A total of 15 breaches were found and analysed resulting in 65,131,591 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Pure Incubation Ventures, Eye4Fraud, APK, AvaTrade and Writers and Artists. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A major Indian finance company has suffered a data breach, and its entire user base is now being sold on the dark web. The compromised database contains over 850 million records, totalling 243 GB of data. Exposed information includes a wide range of personally identifiable details such as email addresses, driver's licenses, physical addresses, and mobile carrier information. The threat actor has priced the database at $30,000 and is advertising it on prominent hacking platforms. As of this writing, the company has not disclosed the breach. Whether this data will eventually be released for free remains uncertain. Whoever purchases it is likely to exploit it to its full value. The data may never surface publicly, or it could appear in the coming months.

Meanwhile, things aren't going well for two administrators of WWH-Clubs, a cybercrime forum that has been active since 2012. The site, which was accessible on ClearNet, marketed itself as "a meeting place for professionals." The admins, one a Russian national and the other from Kazakhstan, entered the U.S. in 2021 as asylum seekers. After being granted asylum, one deposited $50,000 in cash into an American bank and rented an expensive condo in Florida, proudly displaying it on social media. The other admin purchased a $100,000 Corvette, also shared on social media.

The authorities discovered that the forum was hosted on a DigitalOcean server, and a quick search warrant allowed them to seize the site's database. They found 71 staff emails linking these two admins to the forum. One of the admins made a critical mistake by connecting his personal Gmail account to the site, which led law enforcement to find a large collection of holiday photos. The other admin was traced through Bitcoin payments made by forum users; blockchain analysis revealed that these payments were being cashed out on an American cryptocurrency exchange. Despite these setbacks, the forum remains operational. The head admin, likely still in Russia, has set up a fund to support the families of the captured admins. This situation serves as a reminder to cybercriminals in Russia: it's safer to stay in Russia.

The doxing wars continue on various breach forums, with recent encouragement from notable threat actors and respected community members suggesting that two more incidents are imminent. Law enforcement is reportedly pleased that these internal conflicts are making their job easier.

VULNERABILITY CHAT

Researchers from Cisco Talos have discovered eight vulnerabilities in Microsoft apps running on the macOS operating system. These vulnerabilities allow a malicious actor to bypass the operating system’s permission model using existing permissions without requiring additional user verification. Despite the findings, Microsoft considers these vulnerabilities to be low risk and has declined to fix them.

GitHub has released patches to address three security flaws in its Enterprise Server product, including a critical vulnerability that could be exploited to gain site administrator privileges. According to GitHub's advisory, on instances of GitHub Enterprise Server that use SAML single sign-on (SSO) authentication with specific identity providers (IdPs) utilising publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision or gain access to a user account with site administrator privileges.

LiteSpeed Cache, a popular WordPress plugin for site optimisation, has a vulnerability that enables hackers to escalate their privileges to admin rights, potentially taking over the site from its rightful owner. This flaw leaves approximately 5 million WordPress sites vulnerable to such attacks.

Google has recently addressed 38 security gaps in its Chrome web browser with a new update. One of these vulnerabilities is already being exploited in the wild. Users can check if their browser is up to date by clicking the icon with the three stacked dots to the right of the address bar and navigating to "Help" – "About Google Chrome."

SolarWinds has issued an update to fix a hardcoded credential vulnerability in its Web Help Desk product. This flaw could allow remote, unauthenticated users to access internal functions, log into vulnerable instances, and modify sensitive data.

Finally, two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system. These flaws could potentially be exploited by unauthenticated attackers to achieve remote code execution under certain conditions. The issues stem from how the program handles device image file uploads, allowing an attacker to overwrite certain files on the file system and trigger code execution.

6 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Versa (Director). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 648 vulnerabilities last week, making the 2024 total 25,958. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Google has announced a new Chrome update for its 2 billion Android users that significantly enhances security and privacy, positioning it ahead of iPhone and Safari in these areas. The update includes a feature that redacts sensitive content during screen sharing, screen recording, and similar actions. When enabled, this will prevent accidental sharing of sensitive information such as credit card numbers, passwords, or other classified details entered into Chrome fields.

Austria-based digital rights group NOYB has filed two complaints against a European Union institution for violating the General Data Protection Regulation (GDPR) following a data breach discovered earlier this summer. In June, the European Parliament informed up to 9,000 staff members that its recruitment application, PEOPLE, had been breached. The compromised data included staff members' ID details, birth certificates, employment history, medical records, marriage certificates (which could reveal sexual orientation), and proof of work spanning the past decade.

In the Netherlands, ride-hailing platform Uber has been fined 290 million euros ($324 million) for transferring the personal data of European taxi drivers to the United States in violation of EU regulations. The Dutch Data Protection Authority (DPA) confirmed that Uber has since ceased this practice.

The Information Commissioner’s Office (ICO) has introduced a privacy notice generator to assist small voluntary sector organisations in safeguarding people's information rights. This online tool helps small charities and organisations within the voluntary sector create customised privacy notices for display on their websites or in other communications. See: https://ico.org.uk/for-organisations/advice-for-small-organisations/create-your-own-privacy-notice/

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan