Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
Malware Breach Exposure Monitoring

Threat actor says the compromised charity has been stealing and laundering money for years.

09 October 2023
BREACHAWARE HQ

A total of 41 breaches were found and analysed resulting in 38,464,662 leaked accounts containing a total of 24 different data types. The breaches found publicly and freely available included Evite, Viva Air (3), Craft Rise, La Poste Mobile and Stealer - Mixed Logs 0349. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A malware analysis group, which is gaining recognition in the online cyber security community, has been contacted via email by various threat actors who have gained access to companies around the globe. Turning into quite a trend, when an individual sends the group an email from a compromised system, it is then posted to their channel.

One in particular was an email from an “unknown individual” who has compromised the Red Cross of Italy, with the email sent from an Italian Red Cross email account. The threat actor goes on to say that the Red Cross has been stealing and laundering money for years, but he or she isn’t going to ransom them. Even though he or she has “been here for years, in any case, I don’t feel like blocking their systems”. Well, there are a lot worse things threat actors could be doing than emailing a malware analysis group from compromised emails.

Chris Ray, director of the FBI, announced last month the take over the infamous Qakbot botnet. The botnet has been up to no good for a few years now; some say they started around 2007, others say they started in the mid-teens (2015–2016). Either way, the botnet has been around for a while. The director says that the FBI has taken over the command and control server as well as confiscated millions of dollars of crypto currencies as well as un-infecting hundreds of thousands of infected computers. However, it may not be as rosy as the FBI thinks.

It appears that even though the FBI seized their command and control server, their infrastructure, which delivers spam, has not been affected. Qakbot affiliates are disturbing ransomware and they even started this just before the network was attacked by the FBI over a month ago. It looks like even though they dealt a blow to the threat actors, they are still at large and still active.

Bad news for a handful of truckers across the United States, a dating and hookup site has been compromised with users of the site having their personal information shared across the dark web. A threat actor managed to exfiltrate a range of SQL files from their backend and the site is still operational, with truckers still keen to hook up. The site was registered back in 2004, either the owners of the site don’t know they have been breached or haven't disclosed it to the public.

VULNERABILITY CHAT

A vulnerability flaw dubbed 'Looney Tuneable' is said to expose Enterprise Linux 8, Linux 9 and Virtualisation 4 products which could allow a local threat attacker to use maliciously crafter GLIBC_TUNABLES environment variables to execute code with elevated privileges.

Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like WhatsApp are now worth millions of dollars, TechCrunch has learned. Read more here: https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/

7 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Chrome (Google), Mali GPU (Arm), Windows CNG Key Isolation Service (Microsoft) and Confluence Data Center and Server (Atlassian).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Following NOYB successful litigation that resulted in Meta's previous "consent bypass" being declared illegal, Meta is now proposing that people pay $14 a month in order to enjoy fundamental rights under EU law (reported by the Wall Street Journal). The concept, dubbed as a "Pay or Okay" model was first developed by Austrian newspaper 'Der Standard' and since approved in Austria, Germany and France as an option for journalistic websites that were suffering from the loss of advertising revenue to big tech platforms.

The UK Information Commissioner's Office (ICO) has issued a preliminary enforcement notice to Snap with the statement by John Edwards "the provisional findings of our investigation suggest a worrying failure by Snap to adequately identify and assess the privacy risks to children and other users before launching 'My AI.'"" Snap will have an opportunity to respond before they take a final decision on whether Snap have broken rules.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Socia-Demographic Data, Financial Data, Usage Data, Documentary Data, National Identifiers, Special Category, Transactional Data, Locational Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0