Important: BreachAware does not operate under any other brand name and will never provide unauthorised access to compromised credentials. We ask our users to beware of illegitimate websites imitating BreachAware.

Global News Feed

2019-10-23 10:32:00 UTC
Naked Security | Sophos
Naked Security | Sophos
Travel database exposed PII on US government employees

A property management company owned by hotel chain Best Western has exposed 179 GB of sensitive travel information on thousands of travelers.

Amazon Data Loss Privacy Security Threats AWS Best Western Best Western Hotel & Resorts Group Data Breach Data Loss Department Of Homeland Security Elasticsearch Pii
2019-10-22 20:05:00 UTC
FTC Cracks Down on Stalkerware With Retina-X App Bans

The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.

Breach Mobile Security Privacy App Ban Data Breach FTC Retina-x Spyware Stalkerware
2019-10-22 19:44:00 UTC
Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing

The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.

Vulnerabilities Bridge Open Redirect Patch Plugins Qode Instagram Widget Qode Twitter Feed Vulnerabilities Wordpress Theme
2019-10-22 19:04:00 UTC
Krebs on Security
Krebs on Security
Ransomware Hits B2B Payments Firm Billtrust

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups.

Data Breaches Billtrust Ransomware Attack Steven Pinado
2019-10-22 18:30:00 UTC
Dark Reading
Dark Reading
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC

In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.

2019-10-22 18:00:00 UTC
Dark Reading
Dark Reading
NordVPN Breached Via Data Center Provider's Error

The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.

2019-10-22 17:13:00 UTC
No ‘Silver Bullet’ Fix for Alexa, Google Smart Speaker Hacks

Karsten Nohl, who was behind this week's research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.

Hacks IoT Newsmaker Interviews Podcasts Privacy Alexa Amazon Alexa Apple Apple Siri Google Home Smart Assistant Devices Smart Home Smart Home Hack
2019-10-22 16:00:00 UTC
The Daily Swig
The Daily Swig
VPN vendors contest impact of certificate breaches

NordVPN, TorGuard privacy squall will likely blow over users’ heads, says VPN market expert

2019-10-22 15:11:00 UTC
Magecart 5 Linked to Carbanak Gang

The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors.

Malware Web Security Advanced Threat Actors Carbanak Card Skimmers Dridex Magecart 5 Malwarebytes
2019-10-22 14:24:00 UTC
Naked Security | Sophos
Naked Security | Sophos
US nuclear weapons command finally ditches 8-inch floppies

The disks are part of the command centres that run the country’s nuclear missile deterrent on behalf of SACCS.

Government Security Floppy Disk IBM ICBM Nuclear Missile SACCS Strategic Automated Command And Control System US Military

BreachAware Insight

BreachAware Podcast

Listen to our podcast, where Andrew, the visionary CEO of BreachAware, sits down with unsung heroes of the cyber security industry. Get ready to uncover the stories and insights of industry trailblazers you might not have heard of before, as they share their experiences, opinions, and insider intel. But beware, it's not all serious talk—expect a healthy dose of humour (and the odd cussing) sprinkled throughout the conversation.

Amazon Music Apple Podcasts Spotify Podcast BreachAware YouTube Channel

Point of View

June 2024
Dark-Web Forum Collapse, Lockbit’s Misdirection, and Europol’s Botnet Crackdown.
In the ever-dramatic world of cybercrime, a small dark-web forum has found itself in a downward spiral, now up for sale. As covered in our weekly insight, the forum was breached by an unknown threat actor, prompting the admin to panic and shut it down. This came just days after the admin had taken to Telegram to badmouth the threat actor community and insult Shiny Hunters, the admin of Breach Foru...

Weekly Summary

15 July 2024

A total of 18 breaches were found and analysed resulting in 5,935,927 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Giant Tiger, Telegram Base 2019-2023, Stealer Log 0475, Stealer Log 0474 and Tattletale