Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
Nuclear Breach Exposure Monitoring

US nuclear research facility has been compromised.

27 November 2023
BREACHAWARE HQ

A total of 13 breaches were found and analysed resulting in 1,873,089 leaked accounts containing a total of 19 different data types. The breaches found publicly and freely available included MPL Esports Update [URL Redirected], Stealer Log 0383, Ace Online (Israel), Stealer Log 0384 and Stealer Log 0386. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An US nuclear research facility has been compromised by a threat actor gang, with a wide range of employee and other data dumped online. The gang, who appear to have compromised the research facility for fun, has made a statement saying, “We’re willing to make a deal with *****. If they research creating irl cat girls, we will take down this post." I doubt the lab will be firing up the computers, donning those white lab coats, and making said irl cat girls, and anyway, it's too late; the data is already in circulation. More concerning is that social security numbers as well as a range of sensitive data were disclosed in the breach. The facility has over 6,000 employees who work on extremely sensitive research such as nuclear waste processing, water reactors, and next-generation plants.

A cyber gang has just posted a range of data to an underground forum, alleging it was taken from a well known Swedish multi-national that sells ready-to-assemble furniture as well as various home appliances. The gang, who are fairly new, has been leaking a number of compromised company's data who are based or working in Israel, saying “So long as the war continues, we will strike every day and night." The data hasn’t yet been verified. A couple of weeks ago, the company reported that they were suffering cyber attacks via a large number of email reply-chain attacks. We expect to see more data like this coming out of the conflict.

A global software technology company based in London that sells across a large section of the world has experienced a security incident. The company, which started back in 2017, has gone from strength to strength, selling fifteen thousand items in their first six months while trying to make their software affordable.

VULNERABILITY CHAT

Following Microsoft's Offensive Research and Security Engineering (MORSE) engagement of Blackwing Intelligence to evaluate security of fingerprint sensors on laptops, they've concluded Microsoft's Windows Hello fingerprint has been bypassed on laptops from Dell, Lenovo to Microsoft.

1 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including GNU C Library (GNU).

See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

Jersey Heritage, a charity set up to protect Jersey's culture, has been warned by one of their third party suppliers that "an authorised third party may have accessed" customers names, sort codes and bank account numbers. The third party supplier handles their membership direct debits.

In an eventful week, Sam Altman is back (following an extremely brief stint at Microsoft), after the vast majority of OpenAI’s 770 employees signed a letter addressed to the board threatening to quit en masse unless Altman was reinstated by the board.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Contact Data, Technical Data, Usage Data, Documentary Data, Socia-Demographic Data, Financial Data, Special Category.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0