A total of 31 breaches were found and analysed resulting in 2,177,382 leaked accounts containing a total of 32 different data types. The breaches found publicly and freely available included Unigame, One Vers, National Association of Judicial Sales Institutes, Stealer Log 0463 and THConnect. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A well-known threat actor group has announced their departure from financially motivated cybercrime, redirecting their focus towards hacktivism and political hacking. Their latest leak, which has yet to be verified, targets Mexican cartels, including Sinaloa and Jalisco. The leak is purportedly sourced from various government websites, cartel-supported centers, and shops, and includes an in-depth research write-up on the cartels' operations and locations. The group claims this data will expose critical details about cartel activities.

In other news, Microsoft’s introduction of the "Recall" feature in Windows 11 has raised significant concerns among security researchers and privacy advocates. This feature automatically takes screenshots during a user's session, allowing users to search these screenshots using keywords to find specific information. Although the data is stored locally on the user's computer and Microsoft claims no access to it, researchers worry about the potential privacy risks. If malware were to exploit this feature, it could lead to the compromise of sensitive information such as browser history, passwords, and billing details.

The notorious cybercrime forum, Breach Forums, has resurfaced following a major law enforcement crackdown. The FBI had taken control of the clearnet site, Tor domain, and the Telegram channel of one of the administrators, Baphomet. Despite rumours of arrests, the other administrator, Shiny Hunters, managed to reboot the forum from backups. The FBI seized the clear-net domain operated by Nicenic, a Japanese hosting provider, but shortly after the FBI gained control, the account was suspended and subsequently reclaimed by Shiny Hunters. The forum has now resumed operations, with many eagerly observing its developments.

VULNERABILITY CHAT

A threat actor has claimed responsibility for recent data breaches at Santander and Ticketmaster, alleging they accessed data through an employee's account at cloud storage provider Snowflake. However, Snowflake disputes these claims, attributing the breaches to customers failing to secure their production environments properly, specifically pointing out the lack of two-factor authentication (2FA).

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding active exploitation of a vulnerability in the Linux kernel. The flaw, which affects kernel versions 5.14 to 6.6 and potentially all versions from 3.15 onwards, allows local attackers to elevate their privileges.

A critical security flaw has been disclosed in the TP-Link Archer C5400X gaming router. This flaw allows remote unauthenticated attackers to execute arbitrary commands with elevated privileges on the device by sending specially crafted requests. The flaw was reported by German cybersecurity firm ONEKEY.

The RedTail threat actors have expanded their exploit arsenal to include a recently disclosed vulnerability in Palo Alto Networks firewalls. The attackers are now using private crypto-mining pools to enhance control over mining outcomes, despite the increased operational and financial costs.

Check Point Software Technologies has disclosed a zero-day vulnerability linked to recent attempted attacks on its VPN technology. Threat actors targeted a small number of customers by attempting to log into old VPN local accounts using password-only authentication. Check Point has advised against the use of password-only authentication for local accounts and issued a hotfix to block such authentication.

4 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Justice AV Solutions (Viewer). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 558 vulnerabilities last week, making the 2024 total 17,430. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

US President Joe Biden has renewed a section of the US surveillance framework, extending the authorisation to monitor and collect data from non-Americans, including Europeans, for an additional two years. This renewal means that Europeans remain vulnerable to US surveillance activities without the need for warrants.

Interpol has initiated the procurement process for mobile biometric devices, aiming to perform cloud-based searches for suspect identification. The devices will be used to search and store fingerprints, facial biometrics, and other identifiers. A five-year contract will be issued for these devices, with local matching capabilities being a desirable feature.

Colorado Governor Jared Polis has signed HB 1130 into law, amending the Colorado Privacy Act to include specific requirements for processing biometric data. The law mandates that controllers provide notice and obtain consent before collecting or processing biometric identifiers. It also prohibits the sale or disclosure of biometric data without customer consent, except under certain conditions, such as fulfilling the purpose of collection, completing financial transactions, or complying with legal requirements. Unlike the Illinois Biometric Information Privacy Act (BIPA), Colorado's law does not grant a private right of action.

The Greek Interior Ministry faces a significant fine for failing to protect personal data of voters ahead of the upcoming European elections. Records of voters living abroad were leaked to a member of the ruling New Democracy party, leading to privacy violations. The country’s Data Protection Authority on Monday imposed a €400,000 fine on the Interior Ministry and €40,000 fine on Anna-Michelle Asimakopoulou, a member of the European Parliament for New Democracy, for violating the privacy of voters.