A total of 26 breaches were found and analysed resulting in 67,367,045 leaked accounts containing a total of 20 different data types. The breaches found publicly and freely available included Apollo [2], Hurb [2], TaiLieu, TigerAir Taiwan and Lamoda. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An IT manager who used to work for the US Navy has found himself in hot water after being sentenced to 5 years behind bars. The former Navy IT manager, along with his wife, stole personally identifiable information from over nine thousand service men and women by impersonating a navy supply officer via a platform that allowed access to personal information. They created an account under the guise of running background checks for the navy. However, after a large number of searches and downloads of PII, the account was flagged for fraud.

The data they managed to get away with was then sold by unsavoury characters online via the dark web, and they made $160,000 in bitcoin. Unfortunately for him and his partner in crime, law enforcement caught up with them.

The Ragnar Locker group (ransomware gang) have been thwarted after their dark-web onion site was seized by international law enforcement. The group has been operating since late 2019, and in the past several years they have successfully targeted over 50 critical infrastructure companies and organisations.

An interesting article was posted to Medium back in June by the author "Sh1ttyKids,” an unusual username choice. The article documented how s/he used publicly available OSINT services to de-anonymise Ragnar Locker's hidden service using an Etag (entity tag), which is an HTTP response header that enables caches to be more efficient and saves bandwidth by taking away the need for a web server to resend a full response if the content does not change.

An Etag can be identified and by surfing Shogan, the author was able to link the Etag to de-anonymise the real IP address’s behind the hidden service. This might well be how law enforcement secured the site. Europol also confirmed "At the end of the action week, the main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court."

According to Bleeping Computer, alongside the successful seizure of Ragnar Locker's infrastructure, the Ukrainian Cyber Alliance (UCA) hacked the Trigona Ransomware operation, successfully retrieving data and wiping the cybercriminals' servers.

67,367,045 leaked accounts were analysed by the BreachAware® Research Team last week.

VULNERABILITY CHAT

Google's Threat Analysis Group (TAG) has "has observed government backed actors from a number of countries exploiting the WinRAR (a trialware file archiver utility for Windows) vulnerability as part of their operations." WinRAR v6.23 and 6.24 both include a fix for the vulnerability however users need to manually download and install as the application does not update automatically.

3 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including IOS XE Web UI (Cisco) and NetScaler ADC and NetScaler Gateway (Citrix).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Following a fine imposed by the Information Commissioner's Office (ICO) to Clearview AI, who sell subscriptions for facial recognition services, a UK tribunal has said the ICO was acting beyond its jurisdiction. Penalties could be assessed in other legal and regulatory venues, noting the tribunal did not consider wether the service was used illegally in the UK.