Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – October 26th

Oct 26, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Albion Online

A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes. ZDNet:


Google released an update to Chrome because of a zero-day vulnerability that is being actively exploited in the wild. The Hacker News:

Beijer Ref France

Refrigeration and air conditioning wholesaler Beijer Ref’s French operations were targeted by a cyberattack that resulted in 2.4m euros in lost sales. Cooling Post:

Made in Oregon

Gift-retailer Made in Oregon alerted thousands of online customers that hackers had stolen their personal information in a data breach. Oregon Live:

Toledo Public Schools

Hackers stole nearly 9GB of sensitive personal data belonging to Toledo Public Schools in Ohio, after cyberattacks forced administrators offline and disrupted virtual classes. Infosecurity Magazine:

Verificient Technologies

Verificient, which develops software to monitor online exam cheating, announced that it had detected a security breach in one of its servers. Security Magazine:


This Australian gas producer (very) belatedly informed customers of a 2014 data breach that may have exposed their information. The breach occurred in a third-party system that the company apparently no longer uses. ZDNet:

Malicious JavaScript

npm, a subsidiary of Microsoft’s GitHub and a package manager for JavaScript, removed three packages from the npm portal because they contained malicious code that opened shells on victim devices. ZDNet:

Dr. Reddy’s

Indian multinational drugmaker Dr. Reddy’s Laboratories isolated its data center services after detecting a cyberattack. Bloomberg Law:


Pfizer misconfigured a Google Cloud storage bucket, which led to a data breach that exposed personal HIPAA-related information. Security Boulevard:


Hackers compromised this South African-based restaurant chain’s customer accounts, and placed multiple high-value orders from many of them in several countries. Mirror:

Sopra Steria

French IT-services company Sopra Steria revealed that it had experienced a cyberattack last week. Computing:


This Japanese pharmaceutical company announced that it was hit by a cyberattack that exposed licenses for medical equipment and employee residency permits. Japan Times:

Polyverse technologies could have prevented many of the above attacks…

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.