A total of 20 breaches were found and analysed resulting in 19,990,155 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Lumin [2], Scentbird [2], Stealer Log 0467, Respect-Shoes and Tecnova Group. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A former employee of a national computer systems company based in Singapore has landed in hot water. This well-established company, founded in 2002, operates in various industries including insurance, pharmaceuticals, banking, and manufacturing. After being fired, the disgruntled employee accessed the company's test systems and wiped 180 virtual servers, causing an estimated $670,000 in damages. He has been arrested and sentenced to 2.5 years in prison.

Microsoft's new feature, Recall, has been reverse-engineered. A security researcher, Xaitax, posted a 200-line Python script on GitHub that extracts and displays all screenshots taken by Recall. On June 7th, Microsoft updated Recall, making it an opt-in feature rather than opt-out. The update now requires facial recognition to view the screenshots created by Recall and adds encryption to where the screenshots are stored. Despite these changes, privacy concerns remain prevalent.

The infamous cybercrime forum Breachforums has resurfaced once again. Several days ago, it disappeared from the internet, including its Tor domain, Clearnet site, and two Telegram channels operated by the admin, Shiny Hunters. There was no explanation or seizure banners, leading to speculation that Shiny Hunters had been arrested. Eight hours before the disappearance, the admin shared a message on Telegram expressing exhaustion from running the forum.

However, 48 hours later, Breachforums reappeared. The admin posted in the Announcements section explaining the situation: “Spamhaus blacklisted our SMTP host. Then, we ran into more issues with our NGINX config.” “Our Telegram account (@shinycorp) and the 'Jacuzzi 2.0' group got banned and blacklisted. Because of all this, we're stepping away from using any Telegram account for ShinyHunters.” Recently, the admin announced, “This forum is back with the original team behind Breachforums.” We will continue to monitor updates about the forum, as it's important to track where many threat actors congregate.

VULNERABILITY CHAT

Microsoft has confirmed a significant Wi-Fi vulnerability in Windows. This alarming security flaw does not require physical access to the target computer but does need physical proximity. An attacker exploiting this vulnerability can gain remote code execution on the affected device. The vulnerability impacts all supported versions of the Windows operating system, making it a widespread concern.

Following a February report by the Dutch National Cyber Security Centre (NCSC) on the advanced COATHANGER malware targeting FortiGate systems, further investigation by the Dutch Military Intelligence and Security Service (MIVD) and the Dutch General Intelligence and Security Service (AIVD) has revealed a more extensive Chinese cyber espionage campaign than initially recognised.

Ransomware criminals have rapidly weaponised a PHP programming language vulnerability that executes malicious code on web servers, as reported by security researchers. Security firm Censys found 1,000 servers infected by the ransomware strain TellYouThePass, down from 1,800 earlier. These servers, primarily in China, no longer display their usual content and show all files with a .locked extension, indicating encryption. The accompanying ransom note demands about $6,500 for the decryption key.

Vulnerabilities in edge services and infrastructure devices are increasingly exploited by cyber threat actors, according to a new report by WithSecure. Edge services, accessible from both the internet and internal network, provide an ideal initial access point into a network. Recent security incidents include MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.

A group of London hospitals struggling with the aftermath of a cyberattack on a critical supplier had been aware for years of vulnerabilities that left them susceptible to hacks, according to documents reviewed by Bloomberg News.

5 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including PHP Group (PHP). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,022 vulnerabilities last week, making the 2024 total 19,193. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The Commercial Bank of Ethiopia faced backlash for violating customers' privacy by publishing hundreds of names and photographs to recover $14 million lost during an ATM network glitch incident. The international digital rights group Access Now and Ethiopia's Centre for Advancement of Rights and Democracy criticised the bank's name-and-shame strategy following the system glitch in March that allowed unauthorised withdrawals.

Meta, the parent company of Facebook and Instagram, has paused the rollout of artificial intelligence (AI) tools in Europe after a “request” from Ireland’s Data Protection Commission (DPC). The decision came after intensive engagement between Meta and the DPC, according to a statement from the Irish authority.

Concerns arose on social media about Apple's integration of OpenAI's ChatGPT, but security experts have praised the data privacy measures in Apple's new AI services for iOS and macOS devices. These services, planned for release in September, feature an architecture that ensures data is not stored outside the device. Apple has promised to delete user data immediately after delivering responses from models running on its specially designed data centre servers.

The Office of the Privacy Commissioner of Canada (OPC) has launched a joint investigation into the data breach that occurred in October 2023 at the global genetic testing company 23andMe. The investigation, conducted with the UK Information Commissioner’s Office, aims to leverage the combined resources and expertise of both offices to address the breach.