Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – October 19th

Oct 19, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Microsoft used a legal attack to disrupt Trickbot, a malware-as-a-service botnet, based on a claim that the botnet abused the software company’s trademarks. Krebs on Security:



Iran’s cybersecurity authority acknowledged two cyberattacks on government departments this week. The Washington Post:


New DDoS campaign

An unknown hacking group, posing as the Lazarus and Fancy Bear APT groups, is threatening organizations with DDoS attacks unless they pay a ransom. Computing:



Researchers have identified a new hacking group, known as FIN11, that is hacking and extorting pharmaceutical and healthcare companies during the COVID-19 pandemic. Cyberscoop:


Silent Librarian group

This Iranian advanced-persistent-threat group is targeting schools and universities around the world with spear-phishing attacks. HackRead:


Windows “Ping of Death”

SophosLabs, a cybersecurity firm, is urging Windows 10 users to patch their systems because of a bug in the TCPIP.SYS kernel driver. Naked Security:


State of Colorado

Thirty thousand State of Colorado employees may be impacted by a data breach that exposed personal information such as Social Security numbers. CBS Denver:


London Borough of Hackney

This U.K. city council was hit by a cyberattack that disrupted many of its online services. Bleeping Computer:


Barnes & Noble

Barnes & Noble confirmed a cyberattack that impacted Nook services and possibly exposed customer data. ZDNet:


British Airways

British Airways was fined a record £20m for a data breach in 2018 — less than the £183m it was initially fined, in part because of its dire COVID-related financial situation. The Guardian:


Bluetooth bug in Linux

Google and Intel are warning users of a high-severity Bluetooth bug in the Linux Kernel that could enable code execution by attackers within Bluetooth range. Arstechnica:


Fairfax County Public Schools

A cyberattack on Fairfax County Public Schools in Virginia resulted in student and teacher personal information leaked on the dark web. Local DVM:



This school-payments company alerted parents who recently made payments to U.K. schools that their credit card details were compromised in a hack of the WisePay website. The Fintech Times:


Seyfarth Shaw

This Chicago-based international law firm confirmed that a ransomware attack impacted its IT systems. Above the Law:



This Miami-based tech company suffered a significant data breach in which a terabyte of its users’ data was leaked. Security Magazine:


Dickey’s BBQ

Researchers have linked 3m compromised payment cards found on the dark web to U.S. restaurant franchise Dickey’s Barbeque Pit. Threatpost:


Manitoba hack

Hackers stole almost $450,000 in a cyberattack on a bank account belonging to a Manitoba, Canada municipality. CTV News:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.