Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
New Ransom Exposure Monitoring

At least 66 companies claimed to be breached in new ransomware campaign.

30 December 2024
BREACHAWARE HQ

A total of 2 breaches were found and analysed resulting in 8,773,882 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Pipl and Weee!. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The Clop ransomware group has listed 66 companies it claims to have breached through a vulnerability in Cleo Software’s file transfer tools. The group has issued a stark warning: the full identities of the organisations will be revealed if deadlines are ignored. Clop has reportedly reached out to affected organisations directly, providing secure links and contact details for negotiations. Cleo, on its part, states that its software serves more than 4,000 organisations worldwide.

Earlier this month, Huntress publicly disclosed that the vulnerability was actively being exploited and flagged concerns that the vendor's initial fix could be bypassed. Days later, Clop ransomware confirmed to BleepingComputer that it was behind the exploitation of CVE-2024-50623. The notorious group announced that data from earlier attacks would now be purged from its platform as it shifts focus to this latest extortion campaign.

Meanwhile, a newly published document from the American Cybersecurity and Infrastructure Security Agency recommends the EE2E messaging app Signal for all U.S. citizens. This guidance follows an open letter from Oregon Senator Ron Wyden to the Department of Defence, highlighting the extensive compromise of the nation’s telecom infrastructure. The root of the issue lies in SS7, a legacy telecom protocol from the 1980s designed for seamless global roaming. Back then, the telecom landscape was sparse, and the system operated on a foundation of trust. Today, with countless telecom providers and dark web vendors selling access to this ecosystem, SS7 has become a vulnerability. It allows providers unrestricted access to real-time data, including SMS messages, often transmitted in plaintext.

In another cyber-related breach, an IPTV service has fallen victim—not to law enforcement, but to a well-known threat actor within the community. The leaked data surfaced on several dark web hacking forums, including a prominent Russian-speaking platform, where it has circulated freely for days. This breach exposed nearly 20,000 users, revealing hashed bcrypt passwords and 19,000 unique email addresses.

VULNERABILITY CHAT

A newly disclosed, high-impact vulnerability in Dell’s widely used SupportAssist software has raised concerns, as it could allow attackers to escalate privileges on affected systems. The vulnerability originates from a symbolic link (symlink) attack within the software's remediation component. Exploiting this flaw enables a low-privileged, authenticated user to gain elevated privileges, potentially leading to unauthorised actions such as the arbitrary deletion of files and folders.

The Cyber Security Agency of Singapore has issued an alert regarding several critical vulnerabilities discovered in Apache software products. If exploited, these flaws could allow attackers to execute remote code on affected systems, posing a significant risk of full system compromise.

Meanwhile, Palo Alto Networks has identified a high-severity vulnerability in its PAN-OS software, capable of causing a denial-of-service (DoS) condition on vulnerable devices. The company revealed that the flaw was discovered during production use and acknowledged reports of customers "experiencing this denial-of-service (DoS) when their firewall blocks malicious DNS packets that trigger this issue."

1 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Acclaim Systems (USAHERDS). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 598 vulnerabilities last week, making the 2024 total 39,871. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The UK’s data protection regulator has raised concerns about privacy risks, revealing that up to 14 million UK adults lack the knowledge to properly wipe personal data from their mobile devices. This oversight could leave their privacy vulnerable if they replace their handsets this Christmas. The regulator noted that while over a quarter (27%) of adults plan to purchase a new device this holiday season, nearly a third (29%) are unaware of how to securely erase personal information from their old devices.

In the Netherlands, privacy regulator Autoriteit Persoonsgegevens (AP) has fined Coolblue €40,000 for unlawfully processing personal data via cookies in 2020. The AP investigation found that Coolblue presumed user consent for collecting personal data merely through website use, violating privacy regulations.

Meanwhile, Akumin Operating Corp. faces a proposed class action lawsuit for allegedly failing to protect sensitive health and personal data of its outpatient radiology and cancer patients. The suit claims Akumin’s inadequate cybersecurity measures led to a ransomware attack that exposed patient data, which the company became aware of on October 11, 2023. The complaint was filed in the U.S. District Court for the Southern District of Florida.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Socia-Demographic Data, Open Data and Public Records Data, Contact Data, Special Category, Technical Data, Transactional Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0