A total of 27 breaches were found and analysed resulting in 2,791,859 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Stealer Log 0402, Stealer Log 0400, Annuaire Sante, Stealer Log 0401 and X Ponential. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

In a surprising turn of events, the beloved intergovernmental organisation dedicated to maintaining international peace and security finds itself at the centre of a data breach, courtesy of black-hat cybercrooks – a rather unwelcome Christmas present. A well-known threat actor dumped the compromised database onto a cybercrime forum, affecting 180,000 users. Notably, this database is a comprehensive list of individuals sanctioned by the aforementioned organisation, providing a wealth of personal information, including passport numbers, though with a limited number of unique email addresses. The breach sheds light on the vulnerability of even the most esteemed entities in the face of cyber threats.

In a significant legal development, the threat actor responsible for the high-profile hack of Rockstar Games, featuring the leak of Grand Theft Auto clips and sections of source code, has been sentenced to an "indefinite hospital order." This individual, grappling with autism, expressed to authorities that if released, he would likely resume engaging in cybercrime. The case raises ethical questions, with some corners of the internet dubbing it as "weaponising autism." The threat actor was part of a notorious cybercrime group involved in hacking major companies such as Uber, Ubisoft, and Nvidia. Psychiatrists determined his unfitness to stand trial, leading to the indefinite hospital order.

Continuing the unfortunate trend, yet another luxury designer clothing website, boasting several stores across India, has fallen prey to a cybersecurity attack. A sample of the compromised data surfaced on a hacking forum, offering a glimpse into the breach. The data encompasses the usual suspects, with the addition of users' measurements. The company, known for its "affordable luxury" tagline, ironically acknowledges that "whatever you like costs a bomb," adding a unique twist to their sales pitch amidst the security challenges.

VULNERABILITY CHAT

Barracuda Networks has taken swift action by deploying an automatic security update to address a vulnerability in their email security gateway. This vulnerability was reportedly exploited by an alleged Chinese hacking group. Additionally, the company has identified a second vulnerability (CVE-2023-7101) that is yet to be patched. Barracuda advises its customers to review this vulnerability, especially if they utilise Spreadsheet::ParseExcel in their own products, and take necessary actions to secure their systems.

No Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week. See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

The Office of the Australian Information Commissioner (OAIC) has initiated an inquiry into TikTok's practices concerning the harvesting of personal data. The focus is on whether such data collection is conducted with proper consent, specifically examining the use of marketing pixels by the popular social media platform. This inquiry underscores the growing scrutiny over data privacy practices in the evolving landscape of social media platforms.