Secret CISO 10/14: Game Freak, Intesa Sanpaolo, AT&T, Verizon, Lumen breaches; UK tech exodus; OpenAI malware research; D-Link, HuangDou UTCMS vulnerabilities
Welcome to today's issue of Secret CISO. As the digital landscape continues to evolve, so does the threat of data breaches. In fact, data breaches are now occurring at a staggering rate of one every 39 seconds. This alarming trend has recently impacted major companies like Fidelity Investments, Game Freak, and Italy's largest bank, Intesa Sanpaolo. Fidelity Investments revealed a data breach that exposed the information of thousands of its customers.
Game Freak, the creator of Pokémon, also confirmed a major data breach, leaking over 2000 pieces of employee data and confidential franchise information. Intesa Sanpaolo was left red-faced after a security breach reportedly targeted the Prime Minister.
In telco news, AT&T, Verizon, and Lumen are under scrutiny following a cyberattack from China. Half of UK tech workers are planning to leave their roles, with those in mobile development, security, or DevOps more likely to have received a pay rise than some other tech professions.
In the research sector, OpenAI confirmed that hackers are using ChatGPT to create sophisticated malware. Meanwhile, a security expert suggests that frequent password changes can actually weaken online security and make accounts easier to hack.
Finally, we'll delve into the latest vulnerabilities found in D-Link DIR-619L B1 2.06, SourceCodester Online Eyewear Shop 1.0, and other software. Stay tuned for these stories and more in today's Secret CISO newsletter.
Data Breaches
- Fidelity Investments Data Breach: Fidelity Investments has suffered a data breach that exposed the personal information of approximately 77,000 customers. The company is currently investigating the incident and has not disclosed any further details. Source: iZOOlogic
- Game Freak Data Breach: Game Freak, the creator of Pokémon, confirmed a major data breach that exposed over 2,000 pieces of employee data and confidential Pokémon franchise information. The breach also revealed details about the upcoming Switch 2. Source: Notebookcheck
- Intesa Sanpaolo Security Breach: Italy's largest bank, Intesa Sanpaolo, has apologized for a security breach that reportedly targeted Prime Minister Giorgia Meloni. The bank is currently investigating the incident and has not disclosed any further details. Source: StreetInsider
- AT&T, Verizon, and Lumen Security Breach: AT&T, Verizon, and Lumen are under scrutiny following a cyberattack allegedly originating from China. The companies are currently notifying customers of the breach and assisting those whose data has been compromised. Source: Broadband Breakfast
- Casio Data Breach: Casio has confirmed a data breach following an attack by hackers from the Underground group. The company has assured that customer payment information remains safe despite the breach. Source: Gagadget
Security Research
- Cultivating Homegrown Talent 'Better Than Buying Superstars': This research emphasizes the importance of nurturing local talent for the protection of Africa's critical infrastructure and cybersecurity. It argues that homegrown talent can provide more effective solutions than imported expertise. Source: Times Higher Education
- OpenAI Confirms Hackers Using ChatGPT to Create Sophisticated Malware: OpenAI has confirmed that hackers are using its AI model, ChatGPT, for malicious purposes such as phishing, research, and malware development. This highlights the need for robust security measures in AI development. Source: Cybersecurity News
- Stakeholders Decry Fuel Price Hike, Lament Hardship in Nigeria: Security expert Iyke Odife discusses the implications of the fuel price hike in Nigeria, emphasizing the need for transparency and accountability. This research underscores the intersection of economic policy and security. Source: Tribune Online
- Academia, Military Unite to Chart Pathways for Addressing Security, Poverty: This research highlights a collaborative effort between Nigeria's academic and research communities and the military to address the country's security and economic challenges. Source: Daily Trust
- Cybersecurity Expert: Frequent Password Changes Can Weaken Online Security: Contrary to popular belief, a Perth security and privacy expert argues that frequently changing passwords can actually weaken online security and make accounts easier to hack. Source: The West
Top CVEs
- CVE-2024-9906: A problematic vulnerability was found in SourceCodester Online Eyewear Shop 1.0, affecting an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross-site scripting. The attack can be launched remotely. Source: Vulners.
- CVE-2024-9911: A critical vulnerability was found in D-Link DIR-619L B1 2.06, affecting the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to a buffer overflow. The attack can be initiated remotely. Source: Vulners.
- CVE-2024-9912: Another critical vulnerability was found in D-Link DIR-619L B1 2.06, affecting the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to a buffer overflow. The attack can be initiated remotely. Source: Vulners.
- CVE-2024-9909: A critical vulnerability was found in D-Link DIR-619L B1 2.06, affecting the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to a buffer overflow. The attack can be launched remotely. Source: Vulners.
- CVE-2024-9908: A critical vulnerability was found in D-Link DIR-619L B1 2.06, affecting the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to a buffer overflow. The attack can be launched remotely. Source: Vulners.
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. From the staggering frequency of data breaches to the latest vulnerabilities, we've covered a lot of ground. Remember, in this digital age, staying informed is the first line of defense.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends.
They might appreciate the heads-up, and you'll be doing your part in spreading cybersecurity awareness. Stay safe, stay informed, and see you in the next edition of Secret CISO.