A total of 31 breaches were found and analysed resulting in 11,573,930 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Kassy, Stealer Log 0388, Postgre Pro, Neznaika and Ikea Israel. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A prominent global cybersecurity leader, specialising in solutions for physical, cloud services, and software, recently experienced a substantial data breach. The malevolent cyber gang responsible has been conducting an extensive hacking spree, exclusively targeting Israeli companies or those engaged in business within Israel. Their disruptive activities include daily releases of sizeable data breaches, halting only during ceasefires. The shocking revelation of such an incident involving a pinnacle cybersecurity entity underscores the severity of the situation. The cyber gang has declared their intent to cease their actions only when hostilities cease and peace is established between the two countries. With a footprint empowering over 12,500 enterprise and carrier customers worldwide, the company, headquartered in the US with international offices in Tel Aviv, anticipates that more entities may become entangled in this escalating cyber warfare.

Meanwhile, a US-based Airsoft company grapples with the aftermath of a recent cybersecurity breach, resulting in a significant online dump of its SQL database. Operating multiple distribution centres across the US for product transportation, the company, known for offering top-tier Airsoft products, unfortunately, has yet to inform its user base of the breach. Despite the evident passion displayed by the team on their website for the sport, this incident exemplifies how even medium-sized businesses are susceptible to the machinations of threat actors.

VULNERABILITY CHAT

In a disclosure by Beckton, Dickinson and Company, a leading global medical technology firm, seven vulnerabilities were identified in its FACSChorus software (versions v5.0, v5.1, v3.0, and v3.1) and associated workstations. The company assures that these vulnerabilities will be addressed in an upcoming software release, offering interim mitigating controls in the meantime.

2 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Google Skia (Google) and ownCLoud GraphAPI (ownCloud).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

City AM's recent article, "These Tech Companies Have Breached the Most Data Rules This Year," ranks Meta, TikTok, Criteo, ED&F Man Capital Markets, and Equifax based on penalties incurred for data rule violations. For more details, the full article can be found at https://www.cityam.com/these-tech-companies-have-breached-the-most-data-rules-this-year/.