A total of 32 breaches were found and analysed resulting in 3,371,685 leaked accounts containing a total of 25 different data types. The breaches found publicly and freely available included Stealer Log 0377, Stealer Log 0378, iD Tech, My Book Qatar and Utel Universad. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A milestone for the internet and for strangers across the world, Omegle has shut down. The online chat room, which randomly placed you in a chat with a complete stranger, took the internet by storm in 2005 and has been widely used all over the world. The owner of the site has released a statement on Omegle, which says, “The battle for Omegle has been lost, but the war against the Internet rages on. Virtually every online communication service has been subject to the same kinds of attacks as Omegle.” The owner is alluding to take down notices issued by various individuals and organisations. The internet is a very different place today. We seem to be barreling towards the new internet, which is just an entertainment platform or a paid library.

A Canadian company, which is fast becoming the number one place to advertise jobs in the auto industry, has suffered a data breach. The company has 25,000 companies that use their site for job advertisements. From car dealerships to auto parts and suppliers and over 70,000 posted job offers, unfortunately a range of datasets have been exposed after the site was breached. The company in question has been running since 2005, and it's a shame to see their information leaked on the dark web. However, they have not publicly disclosed the data breach.

VULNERABILITY CHAT

A new attack that affects Apple products called ileakage has been doing the rounds when a user visits a site that is infected. A new tab is opened in the browser with any personal information, such as auto-fill login credentials, is exposed and sent back to the attacker. The exploit uses something called speculative execution; this is a feature, not a bug. The CPU’s used in Apple computers utilise this when the CPU has to deal with an ‘if’ statement. Essentially, the CPU guesses what the right answer is (very clever stuff) until you've had your credentials swiped. The exploit tricks the CPU into allowing the tab to be opened and allows access to the credentials. This is an extremely innovative exploit, and there has been no patch for it so far (as far as we can see). Speculative execution is widely used in chips from AMD, Intel, and Arm, and it does increase performance levels.

2 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Confluence Data Center and Server (Atlassian) and Service Location Protocol (IETF).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Despite admitting that she (former CEO of NatWest Group, Dame Alison) had talked with a BBC reporter about Mr Farage's relationship with Coutts, the ICO (Information Commissioners Office) has formerly apologised after admitting it had not investigated Dame Alison's action, therefore was wrong to say she had breached GDPR legislation.

A class action lawsuit has been filed against Temu (the online marketplace based in Boston, Massachusetts and operated by the Irish-based Chinese e-commerce company PDD Holdings) who claim the app intentionally uses tools that "execute virulent and dangerous malware and spyware activities on users devices." Temu itself is cracking down (with their own lawsuit) on fake apps and websites posing as Temu, set up to scam consumers.