Important: BreachAware does not operate under any other brand name and will never provide unauthorised access to compromised credentials. We ask our users to beware of illegitimate websites imitating BreachAware.

Global News Feed

POPULAR CYBERSECURITY PUBLICATIONS
2020-09-15 12:15:00 UTC
The Daily Swig
The Daily Swig
Databases, cloud storage, and more at risk from exposed access keys

Inadvertent leaks during software development places organizations at risk

2020-09-15 11:47:00 UTC
ThreatPost
ThreatPost
MFA Bypass Bugs Opened Microsoft 365 to Attack

Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.

Cloud Security Vulnerabilities Web Security Authentication Azure Cloud Computing COVID-19 Mfa Multi-factor Authentication Office 365 Proofpoint Threat Actors Visual Studio WS-Trust
2020-09-15 11:23:00 UTC
The Daily Swig
The Daily Swig
Public Health Wales data breach leaks Covid-19 test results of 18,000 residents

But health body is praised for ‘openness and honesty’ in wake of incident

2020-09-15 11:23:00 UTC
The Daily Swig
The Daily Swig
Public Health Wales data incident leaks Covid-19 test results of 18,000 residents

But health body is praised for ‘openness and honesty’ in wake of incident

2020-09-14 21:20:00 UTC
ThreatPost
ThreatPost
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

Government Hacks Vulnerabilities China Chopper CISA Citrix VPNs Cobalt Strike CVE-2019-11510 CVE-2019-19781 CVE-2020-0688 CVE-2020-5902 Exploit F5 BIG-IP Devices Microsoft Microsoft Exchange Mimikatz Network Compromise Pulse Secure VPNs Spearphishing U.S. Government Vulnerability
2020-09-14 21:15:00 UTC
Dark Reading
Dark Reading
E-Commerce Sites Hit With New Attack on Magento

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.

2020-09-14 20:00:00 UTC
ThreatPost
ThreatPost
Cloud Leak Exposes 320M Dating-Site Records

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.

Breach Cloud Security InfoSec Insider Privacy Web Security Adult Dating Sites Cloud Server Data Leak Elasticsearch Exposure Mailfire Meow Attack Misconfiguration Personal Information Records Romantic Preferences VpnMentor
2020-09-14 19:47:00 UTC
Krebs on Security
Krebs on Security
Due Diligence That Money Can’t Buy

Most of us automatically put our guard up when someone we don't know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here's the story of how companies searching for investors to believe in their ideas can run into trouble.

A Little Sunshine David Bruno Jason Kane Jonathan Bibi Peiffer Wolf SafeSwiss Secure Communication AG Secure Swiss Data The Private Office Of John Bernard
2020-09-14 16:23:00 UTC
ThreatPost
ThreatPost
TikTok Fixes Flaws That Opened Android App to Compromise

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.

Mobile Security Vulnerabilities Android App Privacy App Security Arbitrary Code Execution Data Theft Google Play Mobile App Tiktok Tiktok App Update
2020-09-14 16:01:00 UTC
ThreatPost
ThreatPost
Magecart Attack Impacts More Than 10K Online Shoppers

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Hacks Malware Vulnerabilities Web Security E-commerce Sites Hacked Large Campaign Magecart Magento Online Shoppers Payment Card Skimmer Sansec Stolen Credit Cards Zero Day Exploit

BreachAware Insight

THE LATEST CURATED INTEL FROM OUR RESEARCH CENTRE

Listen to our podcast, where Andrew, the visionary CEO of BreachAware, sits down with unsung heroes of the cyber security industry. Get ready to uncover the stories and insights of industry trailblazers you might not have heard of before, as they share their experiences, opinions, and insider intel. But beware, it's not all serious talk—expect a healthy dose of humour (and the odd cussing) sprinkled throughout the conversation.

Point of View

OUR TAKE ON TRENDING STORIES
February 2024
By SUE DENIM
The Truth Behind "The Xun" Repository Bombshell.
Well, well, well, it seems the digital waters are getting murkier by the day. A mysterious GitHub user by the name of I-SOON recently made their grand entrance onto the coding scene, dropping a repository bombshell titled "The Truth Behind an Xun." Inside? Oh, just a casual 200 megabytes of top-secret intel about a Chinese cybersecurity company. Talk about spilling the digital tea!

This treasur...

Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
25 March 2024
BREACHAWARE HQ

A total of 24 breaches were found and analysed resulting in 87,916,303 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included AT&T Division, US Consumer Opt In Records, Gosuslugi [2], Kava CasinoLife Poker and Stealer Log 0438