A total of 7 breaches were found and analysed resulting in 2,399,513 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included PandaBuy, Stealer Log 0447, Leadzen, FICO and Koroleva. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A large e-commerce platform based in China, known for facilitating direct purchases from producers and vendors in China, has experienced a significant data breach. The breach, which occurred recently, resulted in the exposure of sensitive user data, which has been widely circulated on various black-hat cybercrime forums. A well-known threat actor in the underground community reportedly assisted in the breach and is currently engaged in hacking activities.

Meanwhile, a leading analytics software company headquartered in Montana, USA, has also faced a data breach, with the compromised data reposted on underground forums. Despite the breach occurring some time ago, the exposure of data sets containing personal information like full names and dates of birth is concerning and could impact the company's reputation.

In a surprising turn of events, the infamous ransomware gang Lockbit has indicated its intention to venture into another criminal activity area: Violence as a Service (VaaS). While VaaS has been present in the dark web landscape for years, often associated with dubious hitmen-for-hire services, Lockbit's interest in this domain raises eyebrows. However, it remains unclear how serious this plan is or if it's merely a provocative statement.

VULNERABILITY CHAT

Cisco has warned its customers about a critical vulnerability affecting several models of Small Business RV Series Routers. This vulnerability enables remote attackers to conduct cross-site scripting (XSS) attacks, posing a significant risk to affected devices. Ivanti, in response to vulnerabilities in Connect Secure earlier this year, has pledged to adopt a secure-by-design approach to security and enhance its vulnerability management program.

2 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Android (Pixel). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 886 vulnerabilities last week, making the 2024 total 9,608. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Bipartisan efforts are underway to strengthen privacy protections for Americans' personal data. Lawmakers from both Democratic and Republican parties have crafted legislation aimed at requiring consumer consent before companies can collect or transfer certain types of information. The proposed bill seeks to enhance transparency regarding data collection and retention policies, requiring companies to notify consumers and seek permission for significant changes.