A total of 11 breaches were found and analysed resulting in 8,670,369 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included A MONEY, Raychat, Bin Weevils, ZOON and Stealer Log 0450. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The takedown of the fraudulent platform LabHost highlights the coordinated efforts of law enforcement agencies across 19 countries to combat cybercrime. LabHost was known for providing phishing kits like Phass, which enabled users to create convincing fake web pages imitating banks to scam potential victims. These kits, available through a subscription service, made it easy for individuals with minimal technical skills to engage in cyber fraud, significantly expanding the pool of threat actors.

The subscription-based model of LabHost generated substantial revenue, with an estimated $1 million in subscription revenue and 25,000 victims contacted in the UK alone. The ease of use and affordability of these phishing kits underscore the urgent need for comprehensive cybersecurity measures to combat the proliferation of cyber fraud.

VULNERABILITY CHAT

Researchers from the University of Illinois Urbana-Champaign demonstrated how OpenAI's GPT-4 large language model could autonomously exploit vulnerabilities in real-world systems using CVE advisories. Additionally, critical vulnerabilities have been identified in Citrix's uberAgent monitoring tool and the Cisco Integrated Management Controller (IMC).

0 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week. See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 934 vulnerabilities last week, making the 2024 total 11,627. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

A study sponsored by SAS revealed significant challenges faced by organisations in increasing trust in data usage and achieving compliance, with only one in 10 organisations having a reliable system to measure bias and privacy risk in large language models (LLMs). Meanwhile, the Dutch government is considering discontinuing its use of Facebook Pages over data protection concerns, and the EU's Data Protection Board has urged large online platforms to provide users with more privacy-friendly options regarding targeted advertising. Additionally, the UK privacy regulator has called for Google to enhance its proposed replacements for cookies to better protect consumer privacy.