Happy Thursday !

Welcome to Cycoresecure.io, your go-to partner for transforming security and compliance into effortless processes. Whether you're a startup or a growing tech company, we provide services to tackle your biggest security challenges, freeing you to focus on scaling your business with confidence. Let's secure your future together!

Make sure to follow our Cycore LinkedIn page and subscribe to receive updates on current events, trends, and industry news that matter to you

In Today's Rundown

• What caught our attention: Have I Been Pwned Adds …

• Security,Privacy and Compliance roundup

• Let's Build Trust

Let’s dive right in.

What caught our attention: Have I Been Pwned Adds 284M Accounts Stolen by Infostealer Malware

🌐 Context and Background
The "Have I Been Pwned" (HIBP) service, which assists individuals and organizations in tracking data breaches involving their accounts, has recently announced the addition of over 284 million stolen accounts linked to information stealer malware. This significant revelation follows an in-depth analysis of 1.5TB of data logs shared on a Telegram channel named "ALIEN TXTBASE," emphasizing the ongoing threats posed by cybercriminals utilizing such sophisticated tools.

🔍 Key Developments and Insights 
Troy Hunt, HIBP's founder, identified a staggering 284,132,969 compromised accounts during his examination of the data, which consists of 23 billion rows of unique website and email address pairs. Not only does this breach mark a dramatic increase in the number of compromised accounts available through HIBP, but it also highlights a broader challenge of credential stuffing attacks, where stolen credentials can be reused across different platforms. Additionally, 244 million previously unseen passwords have been integrated into the HIBP password database.

💡 Impact and Significance 
The ramifications of this breach are extensive, as organizations can utilize newly introduced APIs for up to 1,000 email address searches per minute, enhancing their ability to identify compromised customer credentials and preemptively address possible malicious activities. For regular users subscribed to HIBP notifications, there is a chance to find whether their accounts were affected by verifying their email. This advancement is crucial for protecting sensitive online activities, as it empowers both users and organizations to strengthen their security measures proactively.

Security,Privacy and Compliance roundup

🔐 Security

• New Unicode Phishing Technique: A novel phishing attack uses invisible Unicode characters to obfuscate JavaScript, making detection by traditional security tools challenging. 

• Ghost Ransomware Breaches 70+ Countries: CISA and the FBI reported that the Ghost ransomware group has compromised critical infrastructure and other industry sectors across 70+ countries.

🛡️ Privacy

• Apple Removes End-to-End Encryption in the UK: Apple has disabled its Advanced Data Protection feature for iCloud backups in the UK, following government pressure for encryption backdoors. 

• Google Bans ChatGPT Accounts Used for Surveillance:OpenAI has banned several accounts tied to Chinese cyber groups that misused ChatGPT for AI-driven surveillance and data analysis.

📜 Compliance

• US Military Healthcare Provider Fined $11M for Compliance Failures: Health Net Federal Services (HNFS) settled allegations of falsely certifying cybersecurity compliance under a government contract. 

• Australia Bans Kaspersky Over Security Risks: The Australian government has officially banned all Kaspersky Lab products, citing espionage and national security concerns.

Let's Build Trust

Work with us or follow along:

1. Cycore, builds enterprise-grade security, privacy and compliance programs for the modern organization. Partner with us.

2. Follow us on LinkedIn for security, privacy & compliance updates!

3. How else can we help? Feedback? Have a question? Reply to this email.

4. Know someone who would like this email? Forward it to a friend...

Your security & compliance ally,
Cycore Team