A total of 32 breaches were found and analysed resulting in 32,522,728 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included IndiHome, LenDenClub, USA Business Men & Investor Database, US Doctor's Database 2024 and Stealer log 0473. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

This week, a staff member discovered a fascinating data collection—a large folder purportedly containing information on every physician practicing in the USA. While the source of this data remains unclear, it is being widely shared on various cybercrime forums. Doctors should be cautious to avoid falling victim to phishing attacks, as this folder exposes significant information, including where they work and their specialisations.

VX Underground, a malware analysis group, revealed an amusing incident. Users of a well-known Russian-speaking hacking forum inadvertently exposed themselves. The threat actors have appeared in Threat Intelligence infostealer logs because they fell victim to the malware they attempted to weaponise. Not the smartest move.

In another FBI mishap, the Baphchat telegram group is back under threat actor control. The FBI seized this group, operated by Baphomet, during their attack on the OneBreach forum several weeks ago. However, a threat actor managed to reclaim it. A well-known threat actor and moderator on the forum posted a statement a few days ago, celebrating the recovery: "This is truly a heroic day for all of us and a shameful day for the FBI, who fumbled the seizure." The group link now reads, "This Telegram chat is under the control of Breachforums," and the chat is active, with threat actors rejoicing in yet another FBI blunder.

VULNERABILITY CHAT

Researchers at the Qualys Threat Research Unit (TRU) have uncovered a critical security vulnerability in OpenSSH server (sshd) that affects over 14 million glibc-based Linux systems. This flaw could allow cybercriminals to gain complete root access to the vulnerable servers.

A malicious actor known as “tikila” has advertised a local privilege escalation (LPE) vulnerability for Windows on a hacking forum. The advertisement claims the vulnerability is 100% reliable and does not cause system crashes, ensuring process continuity.

A proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in HTTP File Server (HFS) software. Exploiting this vulnerability allows attackers to gather system information, create backdoor accounts, and potentially deploy malware.

In infosec circles, there is significant discussion about a vulnerability in Ghostscript that some experts believe could lead to several major breaches in the coming months. Thomas Rinsma, lead security analyst at Codean Labs, discovered a method to achieve remote code execution (RCE) on machines running Ghostscript by bypassing the -dSAFER sandbox.

Google has introduced a new vulnerability reward program (VRP) called kvmCTF, announced in October 2023. The program offers bounties of up to $250,000 for full VM escape exploits and aims to enhance the security of the Kernel-based Virtual Machine (KVM) hypervisor.

1 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Cisco (NX-OS). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 435 vulnerabilities last week, making the 2024 total 20,871. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The European Commission has formally requested information from Amazon regarding its compliance with the Digital Services Act (DSA). If the Commission, the EU's enforcement arm, determines that Amazon has violated the DSA, it can initiate an investigation. If found guilty, Amazon could face fines of up to 6% of its worldwide annual turnover.

Brazil's national data protection agency (ANPD) has announced an immediate suspension of Meta's latest privacy policy, which allows the company to train generative AI models, such as chatbots, using user posts. Meta has a significant presence in Brazil, with 102 million Facebook users and more than 113 million Instagram users in the country.

Rhode Island has become the latest state to pass comprehensive data privacy legislation with the enactment of the Rhode Island Data Transparency and Privacy Protection Act, commonly known as the Rhode Island Data Privacy Act. Similar to other US state data privacy laws, the Act defines "personal data" as information linked or reasonably linkable to an identified or identifiable individual, excluding de-identified data and publicly available information.

The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) has published the “Artificial Intelligence: Model Personal Data Protection Framework.” This framework addresses the growing challenges to data protection and cybersecurity in the era of artificial intelligence. It provides practical and internationally recognised practices to safeguard personal data as Hong Kong transitions into an innovation and technology hub.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan