Ransomware group responds following publicised joint operation.
26 February 2024A total of 38 breaches
were found and analysed resulting in 3,984,206 leaked accounts
containing a total of 27 different data types
. The breaches found publicly and freely available included Stealer Log 0248, Leonardo, Stealer Log 0249, Tangerine Telecom and Stealer Log 0250. Sign in to view the full
BreachAware
Breach Index which includes, where available, reference articles relating to
each breach.
SPOTLIGHT
The recent joint operation by global law enforcement agencies targeting the Lockbit ransomware gang has dominated chat within the cyber security community. Lockbit, a notorious group known for its ransomware activities, woke up to find their Darkweb Tor domain under the control of law enforcement, with posts detailing upcoming releases of sensitive information about the gang's operations and a decryptor tool released by Japanese partners.
Law enforcement also revealed that arrests had been made in Poland and Ukraine, and the NCA disclosed sensitive information about Lockbit's back-end systems and administration panel, including screenshots of their source code. Additionally, it was revealed that Lockbit employs 193 affiliates, highlighting the scale of their operations.
In response to the situation, a member of the Lockbit ransomware administrative staff claimed that the arrests were made of innocent individuals and criticised the agencies involved for their actions. The group issued a statement on Tox, alleging that the compromise was due to a PHP vulnerability (CVE-2023-3824) and that backup servers without PHP were unaffected; “The FBI f***ed up servers using PHP; backup servers without PHP are not touched." Lockbit stated they would formally reply to law enforcement after restoring their infrastructure.
VULNERABILITY CHAT
A high-severity vulnerability in Apple Shortcuts could enable the theft of sensitive data from Apple devices. Though Apple patched the issue in recent OS updates, the flaw allowed shortcuts to access sensitive data without user prompts in older OS versions. Meanwhile, Sophos X-Ops is monitoring a surge in vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations, with doubling telemetry events involving ScreenConnect seen since February 21.
1 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including ConnectWise (ScreenConnect). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 4,645 vulnerabilities in 2024, so far. For more information visit https://nvd.nist.gov/vuln/search/
INFORMATION PRIVACY HEADLINES
Avast, a cybersecurity software company, faces a $16.5 million fine for storing and selling customer information without consent. The FTC alleges that Avast harvested user web browsing data through its antivirus software and browser extension from 2014 to 2020, storing and selling the data to over 100 third parties without user knowledge. In another incident, Aleo, a blockchain platform emphasising user privacy, experienced a privacy breach, mistakenly sharing sensitive Know Your Customer (KYC) documents between users via email.
Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan
DATA CATEGORIES DISCOVERED
Contact Data, Technical Data, Socia-Demographic Data, Financial Data, Locational Data, Usage Data, Documentary Data, Special Category, National Identifiers, Transactional Data, Social Relationships Data.