A total of 30 breaches were found and analysed resulting in 340,885,509 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Allegedly SOCRadar [USDoD], Rail Yatri, Wanelo [Update], Yatra and Youth Manual. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The situation at a Las Vegas resort during Defcon 2024, a major hacking conference, reflects the heightened security concerns that arise when a large number of cybersecurity experts and hackers gather in one place. The resort has decided to conduct daily room inspections, including rooms with privacy signs, citing guest safety as the reason. They might be specifically looking for signs of hacking activities, such as computers with command prompts, RGB keyboards, or other tools typically associated with hacking.

In a related development, a post on a popular cybercrime forum last week drew significant attention. It claimed to have leaked data from a reputable cybersecurity company, consisting of 332 million rows of email addresses. However, after scrutiny from cybersecurity researchers and professionals, it was revealed that the data wasn’t stolen but rather aggregated from publicly available sources. The threat actor had subscribed to the platform, impersonated a legitimate company, and gathered data from various channels, which they then posted. This activity, while not involving new or private data, still has serious implications as it perpetuates the circulation of personal information, potentially leading to phishing or other malicious activities.

Finally, a data breach at a platform specialising in software for auto sales has surfaced. Threat actors managed to exfiltrate a significant database from the company, and the data is now circulating for free. The company involved will need to act quickly to mitigate the damage and prevent future incidents.

VULNERABILITY CHAT

Oligo Security's research team has uncovered a "0.0.0.0 Day" vulnerability that affects major web browsers, including Google Chrome/Chromium, Mozilla Firefox, and Apple Safari. This vulnerability allows websites to communicate with software running on macOS and Linux systems by using the IP address 0.0.0.0 instead of the traditional localhost/127.0.0.1. This flaw poses a significant security risk as it enables public websites using .com domains to interact with services on a user's local network, potentially leading to unauthorised access or data breaches.

In another significant discovery, a vulnerability in the popular open-source firewall software pfSense has been identified, which could allow remote code execution (RCE) attacks. This vulnerability highlights the risks associated with pfSense installations, especially those utilising the pfBlockerNG package. The potential for RCE attacks raises serious concerns for users relying on this software to protect their networks.

Two vulnerabilities in the macOS version of the 1Password password manager have been confirmed by its developer, AgileBits. These vulnerabilities, discovered by the Robinhood Red Team during a security assessment, could allow malware to steal sensitive information stored in 1Password vaults and even obtain the account unlock key. AgileBits has since released updates to patch these vulnerabilities, but the incident underscores the importance of maintaining up-to-date security software.

A critical security flaw has also been found in Cisco’s Smart Software Manager On-Prem (SSM On-Prem), which could allow unauthenticated, remote attackers to change user passwords, including those of administrative users. The flaw, stemming from an improper implementation of the password-change process, has raised alarms among IT professionals and Cisco users, given the potential for unauthorised access and control.

The Securities and Exchange Commission (SEC) has concluded its investigation into the MOVEit file transfer tool, which was exploited by hackers last year to steal millions of people's data. The SEC has decided not to pursue enforcement action against Progress, the company behind MOVEit, indicating that while the vulnerability had significant consequences, the company may not have violated any SEC regulations.

At Defcon 2024, security experts Enrique Nissim and Krzysztof Okupski presented a serious security vulnerability affecting AMD processors, dating back at least 10 years and including the latest Ryzen 7000 series. This vulnerability impacts hundreds of millions of AMD chips, making them vulnerable to malware without in-depth firmware changes, presenting a massive challenge for both AMD and its users.

Lastly, two security vulnerabilities have been identified in Jenkins, an open-source automation server. These vulnerabilities could allow attackers to read arbitrary files from the Jenkins controller file system and potentially lead to remote code execution (RCE). This discovery is particularly concerning given Jenkins' widespread use in automating tasks and managing continuous integration and deployment pipelines.

Additionally, Microsoft researchers have uncovered multiple medium-severity vulnerabilities in OpenVPN, an open-source project widely used across various devices. These vulnerabilities, if exploited in a chain, could lead to remote code execution (RCE) and local privilege escalation (LPE), putting millions of devices at risk.

3 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Apache (OFBiz). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 437 vulnerabilities last week, making the 2024 total 24,234. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

At least four class action lawsuits have been filed in response to what is being described as the largest breach of Personally Identifiable Information (PII) on record. The breach involved more than 200 gigabytes of data, containing nearly 3 billion records, including Social Security numbers and criminal records, stolen from the computer systems of National Public Data, a Florida-based data broker. The stolen data includes the PII of an unknown number of U.S., Canadian, and British citizens.

The Irish Data Protection Commission (DPC) has initiated court proceedings against the social media platform X, as reported by Ireland's High Court website on Tuesday, August 6. The case centres on the processing of user data for Grok, an artificial intelligence (AI) model, according to the Irish Examiner. X’s Global Government Affairs account confirmed the accuracy of this report in a post on August 7.

The U.S. Department of Justice (DOJ), together with the Federal Trade Commission (FTC), has filed a civil lawsuit in the U.S. District Court for the Central District of California against TikTok, ByteDance, and their affiliates. The complaint alleges that from 2019 to the present, TikTok knowingly allowed children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the platform.

The European Commission has decided not to reopen the General Data Protection Regulation (GDPR), instead choosing to focus on its enforcement, particularly as privacy concerns in the era of artificial intelligence (AI) continue to grow. This decision was welcomed by left-leaning members of the European Parliament (MEPs), who believe that maintaining strong enforcement of GDPR is crucial to upholding privacy and security standards in the face of advancing technologies.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan