Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Weekly Breach Report – September 28

Sep 28, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Microsoft Bing

A researcher discovered a data leak in a back-end server belonging to Microsoft Bing. The Hacker News:



Shopify confirmed a data breach in which two “rogue members” of its support team stole customer data. Tech Crunch:


Town Sports International

This parent company of several New York sports clubs was alerted to an unprotected server containing terabytes of internal corporate data. Tech Crunch:



The world’s largest eyewear company, based in Italy, experienced a cyberattack that shut down operations in both its home country and China. Bleeping Computer:


University of Tasmania

The personal information of 20,000 students at this Australian island-state university was exposed online due to misconfigured security settings on its email system. Yahoo News Australia:–spt.html



Researchers disclosed details of a vulnerability in Instagram’s Android app that enables remote attackers to control a targeted device by sending victims specially crafted images. The Hacker News:


Fortigate VPN

A vulnerability in this cybersecurity firm’s Fortigate VPN solution exposed more than 200,000 businesses to man-in-the-middle attacks in which criminals present a valid SSL certificate and take over a connection. The Hacker News:


Video game industry

A new study claims that the gaming industry suffered 152m web-application attacks and 10 billion credential-stuffing attacks during the past two years. Computer Weekly:


Hungarian banking and telecoms

A DDoS attack hit several Hungarian banking and telecommunication companies. Yahoo News:



Researchers discovered FinSpy spyware targeting Linux and macOS systems in Egypt. The Hacker News:



A researcher set up a honeypot vulnerable to CVE-2020-1472, also known as ZeroLogon, and detailed an “in the wild” exploitation of the vulnerability. Double Pulsar:


Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.