A total of 27 breaches were found and analysed resulting in 12,280,942 leaked accounts containing a total of 30 different data types. The breaches found publicly and freely available included MyPertamina, Viet Loan, Movistar - Peru, Papa Johns Pizza - Moscow and Stealer Log 0437. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The dark web marketplace Incognito is making headlines with a bold exit scam, taking the concept to a new level by extorting vendors for additional funds while threatening to expose their private messages and transaction details. With many vendors relying on the platform's encryption feature rather than using PGP, the potential leakage of names, addresses, and other sensitive information poses significant risks, especially if law enforcement becomes involved.

The administrators of Incognito are demanding varying amounts from vendors to prevent the release of their data, with level 1 vendors facing a $100 fee and level 5 vendors facing a hefty $20,000 ransom. The marketplace's decision to publicly display which vendors have paid the extortion and the promise to double the ransom in the future adds to the pressure on vendors to comply.

In another story, omnipotent, the individual behind the infamous cybercrime forum Raid Forums, is seeking to avoid extradition to the United States, where he faces multiple computer misuse charges. Claiming to suffer from autism and citing concerns about inadequate mental health support in the U.S., omnipotent faces a lengthy prison sentence if extradited.

VULNERABILITY CHAT

A recent study by Claroty highlights the vulnerability of healthcare networks and medical devices to cyberattacks, with a significant percentage of known exploited vulnerabilities (KEVs) found within these systems.

No Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week. See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 875 vulnerabilities last week, making the 2024 total 7,047. For more information visit https://nvd.nist.gov/vuln/search/

UPDATE: “NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologise for the inconvenience and ask for your patience as we work to improve the NVD program.”

INFORMATION PRIVACY HEADLINES

Google has introduced enhanced security and privacy protections for Chrome users, aimed at detecting and blocking phishing attacks more efficiently. Google are claiming a 25% increase in the number of phishing attacks that are detected and blocked by the browser.

Additionally, a new malware campaign targeting Android users in India has been identified, emphasising the evolving threat landscape in the mobile domain. Meanwhile, Mozilla has announced the end of access to its Mozilla Location Service (MLS), which provided privacy-respecting geolocation data.