A total of 22 breaches were found and analysed resulting in 38,890,296 leaked accounts containing a total of 28 different data types. The breaches found publicly and freely available included Cutout.Pro, Haijiao, LenDen App, R20 Digital and Stealer Log 0435. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The cyber landscape continues to witness the evolving tactics of ransomware gangs, with the recent exit scamming by Blackcat Alphv adding a new dimension to their nefarious activities. Traditionally associated with dark web marketplaces, exit scamming involves abrupt closure without warning, resulting in the loss of users' funds. While rare among ransomware gangs, Blackcat Alphv's exit scamming has left victims reeling, especially after a successful ransom payment of $22 million by a healthcare company.

However, the gang's failure to compensate its affiliate and the discovery of a fake seizure notice on their dark web page suggest foul play. Law enforcement's involvement in the gang's disappearance further underscores the severity of the situation.

In another incident, a Spanish digital marketing company fell victim to a serious security breach, leading to the dumping of a large SQL database. Despite the lack of a public statement from the affected company, the emergence of the breached data on the dark web highlights the significant impact of such incidents on data privacy and security.

VULNERABILITY CHAT

Both Apple and Google have released patches to address critical security flaws in their respective operating systems. Apple's iOS 17.4 and iPadOS 17.4 updates include fixes for two zero-day vulnerabilities affecting the kernel and RTKit, while Google's Android update resolves 38 vulnerabilities, including critical issues in the System component. Additionally, Google has issued patches for over 50 vulnerabilities in Pixel devices.

6 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Sunhillo (SureLine) and JetBrains (TeamCity). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 525 vulnerabilities last week, making the 2024 total 6,172. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Worldcoin faces legal action from Spain following a move by the country's data protection agency to block data collection. Meanwhile, Italy's data protection authority has fined UniCredit, the country's second-largest bank, €2.8 million for a data breach affecting thousands of customers in 2018. UniCredit intends to appeal the decision, asserting that no bank data was compromised and the incident was promptly resolved.