Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into a series of data breaches and security incidents that have recently come to light. First up, CSG Systems International Inc. is actively addressing a data breach incident, reaffirming its commitment to data security and customer support. The company is also assisting with an investigation into a UK Connectivity Customer's data breach, underlining the importance of robust security measures in the face of such incidents.

In other news, the US Justice Department has dropped a case against a Texas doctor charged with leaking transgender care data. Meanwhile, a proposed Turkish law could mean prison for reporting data leaks, highlighting the global implications of data security. In the crypto world, NoOnes CEO confirms an $8M hack, several weeks after a security breach. This incident underscores the vulnerability of cryptocurrency platforms and the need for enhanced security measures.

Bank of America customers have also been exposed due to an 'unauthorized party' accessing sensitive data. This breach, which occurred in October, has put the data of at least 414 customers at risk. In the legal realm, UnitedHealth's class action settlement gets preliminary approval following allegations that a data breach impacted client info. This case serves as a reminder of the legal consequences that can follow a data breach.

Lastly, we delve into the world of security research, where experts are uncovering hidden features and vulnerabilities, and proposing solutions to boost agricultural productivity and food security. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity.

Data Breaches

1. CSG Systems International Inc Data Breach: CSG Systems International Inc is actively supporting its customer in resolving a data breach incident. The company reaffirmed its commitment to data security and customer support. Source: GuruFocus
2. NoOnes Crypto Platform $8M Hack: The peer-to-peer cryptocurrency trading platform NoOnes has revealed it was the victim of a significant security breach earlier this month, resulting in an $8M hack. The CEO confirmed the breach several weeks after the incident. Source: Crowdfund Insider
3. Bank of America Customer Data Exposure: A security breach in October exposed the sensitive data of at least 414 Bank of America customers. The breach occurred when an 'unauthorized party' accessed social security numbers, names, locations, and financial data. Source: The Daily Hodl
4. Gas Express LLC Data Breach: Gas Express LLC recently disclosed that it suffered a data breach that compromised the sensitive personal data of a number of individuals. The breach is currently under investigation by Levi & Korsinsky, LLP. Source: Business Insider
5. UnitedHealth Group Data Breach: UnitedHealth Group reported a massive data breach impacting 190 million Americans. The breach was a result of a ransomware attack targeted at its subsidiary, Change Healthcare, in February 2024. Source: Hackread

Security Research

1. Security Breach at D-Trust: A significant security breach at D-Trust has been exposed, highlighting the lack of legal protection for security researchers. The breach was accessed via a cyber window-dressing, raising concerns about the company's security measures. Source: Heise
2. OpenAI Browser Takeover: OpenAI has found a way to remotely unlock, start, and track millions of devices, according to a report from TechCrunch. This discovery has raised concerns about the potential misuse of AI technology. Source: TechCrunch
3. Hidden Waymo Feature Uncovered: Security researcher Jane Manchun Wong has discovered an unreleased feature in Waymo's technology. The implications of this hidden feature are yet to be fully understood. Source: MSN
4. New Research Group for Hardware Security at BFH: The Institute for Cybersecurity and Engineering ICE of the Berner Fachhochschule BFH has established a new research group for hardware security. This group aims to improve the security of hardware systems. Source: All-About-Industries
5. AMD Microcode Vulnerability: A vulnerability in AMD's microcode was revealed in a beta BIOS update. The flaw was first noticed by Tavis Ormandy, a security researcher at Google's Project Zero. Source: TechSpot

Top CVEs

1. CVE-2024-10552 Flexmls® IDX Plugin Vulnerability: The Flexmls® IDX Plugin for WordPress is vulnerable to Stored Cross-Site Scripting, allowing authenticated attackers to inject arbitrary web scripts in pages. The vulnerability was partially patched in version 3.14.26. Source: CVE-2024-10552
2. CVE-2024-35114 IBM Control Center Vulnerability: IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login responses. Source: CVE-2024-35114
3. CVE-2023-38713 IBM Cloud Pak System Vulnerability: IBM Cloud Pak System could disclose sensitive information about the system that could aid in further attacks against the system. Source: CVE-2023-38713
4. CVE-2025-0542 G DATA Management Server Vulnerability: Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations. Source: CVE-2025-0542
5. CVE-2024-35145 IBM Maximo Application Suite Vulnerability: IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure. Source: CVE-2024-35145

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We hope you found these updates insightful and useful in your ongoing efforts to safeguard your organization's data and systems. Remember, the security landscape is constantly evolving, and staying informed is a crucial part of staying secure.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

They might find it just as valuable as you do. Let's work together to create a safer digital world for everyone.

Stay safe, stay informed, and see you in the next edition of Secret CISO.