A total of 22 breaches were found and analysed resulting in 5,145,008 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Le Slip Francais, Detmir, Illuvium, Stealer Log 0490 and Wine Style. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Call of Duty gamers worldwide are in an uproar over a new Ricochet anti-cheat exploit that allows threat actors to permanently ban players remotely. The Ricochet anti-cheat mechanism, used by modern video games and similar to antivirus software, utilises signature scanning. This involves scanning memory (RAM) sections to ensure smooth operations and detect any tampering, especially looking for footprints of known cheat software in hexadecimal code.

A threat actor discovered that Ricochet’s scanning process interprets specific hexadecimal sequences as cheat signatures. For example, the sequence `54 72 69 67 67 65 72 20 42 6f 74` translates to “Trigger Bot” in hex. By sending a friend request or in-game message containing this term, Ricochet detects the hexadecimal pattern in the recipient's memory, resulting in an immediate ban.

This may seem trivial to non-gamers, but it has had significant consequences. Professional video game streamers, whose livelihoods depend on gaming, have been affected, and thousands of players have been permanently banned from a game costing around £60, plus add-ons. The threat actor behind this exploit appears motivated by amusement rather than financial gain. Activision, the game’s publisher, has begun unbanning affected accounts, but this issue only came to light after high-profile streamers were banned. Many everyday gamers, likely without a platform to raise awareness, may have been locked out for some time.

Meanwhile, a well-known insurance company, previously breached a couple of years ago, is seeing a sudden surge in the circulation of its exfiltrated database. After disappearing from forums, the data has resurfaced, now widely shared by both amateur hackers and major hacking forums. Individuals affected by this breach should be on guard for renewed phishing attempts and potential identity theft.

Additionally, our team has identified a large dump of data breaches from crypto-related companies across various platforms. Over the past several days, data from more than 15 different crypto companies has been leaked online. The databases range from a few hundred to tens of thousands of unique email addresses, often containing sensitive information. It seems likely that someone either bought a batch of crypto data, extracted its value, and is now dumping it for free on the dark web, potentially to cause further disruption.

VULNERABILITY CHAT

Nvidia has issued an advisory bulletin detailing eight high-severity Common Vulnerabilities and Exposures (CVEs). This urgent security warning highlights the potentially severe impacts these vulnerabilities pose, including risks of code execution, denial of service (DoS), privilege escalation, information disclosure, and data tampering.

A critical security vulnerability has also been discovered in Arcadyan routers, attributed to the unintentional inclusion of Wi-Fi Alliance testing software in production models. This software is vulnerable to command injection attacks, allowing attackers to gain full control over affected devices by sending specially crafted packets.

Cisco has released updates to patch an actively exploited flaw in its Adaptive Security Appliance (ASA) that could result in a denial-of-service (DoS) condition. This flaw, which causes resource exhaustion, can be exploited remotely and without authentication to disable the RAVPN service. Cisco has also provided guidance to help users mitigate password spraying attacks.

Fortinet has published a security advisory regarding an authentication vulnerability in FortiManager. The National Cyber Security Centre (NCSC) is currently assessing the impact on UK networks and investigating reported cases of active exploitation.

5 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including ScienceLogic (SL1). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 958 vulnerabilities last week, making the 2024 total 31,983. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The Irish Data Protection Commission has fined LinkedIn €310 million ($335 million) for violating user privacy through behavioural analysis for targeted advertising. This probe, which began following a 2018 complaint from the French Data Protection Authority, concluded that LinkedIn violated three GDPR principles related to transparency and fairness.

Privacy concerns have emerged over NHS staff using WhatsApp to share patient data. Doctors and nurses are regularly exchanging confidential patient information, test results, and medical documents through the messaging app. While experts have flagged this as a security risk, healthcare professionals cite slow, outdated NHS technology as leaving them with no alternative.

Pinterest is facing a new complaint from European privacy nonprofit noyb, alleging that its visual discovery engine’s tracking ads violate GDPR by tracking and profiling users without consent.

Apple has announced it will allow investigations into its Private Cloud Compute (PCC) system, which handles more complex Apple Intelligence requests. Additionally, the company has expanded its bug bounty program, offering up to $1 million for vulnerabilities discovered within the PCC system.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan