A total of 19 breaches were found and analysed resulting in 10,186,872 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Muzhiwan, Legendas.TV, Zipmex, SevenRooms and American Kennel Club. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A leading Russian bank founded in 1993 has experienced a major security incident. The bank is part of a huge Russian conglomerate company, which is the largest publicly traded holding company in Russia. The threat actor, who remains unnamed, dumped the data on a popular cybercrime channel, where it was quickly circulated. A large number of the bank's clients have had their personal information exposed. This breach comes after the news that the bank has had its license revoked by the UAE.

Trickbot is back in the news again this time because the United States and the United Kingdom have sanctioned several more of its members. The Cyber crime gang who predominantly runs out of Russia has seen 11 of its members sanctioned. The Gang runs like a normal company and has job roles which include HR representatives, developers, QA engineers, network administrators and managers. Trick bot is a banking trojan that has the ability to steal the usual bank data-types like financial information and a range of other sensitive data. The malware was first discovered back in 2014 and targets consumers and business’ as well as targeting bitcoin wallets on devices.

VULNERABILITY CHAT

Citizen Lab, the spyware research group discovered a zero day bug in iOS 16 that could allow attackers to remotely install spyware on a device without any interaction from the iPhone owner. iOS 16.6.1 fixes the security vulnerability.

North Korea is up to their usual tricks. Google's Threat Analysis Group (Tag) gave an update on the targeting of security researchers in the west. North Korean threat actors have been using social media sites to gather information on their targets, engaging them in conversations to try to gain their trust, then sending malicious files.

They’ve also developed a very useful tool on Windows for debugging symbols from Microsoft, Google, and several other popular software companies. Symbol is computer programming that has instances of unique human-readable sections. A debugging tool could be very useful for a security researcher, and the tool was posted on GitHub. At a quick glance, the code appeared harmless, but a closer look by the Google Threat Analysis group showed that after downloading the tool, it had the ability to execute malicious code from a command and control server controlled by said North Korean threat actors.

INFORMATION PRIVACY HEADLINES

Car manufacturers receive multiple privacy red flags following Mozilla's recent research under their *Privacy Not Included warning label project. The strangest finding was that cars collect data about owners sexual activity, as well as medical and genetic data. Most manufacturers sell data to third parties.

The Saudi Data and Artificial Intelligence Authority (SDAIA) has published implementing regulations for their Personal Data Protection Law (PDPL) in an attempt to clarify many of the measures organisations will need to implement to comply.