Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
Husky Breach Exposure Monitoring

Husky owners breach spreads like wildfire.

15 July 2024
BREACHAWARE HQ

A total of 18 breaches were found and analysed resulting in 5,935,927 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Giant Tiger, Telegram Base 2019-2023, Stealer Log 0475, Stealer Log 0474 and Tattletale. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

This week, various data breaches have surfaced on both the clear-net and dark-web. One breach that has particularly captured attention involves a medium-sized breach concerning owners of Husky dogs (K9). From international criminals to dog owners, the internet seems to cater to everyone. A significant amount of data was exposed in this breach, and its impact has been unexpectedly notable. While similar breaches in recent years have quickly faded from public memory, this particular breach has remained prominent. Husky forum members should remain vigilant against phishing emails.

Another significant breach involves a threat actor leaking data from NATO’s wiki. Although NATO’s sensitive documents have not been compromised, a section of their site or related information has been affected. VX Underground reported, "Upon reviewing the data, we can confirm the compromise is real. However, 'redacted' compromised an internal wiki for NATO. It is not a compromise of NATO's internal network infrastructure." The leaked data includes physical addresses, full names, and approximately 7,000 unique email addresses.

Meanwhile, the Breach Forums community has been in turmoil following the FBI’s disruption of their operations a few months ago. A respected threat actor within the community had announced plans to launch a new forum called Breach Nation, originally set to open on July 4. However, personal issues have delayed these plans. The threat actor recently posted on X (Twitter), stating, "It has been a hell of a week in personal life. I had to go to hospital twice in one week, but I'm ok now. I will take some time off. Don't expect an update on the forum or any more activity. I have to take some time off to fix some personal and family-related issues."

The cybercrime community, security researchers, and law enforcement will have to wait a bit longer for the launch of Breach Nation.

VULNERABILITY CHAT

A critical security vulnerability has been discovered in the popular RADIUS network authentication protocol, which is used by networks worldwide to authenticate users. This flaw, named BlastRADIUS by InkBridge Networks, could expose networks to Man-in-the-Middle (MitM) attacks.

In the world of Bitcoin development, a culture of responsible disclosure has helped keep major coding mistakes quiet for years. Senior developers have patched security holes discreetly, preventing hackers from exploiting these vulnerabilities. However, a new movement toward transparency is revealing a fascinating history of these coding errors.

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a new ransomware operation called EstateRansomware. Initial access to target environments was reportedly facilitated through a Fortinet FortiGate firewall SSL VPN appliance using a dormant account.

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users. The company strongly recommends that all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE).

The US government has urged software manufacturers to eliminate operating system (OS) command injection vulnerabilities. This alert from the Cybersecurity and Infrastructure Security Agency (CISA) and FBI follows several high-profile threat actor campaigns in 2024 that exploited OS command injection defects in network edge devices to compromise users.

3 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Microsoft (Windows). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1.020 vulnerabilities last week, making the 2024 total 21,891. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Vinted has been fined 2.3 million euros for breaching European AVG privacy law and plans to appeal the decision. The investigation revealed that Vinted does not sufficiently comply with users' right to be forgotten, as members are required to provide specific reasons to delete their personal data.

The province of Zuid-Holland estimates it will need another year and a half to improve its internal information security. Zuid-Holland is under increased supervision by the Dutch Data Protection Authority (AP) after an employee discovered a data leak in an internal system last September.

The Danish Data Protection Agency will investigate the data collection and storage functions of the newly-developed Rejsekort app. The rollout of the app, launched earlier this year, was put on hold last month due to issues with the way it stores location data. The agency's IT security specialist Allan Frank confirmed to newspaper Berlingske that the app is now under scrutiny.

The government of Botswana has been advised to strengthen the country's personal data protection legal framework to address significant concerns about biometric data security. This recommendation is detailed in a paper published by the Association for Progressive Communications (APC), which outlines steps to improve the security of citizens' biometric data in the Southern African country.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Contact Data, Financial Data, Transactional Data, Technical Data, Socia-Demographic Data, Locational Data, Communications Data, Social Relationships Data, Usage Data, Documentary Data, Special Category.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0