A total of 32 breaches were found and analysed resulting in 21,344,925 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included CDEK, Appen [2], Stealer Log 0369, PokerStars and Stealer - Meta 0359. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Forget about SaaS (soft as a service), an individual from New Jersey who has been arrested for offering violence as a service. At our offices, we're calling it VaaS. A young male was arrested in September last year and has now been convicted. He utilised VaaS on the dark web by hiring out various types of criminal gangs to fire bomb and brick houses. The service they offer includes physical attacks as well as unloading rounds in a victim's house.

A Japanese communication provider who has been operating since 1997 has recently suffered a data breach. Several days ago, a large SQL file was dumped on a popular underground forum. The company specialises in building communication infrastructure for small to medium businesses. Their mission is to allow their customers to focus on their business! They have released a statement detailing exactly what information was accessed by an unnamed third party.

The amount of stealer logs pouring out onto the Dark Web and ClearNet lately is staggering. Not a day goes by that we don’t see hundreds of thousands of logs being released and posted by vendors and threat actors, either for reputations or to advertise their businesses.

VULNERABILITY CHAT

Kaspersky researchers have identified a new campaign that is targeting software products with vulnerabilities reported and patches available. The researchers have attributed the campaign to the infamous North Korean hacker group Lazarus in a recent report. The report has not named any victims or vulnerabilities exploited by hackers.

3 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including IOS XE Web UI (Cisco) and Webmail (Roundcube).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

The Bureau of Meteorology, which is the main provider of Australia's weather forecasts and warnings, doesn’t seem to support HTTPs. While visiting the government site, you were shown a couple links of text with the Australian national emblem at the top of the page with the apologies for the lack of HTTPS and then redirects to their site.

The FCA (Financial Conduct Authority) fines Equifax £11 million, five years after the ICO (Information Commissioner's Office) for failing to manage and monitor the security of UK consumer data it has outsourced to its parent company in the US.