A total of 15 breaches were found and analysed resulting in 10,110,194 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included US Environmental Protection Agency (EPA), Stealer Log 0448, Stealer Log 0449, Believe and Carding Team. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Apple recently issued threat notifications to users worldwide, alerting them to potential targeted attacks by sophisticated threat actors. These notifications are distinct from typical cybersecurity alerts, indicating specific, high-value targets that may be under surveillance by nation-state hackers or other serious threat actors. Users who receive these notifications are advised to take immediate action, including logging into the Apple ID management portal and seeking assistance from cybersecurity professionals or non-profit digital security helplines.

In another incident, a major Australian courier service experienced a significant security breach, with over 19 million records exposed on a cybercrime forum. While the company has not officially acknowledged the breach yet, affected users should prepare for potential consequences, such as identity theft or other malicious activities orchestrated by threat actors.

Additionally, there has been a noticeable increase in the dumping of admin panel access credentials for various companies on hacking forums. This trend may indicate either a lack of interest from threat actors in exploiting smaller companies or difficulties in selling this type of access to ransomware gangs.

VULNERABILITY CHAT

Bitdefender raised concerns about security vulnerabilities affecting LG TVs and commercial signage monitors, which could allow hackers to gain root access to the operating system. However, LG has since released patches to address these vulnerabilities, ensuring the safety and security of its smart TVs.

Furthermore, Palo Alto Networks has issued hotfixes to address a critical security flaw impacting PAN-OS software. This vulnerability, a case of command injection in the GlobalProtect feature, could be exploited by unauthenticated attackers to execute arbitrary code with root privileges on affected firewalls.

3 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including D-Link (Multiple NAS Devices). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,085 vulnerabilities last week, making the 2024 total 10,693. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

Apple's upcoming iOS 18 update promises significant enhancements, including AI-powered features, design changes, and improved privacy controls. As part of its efforts to be at the forefront of AI technology, Apple may collaborate with Google, although concerns about privacy and security remain paramount.

Meanwhile, the Information Commissioner's Office (ICO) has launched a consultation series focusing on the application of data protection law to generative AI. The latest consultation examines how the accuracy principle of data protection law applies to the outputs of generative AI models and seeks input from various stakeholders to ensure accountability and transparency in AI development and use.