Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
For Sale Breach Exposure Monitoring

The "ultimate marketplace for selling your business" suffers a data breach.

14 August 2023
BREACHAWARE HQ

A total of 20 breaches were found and analysed resulting in 8,226,171 leaked accounts containing a total of 18 different data types. The breaches found publicly and freely available included Drive Sure, Guia TV Pro, Stalker, Propostuplenie and Podrygka. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The largest marketplace for the sale of businesses in the UK has suffered a data breach. The company are "the ultimate marketplace for selling your business" according to their website. They started out in 2006 and now have over 5,000 locations across the UK and claim to have sold over £10.4 billion worth of businesses.

Popular malware researchers have recently received, let's say, some interesting emails... The emails come from a domain run by the Bureau Of Alcohol, Tobacco, Firearms, and Explosives, which is a sub-section of the U.S. Department of Justice. The threat actor sent a screenshot with his emails as proof that he or she had compromised a government email address. The emails range from the usual online talk to remarks that the staff at the malware developer group should "take showers". The developers are currently keeping everyone entertained by posting it to their social media accounts. There’s a government official out there, and some are not aware his email account is being used to spam malware developers with emails reading "meow" and "scilly needs a shower."

Lolek, a bulletproof hosting provider has been shut down via a joint effort of the FBI and Europol. Bulletproof hosting has been targeted by law enforcement for many years. The providers of such hosting sites promise a no-log policy and normally have little to no rules on what their customers can host on their servers. From Distributing malware, cybercrime forums, and command and control servers. They would also ignore reports of criminality or their customers breaking copyright. Five individuals were arrested.

VULNERABILITY CHAT

During a BlackHat security conference, Microsoft security researcher outlined the issues effecting the widely used industrial automation software CODESYS. "Threat actors could launch a 'Denial of Service' attack against a device using a vulnerable version of CODESYS to shut down industrial operations or exploit 'Remote Code Execution' vulnerabilities to deploy a backdoor to steal sensitive data, tamper with operations, or force a PLC to operate in a dangerous way."

Synack Red security researchers have found holes in ScutisWeb software, used to monitor banking and ATM fleets. Threat actors could exploit the flaws to obtain data from the server, execute arbitrary commands and obtain encrypted admin passwords and decrypt them using a hardcoded key.

A Google security expert has discovered a security flaw in Intel's CPU's. Reportedly, billions of Intel processors are effected, which are used in private computers as well as in cloud servers. "This vulnerability enables users to access and steal data from other users who share the same computer. For instance, a malicious app could use the flaw to steal sensitive information."

Trellix researchers presented vulnerabilities with CyberPower and Dataprobe that are widely used in data centres. Trellix have warned the vulnerabilities could be exploited to power down a data centre, plant malware that could spread to customer machines or conduct espionage.

INFORMATION PRIVACY HEADLINES

The Police Service of Northern Ireland (PSNI) has apologised for mistakenly revealing details of all its 10,000 staff. NI's Police Federation said the breach could cause "incalculable damage". UC Berkeley researchers have found that hand and head motion data could be as good as fingerprints and facial scans at identifying users, raising a host of privacy concerns as headset adoption grows. Australian patients are being pushed to provide their personal data to Cornerstone Health's medical app and rewards program in order to access bulk billing from their GP, raising privacy concerns.

Meanwhile, Iraq’s Ministry of Communications has lifted the ban on messaging service Telegram. The ban, which was originally placed due to data protection concerns, was lifted after the app provider communicated with the Iraqi government to “detect the parties that leaked citizens’ data.”

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Contact Data, Financial Data, Technical Data, Socia-Demographic Data, Special Category, Usage Data, Documentary Data.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0