A total of 18 breaches were found and analysed resulting in 210,458,625 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included demo.zerooq.com, Dunzo, Aussie Vapes, Stealer Log 0247 and Too Easy. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A notorious ransomware group has violated its own terms of service by allowing affiliates to target critical infrastructure, such as a cancer treatment centre in Florida and Puerto Rico, despite its ban on such actions. This could be a significant shift in their disregard for ethical boundaries, posing severe risks to essential services and public health.

An Australian vaping company faced a data breach when a threat actor infiltrated its SQL database and exposed thousands of users' personal data on a cybercrime forum. The breach compromised a significant amount of sensitive personal information.

Vyacheslav Igorevich Penchukov, a Ukrainian national and long-time FBI most-wanted suspect, pleaded guilty for his role in operating Zeus Botnet and IcedID banking trojan, responsible for extensive financial theft and data breaches since 2009. His arrest and impending trial mark a significant victory against cybercriminal activities that have inflicted substantial harm on financial institutions and individuals.

VULNERABILITY CHAT

Check Point Software Technologies discovered a critical vulnerability in Outlook, dubbed MonikerLink, enabling attackers to bypass Office Protected View mode, potentially facilitating the execution of malicious scripts in downloaded files.

Microsoft's February 2024 Patch Tuesday addressed 73 vulnerabilities, including actively exploited flaws. Meanwhile, Intel and AMD collectively fixed over 100 security vulnerabilities in their products as part of Patch Tuesday.

5 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Cisco (Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

The National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), published 3 scored vulnerability identifications and summaries last week, 0 of which had a CVSS (Common Vulnerability Scoring System) severity of High and 3 as Medium. For more information visit https://nvd.nist.gov/

INFORMATION PRIVACY HEADLINES

Mozilla announced layoffs affecting 60 employees and a strategic shift towards focusing on Firefox and AI integration. This decision raises concerns within the privacy-sensitive community, particularly regarding the future of privacy-centric features like the Tor browser, which relies on Firefox.

An analysis by the Mozilla Foundation revealed significant security and privacy concerns with 11 romance and companion chatbots, downloaded over 100 million times on Android devices. These apps gather extensive user data, utilise trackers sending information to tech giants and companies in adversarial countries, and lack transparency regarding ownership and AI models.