Welcome to today's edition of Secret CISO, your daily dose of cybersecurity updates. Today, we're diving into the latest legal updates in the world of cyber litigation, the aftermath of data breaches, and the steps businesses are taking to strengthen their data security practices.

First up, we have a legal update from Mayer Brown on the 2024 Cyber Litigation. The court has ruled that privilege did not apply to a data security breach case involving Capital One Consumer. This ruling could have significant implications for businesses dealing with cyber litigation. In other news, state judiciary employees in Honolulu are being cautioned to monitor their credit following a data breach. Cybercriminals accessed payroll information, leading to potential financial risks for the employees.

Meanwhile, the Calgary Public Library had to shut down all its locations due to a data breach. The incident underscores the importance of data security for public institutions. In a significant legal settlement (as you may read yesterday), Marriott has agreed to pay $52M over a data breach that targeted guests' reservation info. The settlement includes strengthening its data security practices using a dynamic risk-based approach.

In the world of research, a new malware campaign is targeting the finance and insurance sectors using GitHub links. The method, discovered by OALABS Research, leaves little trace, making it difficult for security teams to detect the threat. That's not all. We also have updates on data breaches affecting Fidelity Investments and the Internet Archive, amendments to Pennsylvania's Data Breach Notification Law, and more.

Stay tuned to Secret CISO for more exclusive cybersecurity updates. Stay safe and secure!

Data Breaches

1. In re Capital One Consumer Data Security Breach: The court ruled that privilege did not apply to the data breach case involving Capital One. The case is a significant development in cyber litigation, highlighting the importance of data security for businesses. Source: Mayer Brown
2. Judiciary Employees Data Breach: State judiciary employees in Honolulu are being advised to monitor their credit following a data breach. Cybercriminals accessed payroll information, prompting the warning. Source: KITV
3. Calgary Public Library Data Breach: A data breach has forced the closure of all Calgary Public Library locations. The library has shut off all servers and computer access, emphasizing that data security is a key priority. Source: CityNews Calgary
4. Kulicke and Soffa Industries Data Breach: Kulicke and Soffa Industries is under investigation following a data breach. The breach potentially exposed full names, social security numbers, addresses, financial information, and medical information. Source: BusinessWire
5. Mason Construction Data Breach: Mason Construction has reported a data breach to the Attorney General of Texas. The details of the breach have not been disclosed. Source: BusinessWire

Security Research

1. New Malware Campaign Targets Finance and Insurance Sectors Using GitHub Links: A new malware campaign has been discovered by OALABS Research, targeting the finance and insurance sectors. The method, which uses GitHub links, leaves little trace, making it difficult for security teams to detect the threat. Source: Entrepreneur
2. Tech Talk | Securing the Rise of Machine Identities: In a live Tech Talk, identity security expert Steve Toole discussed the growing importance of machine identities in the context of automation, AI, and bots. Source: Redmondmag
3. Thousands of Medical Devices and Systems Pose IoT Security Risk: Security researcher Himaja Motheram has highlighted the various weaknesses in healthcare IoT, posing significant security risks. She offers solutions for CISOs and other security leaders to address these vulnerabilities. Source: Healthcare IT News
4. Socket Resumes Operations After $3.3M Exploit: Socket has resumed operations after a security breach led to a $3.3M exploit. The breach was first brought to light by anonymous security researcher @speekaway. Source: MSN
5. INC Ransomware Rebranded to Lynx, Say Security Researchers: Researchers at Palo Alto's Unit 42 have reported that the INC ransomware crew has rebranded itself as Lynx over a three-month period. Source: The Register

Top CVEs

1. CVE-2024-9592: The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This allows unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request. Source: CVE-2024-9592
2. CVE-2024-9707: The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check. This allows unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution. Source: CVE-2024-9707
3. CVE-2024-21534: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute arbitrary code on the system by exploiting the unsafe default usage of vm in Node. Source: CVE-2024-21534
4. CVE-2024-9587: The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check. This allows authenticated attackers with contributor-level privileges or above, to update plugin settings. Source: CVE-2024-9587
5. CVE-2024-9164: An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. Source: CVE-2024-9164

API Security

1. Path Traversal Vulnerability in LoLLMs API: A path traversal vulnerability has been identified in the api open_personality_folder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter. Source: Vulners
2. Codeclysm Extract v4 Symlink Vulnerability: A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory in Codeclysm Extract v4. Users are advised to use version 4.0.0 or later to avoid this vulnerability. Source: Vulners
3. Incorrect Comparison Vulnerability in Juniper Networks Junos OS Evolved: An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. Source: Vulners
4. Hunk Companion Plugin Vulnerability for WordPress: The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. Source: Vulners
5. Arbitrary File Uploads in GutenKit Plugin for WordPress: The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function in all versions up to, and including, 2.1.0. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our insights valuable and actionable. Remember, the cyber world is ever-evolving, and staying informed is your first line of defense.

Don't forget to share this newsletter with your friends and colleagues.

Let's work together to create a safer digital space for all.

Stay vigilant and see you tomorrow for more updates on the cyber front!