Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – Sept. 7th 2021

Sep 7, 2021By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

 

DuPage Medical Group

DuPage Medical, Illinois’ largest independent physician group, alerted 600,000 patients that their personal information may have been compromised after hackers breached its computer network. Chicago Sun-Times: https://chicago.suntimes.com/business/2021/8/30/22649201/dupage-medical-group-notifying-patients-data-breach

 

Bangkok Airways

Thailand’s Bangkok Airways apologized for a data breach that leaked passports, among other personal information. Ooda Loop: https://www.oodaloop.com/briefs/2021/08/30/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-data-leak/

 

COVID app Indonesia

The Indonesian government is investigating a security flaw in its COVID test-and-trace app that exposed the personal information of 1.3m people. WTVB:https://wtvbam.com/2021/08/31/indonesia-probes-suspected-data-breach-on-covid-19-app/

 

Fortress S03 WiFi Home Security System

Vulnerabilities in this home security system enable hackers to access and disarm devices without the victim’s knowledge. The Hacker News: https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html

 

US Census

New information regarding a January 2020 cyberattack on the US Census Bureau found that hackers used a publicly disclosed Citrix vulnerability to mount the attack. CPO Magazine: https://www.cpomagazine.com/cyber-security/citrix-vulnerability-exploited-for-cyber-attack-on-us-census-in-january-2020-government-says-hackers-did-not-access-census-results/

 

Beaumont Health

Nine months after file-sharing company Accellion announced a data breach, Michigan hospital operator Beaumont Health notified 1,500 patients that their data may have been compromised as a result. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/accellion-breach-beaumont-health/

 

WhatsApp

Europe’s data-protection commission fined the Facebook-owned messaging app $267m for violating the GDPR. TechCrunch: https://techcrunch.com/2021/09/02/whatsapp-faces-267m-fine-for-breaching-europes-gdpr/

 

BrakTooth

Researchers published details of 16 vulnerabilities that impact this Bluetooth software stack, which ships with system-on-a-chip boards. The Record: https://therecord.media/billions-of-devices-impacted-by-new-braktooth-bluetooth-vulnerabilities/

 

Gootloader

British online-security firm Sophos discovered a malware-delivery platform that is injecting websites with malicious content. Back End News: https://backendnews.net/sophos-discovers-gootloader-mothership-controls-malicious-content/

 

Dallas Independent School District

One of the largest school districts in the United States announced that hackers had accessed the personal data of students and employees. ZDNet: https://www.zdnet.com/article/dallas-school-district-admits-ssns-and-more-of-all-employees-and-students-since-2010-accessed-during-security-incident/

 

Banksy NFT

A hacker who tricked an art collector into spending over £240,000 for a non-fungible token returned the money. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/banksy-nft-scammer-returns-victim/

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.