Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Sept. 13th 2021

Sep 13, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



Researchers published a proof-of-concept exploit code for an unpatched Ghostscript vulnerability. Ghostscript is a library that enables applications to process PDFs and PostScript-based files. The Record:



Fast-food and gambling chain Dotty’s experienced a cyberattack that exposed the personal data of customers. The Daily Swig:


Howard University

Washington DC-based Howard University canceled classes after hackers deployed a ransomware attack against the school’s network. CNN:



France’s Ministry of Foreign Affairs and Ministry of the Interior announced that a cyberattack compromised the data of 8,700 people applying for visas via the France-Visas website. Infosecurity Magazine:


Coalinga State Hospital

The State Hospital Department of California announced a data breach at Coalinga State Hospital that exposed the personal information of 1,800 past and present patients. California News Times:


Jenkins project

The Jenkins infrastructure team identified a successful cyberattack against a deprecated Confluence service. They do not believe any releases, plugins or source code has been impacted. Jenkins:


New Zealand financial institutions

The websites of several New Zealand financial institutions, the country’s postal service and several other organizations were briefly offline due to a DDoS attack. Reuters:


Fortinet FortiGate

Fortinet confirmed that a hacker disclosed VPN login names and passwords associated with 87,000 FortiGate devices. Credentials from unpatched systems may still be vulnerable. The Hacker News:


United Nations

A hacker used stolen credentials to breach part of the UN’s network and steal critical data. Threatpost:



Hackers compromised almost 80,000 mobile subscribers of this Singaporean telecoms company in a breach of a third-party data-storage platform. Straits Times: 



Russian tech company Yandex announced that hackers hit its servers with one of the largest DDoS attacks in history this summer. RadioFreeEurope:


Meris botnet

KrebsOnSecurity also experienced a major DDoS attack from the same botnet that hit Yandex, but was only briefly impacted. KrebsOnSecurity:



Fujitsu, a Japanese technology company, said that data allegedly stolen from it and now being sold by hackers online does not belong to the firm, and is not related to a cyberattack on its systems. TechTimes:



A New Zealand bank is still experiencing issues because of a cyberattack that took systems offline. Customers are still blocked from accessing their online accounts to make payments and transfers. NZ Herald: ??


Wisconsin Dells casino

The Ho-Chunk Nation brought in security experts to investigate an incident that shut down the tribe’s computer systems at its Wisconsin Dells casino. Wisconsin State Journal: ??

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.