Cyber Threat Report: Cyber Security News for 01/25/24

Biggest Data Leak in History Exposes 26B Records
Most of the exposed data, found on an open instance likely owned by a threat actor or data broker, was from the Chinese instant messaging app Tencent QQ. At the same time, Weibo, MySpace, Twitter, and Wattpad also had hundreds of millions of leaked credentials and other information. Read More

Water Services Giant Veolia North America Hit by Ransomware Attack
Two major water companies, Veolia in the US and Southern Water in the UK, have been targeted in ransomware attacks that resulted in data breaches. Read More

High-Severity Vulnerability Patched in Splunk Enterprise
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version. Read More

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal. Read More 

LoanDepot says 16.6M Customers had ‘Sensitive Personal’ Information Stolen in a Cyberattack
LoanDepot did not say what kind of sensitive and personal customer data was stolen. Read More

Lockbit Ransomware Gang Claims The Attack On The Sandwich Chain Subway
The group claims to have stolen hundreds of gigabytes of sensitive data. The gang said that stolen data includes employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers, and more. Read More

FTC Settles Second Case With Geolocation Data Broker In Two Weeks
The agency alleges that data aggregator InMarket Media improperly collected, used, and stored consumers’ location data which it then packaged into specific audience segments for advertisers and stored for five years. Read More

Hackers Target Atlassian Confluence With RCE Exploits
Shadowserver reported over 39,000 exploitation attempts originating from 600 unique IP addresses, primarily Russian. Read More

This Devious Malware Uses a Bond-Inspired Driver to Kill Security Suites — Then Proceeds to Systematically Encrypt Your Data and Drops A $2 Million Ransom Request.
And it then proceeds to install ransomware just for good measure. Read More

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time
BreachForums was a major cybercrime marketplace that facilitated the trafficking of stolen data since March 2022. Before its shutdown exactly a year later, the website boasted of over 340,000 members. Read More

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
In a terse advisory, Apple acknowledged it's "aware of a report that this issue may have been exploited," but did not share any other specifics about the nature of attacks or the threat actors leveraging the shortcoming. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

A colossal data leak, known as the “Mother of all Breaches”, has exposed 26 billion records, totaling 12TB of data, primarily sourced from previous data breaches. The leaked information includes credentials from the Chinese app Tencent QQ, as well as data from Weibo, MySpace, Twitter, Wattpad, and government entities in the U.S., Brazil, Turkey, Germany, and the Philippines, posing a significant security risk despite being old records.

Veolia North America, a subsidiary of Veolia, reported a ransomware attack on its Municipal Water division, leading to temporary system shutdowns and disruptions in bill payment services. The company has implemented defensive measures, working with law enforcement and third-party experts to assess the attack's impact. Although some customer payment systems were affected, Veolia assures that water treatment operations remain unaffected, and it is investigating a limited number of individuals whose personal information may have been compromised.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.