A total of 29 breaches were found and analysed resulting in 78,149,373 leaked accounts containing a total of 39 different data types. The breaches found publicly and freely available included JD, InterBank, Topitop, 1Win and Stealer Log 0494. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Members of the cybercriminal community are reportedly outraged following the recent arrest of a fellow threat actor known as "Waifu." Canadian law enforcement apprehended Connor Riley Moucka last week in connection to the major "Snowflake" hack. For those unfamiliar, Snowflake is a cloud-based platform that provides thousands of organisations with seamless access to explore, share, and unlock the full value of their data. However, some threat actors discovered that the platform protected sensitive data—belonging to major organisations such as AT&T—using only a username and password, without two-factor authentication (2FA). As a result, over 160 companies were compromised, and Waifu is alleged to have played a significant role in the breach.

In response to Waifu's arrest, a threat actor is now posting sensitive data from well-known companies on a dark web forum, accompanied by the hashtag #FREEWAIFU. Among the leaked information are call logs for both Donald Trump and the current U.S. Vice President. The posts include a warning directed at AT&T: “You have until Sunday to contact me. If we do not hear from you, all presidential government call logs will be leaked. Don’t think we weren’t prepared for an arrest. Think again.” The post is signed with #FREEWAIFU.

Meanwhile, a large multinational sports betting company has recently suffered a significant data breach. The leaked data, which includes 450 million rows of information and details on over 100 million users, has appeared on underground cybercrime forums, where it is being widely downloaded. Popular across Asia and parts of Africa, the company’s data includes typical user information expected in such breaches. Negotiations for ransom started at $1 million but escalated to $15 million, causing talks to collapse. Consequently, the data was dumped on a prominent Russian-speaking hacking forum.

Adding a touch of irony to the cybersecurity news, a photo posted to the VX underground channel shows an ATM in Iran displaying an error message during the Interactive Teller Machine (ITM) software startup process. Humorously, the ATM appears to be running on Windows 98. This revelation comes amid public frustration over critical infrastructure in places like the UK still relying on outdated software such as Windows XP.

VULNERABILITY CHAT

Apple users in India have received a critical security alert this week from the Indian Computer Emergency Response Team (CERT-In), the country’s nodal security agency. The identified vulnerability poses a high risk of information disclosure, denial of service, and unauthorised access to sensitive user data.

Trend Micro’s Zero Day Initiative (ZDI) has issued a warning about vulnerabilities in the infotainment systems of multiple Mazda car models, which could enable attackers to execute code with root privileges. According to ZDI, these flaws—found in software version 74.00.324A—could be exploited together to achieve a complete and persistent compromise of the infotainment system.

Leading network-attached storage (NAS) manufacturer Synology has patched a critical vulnerability that could have permitted remote code execution on affected devices. NAS systems are particularly appealing to cybercriminals due to the large volumes of sensitive data they often store, including personal files, business documents, and backups.

Sophos X-Ops researchers report that a critical vulnerability in Veeam Backup & Replication software is being actively exploited to deploy a new ransomware strain known as “Frag.” This attack is part of a threat activity cluster dubbed STAC 5881 by the researchers.

Cisco has addressed a critical vulnerability in some of its software, which could have allowed threat actors to remotely execute malicious code. To prevent potential breaches, users are strongly advised to upgrade to version 17.15.1 of Cisco Unified Industrial Wireless Software. Users on versions 17.14 and earlier are urged to apply the patch without delay.

Cybersecurity researchers from JFrog have identified nearly two dozen security flaws affecting 15 different machine learning (ML) open-source projects. These vulnerabilities span both server- and client-side systems and were found in projects like Weave, ZenML, Deep Lake, Vanna.AI, and Mage AI. The issues, classified into broader categories, could enable attackers to hijack model registries, ML database frameworks, and control ML pipelines remotely.

6 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including PTZOptics (PT30X-SDI/NDI Cameras). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 879 vulnerabilities last week, making the 2024 total 33,762. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The Canadian government has directed TikTok to close its offices in Toronto and Vancouver due to concerns over data security and potential foreign influence. This decision reflects growing apprehension about privacy risks associated with the Chinese-owned app. However, officials have clarified that Canadians may still use TikTok on their personal devices.

South Korea’s Personal Information Protection Commission (PIPC) has fined Meta Platforms, Facebook's parent company, 21.6232 billion won (approximately USD $15.67 million) for major violations of the country's Personal Information Protection Act (PIPA). According to a statement on the PIPC website, the investigation found that Meta had collected highly sensitive information from roughly 980,000 South Korean users, including data on political and religious beliefs, as well as same-sex marital status.

Italy's data protection authority has strongly criticised Intesa Sanpaolo (ISP.MI), accusing the bank of downplaying a data breach affecting around 3,500 customers, including high-profile figures like Prime Minister Giorgia Meloni.

In the United States, the Department of Justice (DOJ) has proposed a rule to prohibit or restrict certain transactions that could allow individuals from countries of concern, such as China, access to large volumes of sensitive U.S. personal data or data related to the U.S. government. Authorised under the International Emergency Economic Powers Act, the rule specifies civil penalties for violations, capped at the greater of $368,136 or twice the amount of the violating transaction. Wilful violations could incur criminal penalties of up to $1 million or 20 years in prison.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan