Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – September 21st

Sep 21, 2020By Shaina Raskin

Cybersecurity companies

According to a new study, 97% of cybersecurity companies have data leaks and other security issues that result in sensitive information being exposed on the Dark Web. The Hacker News: https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html

 

Department of Veterans Affairs

A cybersecurity breach at the Department of Veterans Affairs has potentially exposed the personal information of 46,000 veterans. FederalNewsNetwork:

https://federalnewsnetwork.com/veterans-affairs/2020/09/va-data-breach-exposes-personal-information-for-46000-veterans/

 

Greenville Technical College

Greenville Technical College in South Carolina discovered malware-infected files on its systems that impacted its ability to access those systems. WSPA:https://www.wspa.com/news/local-news/greenville-technical-college-releases-information-about-data-breach/

 

Dunkin’ Donuts Settlement

New York Attorney General Letitia James announced a settlement with Dunkin’ Brands, resolving a lawsuit over its failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. SecurityMagazine: https://www.securitymagazine.com/articles/93393-dunkin-donuts-settles-data-breach-lawsuit

 

First death caused by ransomware

For the first time, a hospital patient’s death has been linked directly to a cyberattack. Police have launched a “negligent homicide” investigation after ransomware disrupted emergency care at Düsseldorf University Hospital in Germany. TechnologyReview:

https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/

 

Android malware

An Iranian hacker group developed Android malware to steal two-factor-authentication SMS codes. The malware could steal codes for Google accounts and contained some functionality to do the same for Telegram and various social networks. ZDNet: https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes/

 

Mailfire

A company that provides online marketing tools left an Elasticsearch server unprotected online, exposing the personal data of hundreds of thousands of users who signed up for online dating sites. ZDNet: https://www.zdnet.com/article/leaky-server-exposes-users-of-dating-site-network/

 

Equinix

Hackers hit California-based Equinix, one of the US’s largest datacenter providers, with a ransomware attack and demanded $4.5m in ransom. The Windows Club: https://news.thewindowsclub.com/equinix-data-centers-hit-by-ransomware-incident-investigation-on-102990/

 

Manitoulin Transport

Following a ransomware attack on this large Canadian trucking company in July, hackers posted a cache of stolen data online. CDLLife: https://cdllife.com/2020/hackers-post-stolen-data-from-prominent-trucking-company-following-cyber-attack/

 

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.