Welcome to today's issue of Secret CISO, where we bring you the most impactful cybersecurity news from around the globe. Today, we delve into the recent CJEU decision on GDPR-related cases and explore whether administrative fines can be avoided in the event of data protection compliance. We also discuss the recent ransomware attack on RRCA Accounts Management, Inc., and the steps the company took in response to the security incident.

In other news, Cisco had to take its DevHub portal offline after a hacker published stolen data, highlighting the importance of acknowledging and addressing security incidents promptly. Meanwhile, in Brazil, a hacker known as 'USDoD' was arrested following a breach at the consumer data broker National Public Data, which led to the leak of Social Security numbers. Microsoft has confirmed the partial loss of security log data on multiple platforms, and we look at the implications of this for users.

In the world of acquisitions, Cyera has purchased Trail Security to build AI-driven data loss prevention technology. We also explore the reasons behind the 51% drop in ransomware attacks on local and state governments in 2024. In legal news, Overby-Seawell and KeyBank have agreed to pay $6 million to settle a class action over a July 2022 data breach.

Finally, we discuss the importance of SOC 2 compliance for payments, and why it's time to get paranoid about your phone's security. Stay tuned for more updates on these stories and more in today's issue of Secret CISO.

Data Breaches

1. CJEU Decision in GDPR Related Case: The Court of Justice of the European Union (CJEU) is considering whether an administrative fine can be avoided in the event of data protection compliance and following the appropriate procedure in a data breach. This initiative was taken by a German court. Source: Lexology
2. RRCA Accounts Management Reports Ransomware Attack and Data Breach: RRCA Accounts Management Inc. has reported a ransomware attack and data breach. The company has hired third-party experts to conduct a forensic investigation of the security incident. The initial investigation revealed that unauthorized access was gained to certain systems. Source: Yahoo Finance
3. Cisco Takes DevHub Portal Offline After Hacker Publishes Stolen Data: Cisco has taken its DevHub portal offline after a hacker published stolen data. The hacker, known as IntelBroker, grew frustrated when Cisco would not acknowledge a security incident and began sharing screenshots. Source: Bleeping Computer
4. Brazil Arrests 'USDoD,' Hacker in FBI Infragard Breach: Brazil has arrested a hacker known as 'USDoD' in connection with a breach at the FBI's Infragard program. The hacker was also behind a breach at the consumer data broker National Public Data, which led to the leak of Social Security numbers. Source: Krebs on Security
5. Microsoft Confirms Partial Loss of Security Log Data on Multiple Platforms: Microsoft has confirmed a partial loss of security log data across several platforms. The company had previously expanded free access to security logs on several platforms, including Purview, following a state-linked hack in 2023. Source: Cybersecurity Dive

Security Research

1. Gorilla Botnet's Global DDoS Attacks: Security researcher Fox_threatintel reports that the Gorilla Botnet, active for over a year, has recently surged in attacks. The botnet has launched over 300,000 global DDoS attacks, causing significant disruption. Source: Tech Wire Asia
2. Jailbreaking AI Robots: Researchers at Penn Engineering have discovered significant security flaws in AI robots. These vulnerabilities could allow the robots to be dangerously manipulated, raising concerns about the potential misuse of AI technology. Source: IoT Tech News
3. Quantum RSA Break: Researchers have demonstrated a new technique that could potentially break RSA encryption using quantum computing. This development could have significant implications for the future of cybersecurity. Source: Hackaday
4. Phishing Scam Targets Israeli Security Vendor: Security researcher Kevin Beaumont warns of a phishing scam where a hacker posed as an Israeli security vendor to deliver a wiper. The incident highlights the increasing sophistication of cyber attacks. Source: BankInfoSecurity
5. Canada's Bill C-26 and Cybersecurity: The passage of Bill C-26, formally titled “An Act Respecting Cyber Security (ARCS),” represents a significant step forward in protecting Canada's critical infrastructure and promoting cybersecurity research. Source: Carleton University

Top CVEs

1. Grafana SQL Expressions Command Injection Vulnerability (CVE-2024-9264): Grafana's SQL Expressions experimental feature is vulnerable to command injection and local file inclusion due to insufficient sanitization of user input. Attackers with VIEWER or higher permissions can exploit this vulnerability if the duckdb binary is present in Grafana's $PATH. Source: CVE-2024-9264
2. Microsoft Edge Spoofing Vulnerability (CVE-2024-43577): A spoofing vulnerability has been identified in the Chromium-based Microsoft Edge. The specifics of the vulnerability are not disclosed. Source: CVE-2024-43577
3. ScienceLogic SL1 Unspecified Vulnerability (CVE-2024-9537): An unspecified vulnerability involving a third-party component packaged with ScienceLogic SL1 has been identified. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Source: CVE-2024-9537
4. Bert Kößler Movie Database XSS Vulnerability (CVE-2024-43300): Bert Kößler Movie Database is vulnerable to Stored XSS due to improper neutralization of input during web page generation. Source: CVE-2024-43300
5. Add Widget After Content Plugin for WordPress XSS Vulnerability (CVE-2024-9892): The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This vulnerability affects multi-site installations and installations where unfiltered_html has been enabled. Source: CVE-2024-9892

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our insights and updates valuable in keeping your organization's data secure. Remember, in the world of cybersecurity, knowledge is power. So, don't keep this power to yourself! Share our newsletter with your colleagues and friends to help them stay informed and protected.

In the meantime, keep your eyes peeled for tomorrow's edition where we'll bring you more exclusive updates from the world of cybersecurity. Stay safe, stay informed, and remember, the secret to great security is always vigilance.