and the group behind the SolarWinds breach. Both exploits are written in Go and use similar encryption and obfuscation setups. ZDNet: https://www.zdnet.com/article/the-tomiris-backdoor-has-now-been-linked-to-sunshuttle-darkhalo-hackers/

 

Group-IB

Authorities arrested the founder of one of Russia’s most prominent cybersecurity companies on suspicion of state treason. The company is an official partner of Interpol and Europol. Financial Times: https://www.ft.com/content/26679340-b77b-47c0-9a24-14bef6f646a2

 

Navistar

A US truck maker announced that a data breach exposed employee healthcare information. Th eDaily Swig: https://portswigger.net/daily-swig/navistar-confirms-data-breach-involved-employee-healthcare-information

 

Forward Air

Trucking company Forward Air announced a data breach after a ransomware attack enabled hackers to access employees’ personal information. The attack occurred in December of 2020, and the company lost $7.5m in revenue due to suspending its IT systems. Bleeping Computer: https://www.bleepingcomputer.com/news/security/trucking-giant-forward-air-reports-ransomware-data-breach/

 

Neiman Marcus

Neiman Marcus alerted 4.6m customers that their personal information may have been accessed in a cyberattack. Reuters: https://www.reuters.com/business/retail-consumer/neiman-marcus-says-notified-46-mln-customers-about-data-breach-2021-09-30/

 

UMass Amherst

UMass Amherst hired a cybersecurity firm to investigate the source of racist emails sent to Black student groups. CBS Boston: https://boston.cbslocal.com/2021/09/29/umass-amherst-investigates-racist-emails/

 

Pottawatomie County, Kansas

County officials are restoring IT systems after a ransomware attack encrypted several servers. The county negotiated a reduced ransom payment with the hackers to get their systems back. Salina Post: https://salinapost.com/posts/5d49519e-0481-4e0c-8609-f629031b85e0

 

Paxton Media Group

Federal authorities filed a lawsuit against the Paxton Media Group after a data breach resulted in hackers stealing nearly 21,000 current and former employees’ private information. The Owensboro Times: https://www.owensborotimes.com/news/2021/10/federal-lawsuit-filed-against-paxton-media-group-after-data-breach-of-nearly-21k-employees/

 

Coinbase

Coinbase disclosed that hackers stole cryptocurrency from at least 6,000 customers in a cyberattack this spring. PCMag: https://www.pcmag.com/news/coinbase-discloses-that-6000-customers-got-hacked-this-spring

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.