Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving deep into the world of data breaches and their consequences.

Marriott's poor security practices have led to a hefty $52 million FTC settlement, a stark reminder of the financial implications of data breaches. Meanwhile, tech giant Nidec has confirmed a data breach following a ransomware attack, highlighting the increasing threat of cybercriminals. In the healthcare sector, a data breach at Birth Choice of San Marcos and Clayton Properties Group has exposed sensitive patient data, underscoring the urgent need for robust cybersecurity measures in this industry.

On the legal front, Fidelity is facing a lawsuit following a data breach, and East River Medical Imaging is set to receive final approval for a $1.85 million settlement due to a data breach lawsuit. In a positive development, Cyera has acquired Trail Security for $162 million, integrating advanced DLP capabilities with its Data Security Posture Management platform. However, despite a decline in data breaches during the third quarter of 2024, cyberthieves are becoming better armed, leading to more effective attacks. We'll also look at the implications of a data breach on people and businesses, drawing from the biggest data breach in history - the Yahoo data breach of 2013/2014.

Lastly, we'll explore the latest research and insights from security experts and researchers, including the vulnerabilities in software development, the role of AI in cybersecurity, and the increasing threat of cybercrime. Stay tuned for these stories and more in today's Secret CISO. Stay safe and informed!

Data Breaches

1. Marriott Data Breaches Result in a $52 Million FTC Settlement: Marriott's inadequate security practices led to multiple breaches affecting hundreds of millions of customers, resulting in a $52 million settlement with the FTC. Source: CPO Magazine
2. Tech giant Nidec confirms data breach following ransomware attack: Nidec, a major tech company, confirmed a data breach following a ransomware attack. The company has since closed the entry point and implemented additional security measures. Source: Bleeping Computer
3. Data Breach at Birth Choice of San Marcos Caused by Cyberattack at National Diagnostic Imaging: Birth Choice of San Marcos filed a notice of data breach with the Attorney General of California after a cyberattack at National Diagnostic Imaging. Source: JD Supra
4. Clayton Properties Group reports data breach following vendor cyberattack: Clayton Properties Group, a subsidiary of Clayton Homes, reported a data breach to the Attorney General of Massachusetts following a cyberattack on a vendor. Source: teiss
5. Lawsuit Against Fidelity Results from Data Breach: A lawsuit has been filed against Fidelity following a data breach, seeking to hold the company accountable for a "massive and preventable data breach" of inadequately protected data. Source: ASPPA

Security Research

1. Thousands of Medical Devices and Data Systems Exposed Over the Public Internet: Security researcher Himaja Motheram from Censys has identified numerous publicly accessible interfaces and services from medical devices and data systems, raising concerns about potential data breaches. Source: HIPAA Journal
2. Vulnerabilities, AI Compete for Software Developers' Attention: Security researchers have warned about the potential risks of AI code generation, which could introduce new vulnerabilities into software. In March, researchers demonstrated this issue with an LLM security vendor. Source: Dark Reading
3. CISA confirms Veeam vulnerability is being used in ransomware attacks: The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a vulnerability in Veeam software is being exploited in ransomware attacks. The bug was discovered by Code White security researcher and a fix was released by Veeam on September 4. Source: The Record
4. Kubernetes Image Builder Vulnerability: CVE-2024-9486 Risk: Security researcher Nicolai Rybnikar discovered a critical flaw in Kubernetes Image Builder that allows default credentials to remain enabled during the image-building process, posing a significant security risk. Source: The Cyber Express
5. Hackers Avoid Google Chrome Security Features In New Attack, Researchers Warn: Researchers have warned that hackers are developing new methods to evade security scanning protections and browser security features in Google Chrome. The new attack method is designed to bypass these protections. Source: Forbes

Top CVEs

1. CVE-2024-43587: Microsoft Edge (Chromium-based) is susceptible to a remote code execution vulnerability. An attacker could exploit this flaw to execute arbitrary code in the context of the current user. Source: CVE-2024-43587
2. CVE-2024-9264: Grafana's SQL Expressions experimental feature has a command injection and local file inclusion vulnerability. This is due to insufficient sanitization of user input in duckdb queries. Any user with VIEWER or higher permissions can execute this attack. Source: CVE-2024-9264
3. CVE-2024-43596: Another remote code execution vulnerability has been identified in Microsoft Edge (Chromium-based). This flaw could be exploited by an attacker to execute arbitrary code in the context of the current user. Source: CVE-2024-43596
4. CVE-2024-27766: MYSQL MariaDB v.11.1 has an issue that allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so. Source: CVE-2024-27766
5. CVE-2024-6333: Authenticated Remote Code Execution vulnerability has been identified in Altalink, Versalink & WorkCentre. This flaw could be exploited by an authenticated attacker to execute arbitrary code. Source: CVE-2024-6333

API Security

1. IBM Security Verify Access 10.0.8 Open Redirection: IBM's Security Verify Access 10.0.8 has been found to have an open redirection vulnerability. This flaw could potentially allow attackers to redirect users to malicious websites, leading to phishing attacks or the stealing of sensitive information. IBM has been notified about the issue. Source: Vulners
2. CVE-2024-10099: A stored cross-site scripting (XSS) vulnerability has been discovered in comfyanonymous/comfyui version 0.2.2 and possibly earlier versions. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. This could lead to potential execution of arbitrary JavaScript. Source: Vulners
3. CVE-2024-10100: A path traversal vulnerability has been identified in binary-husky/gpt_academic version 3.83. The flaw is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration files. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From Marriott's hefty FTC settlement to the latest data breaches and cybersecurity advancements, we've covered a lot of ground. Remember, in the world of cybersecurity, knowledge is power. So, stay informed, stay vigilant, and most importantly, stay secure.

If you found today's newsletter helpful, why not share it with your friends and colleagues?

They might appreciate the heads up on the latest security news and insights. After all, cybersecurity is a team sport, and we're all in this together. Until next time, keep your data safe and your systems secure.