Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Sept. 27th 2021

Sep 27, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities


Adobe ColdFusion

Despite being patched by Adobe a decade ago, two old ColdFusion vulnerabilities were recently exploited by hackers to deploy ransomware. Security Week:


Suex cryptocurrency exchange

The US Treasury Department is sanctioning Russia’s Suex cryptocurrency exchange for its role in laundering ransoms from cyberattacks. CNBC:

This Quebec-based provider of VoIP services was hit by a DDoS cyberattack that is disrupting phone calls and other services. Ars Technica:


21c Museum Hotels

A Louisville-based hotel chain informed employees of a data breach that impacted their email and personal information. The Business Journals:



A Russian hacking group launched a cyberattack on Marketron, a company that helps companies automate their advertising campaigns. The attack impacted thousands of Marketron’s customers, including several radio stations in Vermont. WCAX3:


Simon Eye

This US chain of optometry clinics reported a data breach that impacted more than 144,000 patients. The attackers “attempted to engage in wire transfer and invoice manipulation attacks” against the company. The Daily Swig:


Marcus & Millichap

This California-based commercial real-estate brokerage said that it had been hit by a cyberattack, but doesn’t believe that a breach occurred. The Real Deal:



Israeli communications company Voicenter announced that a cyberattack paralyzed several of its customers’ communications systems. Ynetnews:



Researchers disclosed a vulnerability in macOS Finder that enables an attacker to run commands on Macs running any version up to the latest Big Sur release. Bleeping Computer:


iCloud Private Relay

A weakness in Apple’s iCloud Private Relay function could be used to leak IP addresses from iOS devices running the latest version of the operating system. The Hacker News:


The Port of Houston

Hackers targeted the Port of Houston with a cyberattack on a password-management program. The port says it successfully defended itself, and no operations data or systems were impacted. The Hill:


Ursa Farmers Cooperative

Hackers demanded $6m in ransom from a cyberattack that targeted a farming cooperative in Iowa. The cooperative experienced a similar attack in 2018. WGEM:


Debt-IN Consultants

A ransomware attack on a debt-recovery service potentially exposed more than one million South Africans’ personal data. The attack occurred in April but was only confirmed this week. The Daily Swig:

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.