Weekly Breach Report – August 17th

Aug 17, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

vBulletin

Researchers disclosed proof-of-concept exploit code for an unpatched zero-day remote code execution vulnerability in vBulletin online-forum software that is already being actively exploited in the wild. The Hacker News: https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html 

 

Michigan State University

Hackers breached Michigan State University’s online store, gaining access to more than 2,600 customer credit-card numbers and other personal information. Detroit News: https://www.detroitnews.com/story/news/local/michigan/2020/08/11/hackers-breach-customer-data-michigan-state-online-store/113014252/

 

Walgreens

Walgreens reported a data breach affecting more than 180 US stores and 72,000 individuals containing healthcare information and customer records. Health Leaders Media: 

https://www.healthleadersmedia.com/innovation/walgreens-reports-data-breach-affecting-72k-individuals

 

Citrix Endpoint Management

Citrix released patches for security vulnerabilities that impact its Endpoint Management product, which helps companies to manage and secure employees’ mobile devices remotely. The Hacker News: https://thehackernews.com/2020/08/citrix-endpoint-management.html

 

SANS Institute

This U.S.-based institute, which trains cybersecurity professionals worldwide, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday. CyberScoop: 

https://www.cyberscoop.com/sans-institute-data-breach-pii/

 

Amazon Alexa

Researchers disclosed several security vulnerabilities in Amazon’s Alexa that could enable hackers to spy on users. The Hacker News: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html

 

Xcode

Hackers are installing malware in projects using Xcode, an integrated development environment used to develop Apple-related software. The malware compromises Safari and other browsers. ZDNet: https://www.zdnet.com/article/mac-malware-spreads-through-xcode-projects-abuses-previously-unknown-vulnerabilities/

 

Brown-Forman

A cyberattack on this alcoholic-beverage manufacturer including Jack Daniels impacted employee data and other information. Forbes: https://www.forbes.com/sites/leemathews/2020/08/17/brown-forman-hacked-1tb-data-stolen/#2582509b4da0

 

ProctorU

This online exam-proctoring platform confirmed a data breach after a hacker released a stolen database of user information on a hacker forum. Bleeping Computer: https://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/

 

Boston University and Emerson College

These schools notified students and alumni about a potential data breach at Blackbaud, one of their third-party technology vendors. Boston Globe: https://www.bostonglobe.com/2020/08/08/metro/hackers-access-personal-information-bu-emerson/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.