A total of 24 breaches were found and analysed resulting in 87,916,303 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included AT&T Division, US Consumer Opt In Records, Gosuslugi [2], Kava CasinoLife Poker and Stealer Log 0438. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

German law enforcement seized the dark web marketplace Nemesis Market, which boasted a significant user base and vendor count. The authorities not only shut down the site but also confiscated a substantial amount of cryptocurrency. The admin, known as Francis, took to the Dread forums to inform users of the seizure, attributing it to the Lithuanian police and urging vendors and buyers to take precautions. However, Francis later deleted the thread and his username, indicating a change in his situation and hinting at going "on the run."

The telecommunications company allegedly involved in a data breach a couple of years ago is back in the spotlight as data purportedly from their database has resurfaced, this time available for free. Despite the company's denial and insistence that the data doesn't belong to them, some cybersecurity experts believe otherwise, pointing to evidence that suggests otherwise.

VULNERABILITY CHAT

Researchers have uncovered a flaw in Apple's M-series chips that allows attackers to extract secret keys from Macs during cryptographic operations. This vulnerability, stemming from the micro architectural design of the silicon itself, poses a significant challenge for patching directly.

No Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week. See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 681 vulnerabilities last week, making the 2024 total 7,728. For more information visit https://nvd.nist.gov/vuln/search/

NOTE: “NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologise for the inconvenience and ask for your patience as we work to improve the NVD program.”

INFORMATION PRIVACY HEADLINES

Google was compelled to hand over user data, including names, addresses, and user activity, of YouTube accounts as part of a federal investigation, as revealed in unsealed court documents.

The London Clinic is under investigation by the UK's ICO (Information Commissioners Office) following reports of a data breach. Last year the ICO prosecuted a medical secretary who accessed over 150 people’s records. For more information of the data breach, see https://www.standard.co.uk/news/uk/kate-middleton-princess-wales-data-breach-claim-london-clinic-surgery-kensington-palace-b1146370.html