Secret CISO 10/1: Iranian Hackers Charged, Star Health against Telegram litigation, Daemon Research Flags UK Cyber Threats, Critical Flaws in Gas Stations
Good morning, Secret CISO readers! Today's newsletter is packed with crucial updates on the ever-evolving cybersecurity landscape.
First up, a global survey reveals that the average data breach is costing a whopping $3.3 million. With 41% of businesses identifying cloud-related threats as the highest cyber threat, it's clear that data security should be a top priority. In the wake of the T-Mobile data breach fines and charges against Iranian hackers, we're reminded of the importance of robust security measures. But what should you do if you fall victim to a data breach? We've got some expert advice from Consumer Reports to help you navigate this nightmare scenario. In other news, the New South Wales data breach scheme has seen 52 reports in its first seven months, while Feldstein & Stewart has had to send a data breach letter to 8171 individuals.
We also delve into the world of data leaks, with Star Health taking Telegram and a hacker to court over a massive data leak. Finally, we explore how to treat your enterprise data like a digital nomad, combining agility with compliance, and security with accessibility. Stay tuned for more updates and remember, knowledge is power when it comes to cybersecurity. Stay safe out there!
Data Breaches
- T-Mobile Data Breach Settlement: T-Mobile has agreed to a $31.5 million settlement with the Federal Communications Commission (FCC) over a series of data breaches. The telecom company will pay half of the amount as a fine, with the remaining serving as a down payment for widespread improvements to data security. Source: Law360, CyberScoop
- USAA Data Breach Lawsuit: USAA, a San Antonio-based insurance and financial services company, is facing a potential class-action lawsuit following an April data breach that affected 32,000 members. Source: ExpressNews
- Star Health Data Leak: Star Health has taken legal action against Telegram and a hacker over a massive data leak, which included sensitive medical records. The data leak was first detected in mid-2024. Source: Insurance Business Mag
- 23andMe Data Breach Settlement: Genetic testing company 23andMe is facing a potential derailment of its $30 million data breach settlement due to a mass arbitration demanded by about 5,000 customers whose sensitive data was obtained by hackers. Source: Reuters
- NSW Data Breach Scheme: More than 50 data breaches have been reported in the first seven months of the mandatory data breach notification scheme in New South Wales, Australia. Source: InnovationAus
Security Research
- Daemon Research on UK Consumer Trust: Daemon's new research highlights the growing impact of cyber and in-store security threats on UK consumer trust. The study, which surveyed 2000 participants, reveals that cybersecurity issues continue to plague UK residents, especially during online shopping. Source: Retail Tech Innovation Hub
- Critical Flaws in Tank Gauge Systems: A recent report reveals critical vulnerabilities in tank gauge systems that could expose gas stations to remote attacks. The findings underline the importance of optimizing security operations to prevent such threats. Source: The Hacker News
- IEEE 4th Cyber Awareness and Research Symposium 2024: The upcoming CARS'24, hosted by the Center for Cyber Security Research and UIT, aims to promote state-of-the-art cybersecurity activities and raise awareness about the importance of cybersecurity. Source: UND Blogs
- Kia Hack Unveiled: Security researcher Sam Curry discovered flaws in Kia's security system that could be exploited in about 30 seconds, affecting models dating back to 2014. This highlights the need for robust cybersecurity measures in the automotive industry. Source: BankInfoSecurity
- CISA's VDP Platform 2023 Annual Report: The report showcases the success of the security researcher community in securing federal government networks. It emphasizes the vital role public security researchers play in enhancing cybersecurity. Source: CISA
Top CVEs
- CVE-2024-9194 - SQL Injection Vulnerability in Octopus Server: A SQL Injection vulnerability has been identified in Octopus Server on Linux and Microsoft Windows. This issue affects versions from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, and from 2024.3.0. Source: Vulners.
- CVE-2024-9158 - Stored XSS Vulnerability in Nessus Network Monitor: A stored cross-site scripting (XSS) vulnerability has been discovered in Nessus Network Monitor. This vulnerability allows an authenticated, privileged local attacker to inject arbitrary code into the NNM UI. Source: Vulners.
- CVE-2024-28810 - Sensitive Information Disclosure in Infinera hiT 7300: An issue in Infinera hiT 7300 5.60.50 allows an attacker to achieve loss of confidentiality by analyzing sensitive information inside diagnostic files exported by the @CT application. Source: Vulners.
- CVE-2024-47536 - XSS Vulnerability in Citizen MediaWiki skin: A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload in Citizen, a MediaWiki skin. This vulnerability is fixed in the latest version. Source: Vulners.
- CVE-2024-7673 - Heap-based Buffer Overflow in Autodesk Navisworks: A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. This vulnerability can be leveraged by a malicious actor to cause a crash or execute arbitrary code. Source: Vulners.
API Security
- CVE-2024-8675 - Soumettre.fr Plugin for WordPress: The Soumettre.fr plugin for WordPress versions up to 2.1.2 is vulnerable to unauthorized data modification due to a missing capability check. This allows authenticated attackers with Subscriber-level access to disconnect the gateway and delete the API. Source: vulners.com
- CVE-2024-9358 - ThingsBoard up to 3.7.0: A vulnerability in ThingsBoard up to 3.7.0 has been found, affecting an unknown functionality of the HTTP RPC API component. This leads to resource consumption and can be launched remotely, although the attack complexity is high. Upgrading to version 3.7.1 addresses this issue. Source: vulners.com
- CVE-2024-46635 - INROAD API: The API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 has an issue that allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber. Source: vulners.com
- CVE-2024-46549 - TP-Link MQTT Broker and API gateway: An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by others. Source: vulners.com
- CVE-2024-47530 - Scout Web-based Visualizer: Scout, a web-based visualizer for VCF-files, has an open redirect vulnerability that allows phishing attacks on users by redirecting them to a malicious page. The /login API endpoint is vulnerable to an open redirect attack due to the absence of sanitization logic. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. As we've seen, the cost of data breaches continues to rise, and businesses are increasingly concerned about cloud-related threats. It's clear that we all need to stay vigilant and proactive in our cybersecurity efforts. Remember, knowledge is power.
So, don't keep this valuable information to yourself. Share this newsletter with your colleagues and friends, and help them stay informed about the latest in cybersecurity. Stay safe, stay informed, and see you in the next edition of Secret CISO.