A total of 19 breaches were found and analysed resulting in 86,112,651 leaked accounts containing a total of 35 different data types. The breaches found publicly and freely available included Neiman Marcus, Zoosk 2020, Bukalapak, Heroes of Newerth and Zhenai. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A well-known cybercrime forum that shut down a couple of months ago is set to reopen. This forum, previously managed by administrators of another darknet forum that suffered a data breach, is coming back online despite past issues. The previous forum closure followed a backend breach and the arrest of a member by Dutch police, leading the administrators to express their frustration with the community. The revived forum is expected to be operational in a few weeks and is currently in the testing phase. One of the new features is a contract system designed to facilitate transactions between sellers and buyers without holding user funds, potentially improving trust and efficiency on the platform.

BreachForums, another infamous cybercrime forum, is embroiled in internal conflict and doxing incidents. A staff member who fell out with notable threat actors has been fully doxed, escalating tensions. The doxing began with a provocative post about a flag outside the individual's home, gaining widespread attention. Subsequently, sensitive information, including usernames, pseudonyms, full names, social security numbers, physical addresses, and dates of birth, has been disseminated online. This comprehensive leak also includes mobile phone records with location and carrier details. The doxed individual has been a long-serving staff member since September 2022, and the leak could potentially lead to law enforcement action.

According to Zscaler's ThreatLabz 2024 ransomware report, the ransomware gang known as "DarkAngels" has received the largest ransomware payment in history, amounting to $75,000,000. This staggering payment underscores the significant financial impact and the growing threat of ransomware attacks. The report highlights the need for robust cybersecurity measures and strategies to combat such pervasive and costly cyber threats.

VULNERABILITY CHAT

Over the last two weeks, cybersecurity firms including Resecurity, Symantec, and Imperva have reported extensive hacker attempts to exploit vulnerabilities in ServiceNow systems. The number of potentially compromised instances ranges from 13,000 to 42,000, with the highest concentrations found in the U.S., the United Kingdom, India, and the European Union. These vulnerabilities highlight the critical need for organisations to ensure their ServiceNow implementations are fully patched and regularly updated to prevent exploitation.

Acronis has alerted its customers to a critical-severity vulnerability that has been actively exploited in the wild, despite being patched nine months ago. The cybersecurity company urges immediate application of the available patches, emphasising that this flaw poses a significant threat if left unpatched. Details on the specific attacks were not disclosed, but the advisory serves as a crucial reminder of the importance of timely updates.

Microsoft researchers have identified a vulnerability in ESXi hypervisors that ransomware operators are exploiting to gain full administrative permissions on domain-joined ESXi hypervisors. Given that ESXi hypervisors provide direct control over physical server resources, this vulnerability poses a substantial risk to affected environments. Organisations using ESXi should prioritise security updates and consider additional protective measures to safeguard their infrastructure.

A security bypass vulnerability has been discovered in Rockwell Automation’s Logix controllers. This flaw affects various models within the Logix family of programmable logic controllers (PLCs) and could severely impact industrial automation systems worldwide. Companies utilising these controllers should implement patches and review their security protocols to mitigate potential risks.

Attackers have used StackExchange to upload malicious Python packages to the PyPI platform, targeting cryptocurrency users associated with Raydium and Solana. These malicious packages aim to exploit vulnerabilities in blockchain tools, putting crypto wallet users at risk. Developers and users of these tools should be vigilant and verify the integrity of the packages they download from PyPI.

The SANS Internet Storm Center has reported new varieties of the Mirai botnet targeting the open-source ERP framework OFBiz, supported by the Apache Foundation. While less prevalent than commercial ERP systems, OFBiz is critical for organisations relying on it for sensitive business operations. This development underscores the necessity for robust security measures to protect open-source ERP systems from botnet attacks.

The Indian Computer Emergency Response Team (CERT-In) has issued warnings regarding multiple vulnerabilities in Apple products, including iPhones, iPads, and Apple TVs. These issues could allow attackers to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service, and perform spoofing attacks. Apple users are advised to promptly update their devices to the latest versions to mitigate these risks.

Google has released an updated version of Chrome (Chrome 127) for Windows, featuring App-Bound Encryption to enhance the cookie defences offered by the Data Protection API. This update aims to establish clearer boundaries for acceptable behaviour by other apps on the system, bolstering overall security and user privacy.

4 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including ServiceNow (Utah, Vancouver, and Washington DC Now). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 767 vulnerabilities last week, making the 2024 total 23,797. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

The UK's Information Commissioner's Office (ICO) has urged 11 social media and video sharing platforms to enhance their children's privacy practices. This demand follows an ongoing review of these platforms as part of the ICO's Children’s Code Strategy. The ICO has warned that non-compliant platforms will face enforcement actions to ensure the protection of children's data online.

A report by the US non-profit Consumer Watchdog has revealed extensive sharing of personal data by major tech platforms, primarily Facebook, with thousands of companies including financial institutions and healthcare providers. The report highlights a critical loophole in California's Consumer Privacy Act (CCPA), allowing these companies to share user data without obtaining meaningful consumer consent. This finding raises significant concerns about data privacy and consumer rights in California.

Noyb, a privacy advocacy group, is suing the Hamburg data protection authority to overturn its recent decision regarding the "pay or okay" model used by the German newspaper Der Spiegel. Noyb argues that the DPA previously provided legal advice to the newspaper, which could bias the decision. The outcome of this case could have significant implications for data protection enforcement in Germany.

Samsung has successfully defeated a ruling that would have forced the company into mass arbitration over allegations of biometric data privacy violations, which would have included paying administrative fees for the arbitration process. Additionally, a similar case against Samsung has been dismissed, marking a significant legal victory for the electronics giant.

Illinois Governor has signed into law S.B. 2979, an amendment to the Illinois Biometric Information Privacy Act (BIPA). The amendment stipulates that obtaining the same biometric identifier or information from the same person using the same method more than once constitutes a single violation. This change means that individuals are entitled to only one recovery for such collective violations, potentially reducing the liability for businesses under BIPA.

The Office of Privacy Commissioner for Personal Data (PCPD) in Hong Kong has published the “Artificial Intelligence: Model Personal Data Protection Framework.” This framework provides practical recommendations for organisations adopting third-party AI systems to ensure compliance with the Personal Data (Privacy) Ordinance (PDPO). The framework aims to guide organisations in responsibly managing personal data within AI systems.

Japan’s data protection authority, the Personal Information Protection Commission (PPC), has released the “Interim Report on Considerations for the Triennial Review of the Act on Protection of Personal Information.” The report proposes relaxing incident reporting obligations, provided that the business has obtained confirmation from a third party on appropriate safeguards for personal data. This proposal seeks to balance regulatory compliance with practical business needs.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan