Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis

Threat actors brought 20 Polish trains to a sudden standstill.

04 September 2023

A total of 20 breaches were found and analysed resulting in 6,109,641 leaked accounts containing a total of 21 different data types. The breaches found publicly and freely available included Duolingo, Games Planet, Vesi Cash, Stealer - 0337 Mixed Logs and Free-Lance. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Did a highly sophisticated cyber attack on the Polish rail network just happen, or did a threat actor with basic knowledge of frequencies and the ability to read publicly available information just shed light on a serious vulnerability? Recently, threat actors brought 20 Polish trains to a sudden standstill. The took advantage of something called a radiostop function which can be activated by sending a continuous sequence of 3x100 ms operating tones. This has to be done fairly close to the rail network with a walkie-talkie. Realistically, a bad actor couldn’t be more than two miles away using a standard walkie-talkie. The archaic structure of the Polish network means that no encryption has to be passed. Two suspects have been arrested.

A customer management platform made for the catering industry that suffered a huge data breach back in December of 2022 has had its data posted to various cybercrime forums. The company confirmed the data had been stolen and was up for sale, however now that the data has been uploaded for free - it's essentially open season on the users caught up in the breach. Threat actors managed to exfiltrate 400 GB worth of data. It varied from the usual data types, such as email addresses, to more sensitive data, such as payment information. Threat actors gained access to an unauthorised device to access the vendor's file transfer.

A notorious ransomware gang that has been pretty quiet recently has just posted 20+ victims to their Tor site. They’ve just finished re-indexing their previous victims data breaches on the site.

VULNERABILITY CHAT

VMware has issued patches for two Aria Operations for Networks vulnerabilities that can threaten enterprise network operations. The most severe of the two, is an Authentication Bypass weakness due to a lack of unique cryptographic key generation.

Cisco has patched a number of vulnerabilities effecting their Nexus (ethernet switches for data centres) and Firepower (next generation firewall) devices. Exploiting three of these vulnerabilities could allow a threat actor to trigger denial of service (DoS) on the target devices.

INFORMATION PRIVACY HEADLINES

Fitbit, which is owned by Google, is facing three EU privacy complaints filed by NOYB accusing them of illegally exporting user data (by forcing consent) as well as failing to provide adequate information to users regarding the transfer of their data and users are unable to withdraw consent.

The French government is trying to pass legislation that would allow them to build blacklists of websites the government dislikes into the code of web browsers. They are calling it "a scam filter." Of course, the goal of this is to prevent harm but could be used for state censorship.

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Special Category, Socia-Demographic Data, Locational Data, Usage Data, Documentary Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0