A total of 20 breaches were found and analysed resulting in 10,408,754 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Malindo Air, Kupi VIP, Stealer - RedLine 0352, Trident Crypto [2] and Stealer - Mixed Logs 0355. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An American self-defence company run by veterans has recently experienced a security breach. The company is based in New York State and supplies a range of self-defence equipment. They have a campus guardian kit for empowering women's safety, which includes a rape alarm and a can of mace spray in pink. Either the company doesn’t know they have been breached or they have not disclosed it on their website. The team found a SQL file recently dumped on a forum, which includes the user accounts of the site. Individuals purchasing goods off this site are obviously worried about their safety and could be under threat by stalkers or some form of harassment campaign.

A tech-savvy stalker could utilise information such as this, and the data does include physical addresses and full names. Whilst most stalkers are very unlikely to come across this data and hit the jackpot on their target, this data will have been scooped up by some naive people through search engines where anyone can pay penny's to look people up. They would be wise to make a statement about the data breach.

VULNERABILITY CHAT

Trend Micro, has released updates to address vulnerabilities with its Apex One and Worry-Free Business Security solutions. There at actors could manipulate the component to execute arbitrary commands on an affected installation. Trend Micro have confirmed it has "observed at least one active attempt of potential exploitation of this vulnerability in the wild."

10 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Meeting Owl (Owl Labs), Ignition (Laravel), SDK (Realtek) and Mobile Devices (Samsung). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

The messaging app Signal released a statement several days ago covering an update of a protocol they are combining with their current one to defend against possible quantum computing decryption in the future. The timeline for when we will have large quantum computing available is a bit vague, but already government agencies and the like are utilising a method known as harvest now, decrypt later (HNDL).

Essentially this is when a government agency or anyone really with a shed load of storage capability, for example, the NSA, will download every single message sent by a target individual or group in the hope that sometime in the future they will be able to crack the encryption and read the past messages of such individuals and groups.

The news that Signal has foreseen this and has actively moved to prevent it is a sigh of relief for privacy advocates. Hopefully this will put a stop to those people in bars banging on about how everything will be decrypted when we have fully fledged quantum computers.