Good morning, Secret CISO readers! Today's newsletter is packed with critical updates on data breaches and security research.

First up, Transak, a crypto on-ramp service provider, has reported a data breach affecting over 92,000 users due to a phishing incident. Meanwhile, Mystic Valley Elder Services' data breach has exposed personal information, prompting Murphy Law Firm to investigate legal claims on behalf of affected individuals. In Italy, politicians are alarmed by a data breach allegedly affecting 800,000 citizens, with breaches dating back to 2022.

On the other hand, Parkland Health in Dallas is warning patients of a possible data breach, including names, birth dates, and medical records. In the realm of security research, new findings reveal that the Spectre vulnerability persists in the latest AMD and Intel processors.

Meanwhile, a new ransomware group, Embargo, is using a toolkit that disables security solutions, according to ESET researchers. Lastly, the rising costs of data breaches are prompting organizations to seek cybersecurity consultants to restore and strengthen their technical infrastructure post-breach. Stay tuned for more updates and remember, your digital security is at stake. Stay vigilant!

Data Breaches

1. Transak Data Breach Affects Over 92,000 Users: Transak, a crypto on-ramp service provider, has reported a data breach impacting over 92,000 users due to a phishing incident. The extent of the data compromised is yet to be disclosed. Source: The Paypers
2. Mystic Valley Elder Services' Data Breach Exposes Personal Information: Mystic Valley Elder Services has suffered a data breach, exposing the personal information of its clients. Murphy Law Firm is currently investigating legal claims on behalf of the affected individuals. Source: GlobeNewswire
3. Italian Politicians Express Alarm at Latest Data Breach: A data breach dating from 2022 has compromised the data of at least 800,000 Italians, according to prosecutors in Milan. The breach was allegedly carried out by a private investigator. Source: Economic Times
4. Parkland Health in Dallas Warns Patients of Possible Data Breach: Parkland Health in Dallas has warned its patients of a possible data breach. The breach could potentially include names, birth dates, and medical records. Source: NBC DFW
5. French ISP Free Confirms Data Breach: French ISP Free has confirmed a data breach after a hacker put customer data up for auction. The company is advising its customers to strengthen their password security and enable multi-factor authentication. Source: Bitdefender

Security Research

1. New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors: Despite six years since the Spectre security flaw was discovered, new research indicates that the vulnerability still exists in the latest AMD and Intel processors. This highlights the ongoing challenge of securing modern CPU processors against such threats. Source: The Hacker News
2. New ransomware group Embargo uses toolkit that disables security solutions: ESET researchers have discovered a new ransomware group, Embargo, that uses a toolkit to disable security solutions. This highlights the evolving tactics of ransomware groups and the need for robust security measures. Source: EIN Presswire
3. BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers: The Datadog Security Research team has identified the resurgence of BeaverTail malware in malicious npm packages targeting developers. This underscores the ongoing threat of malware in software development environments. Source: The Hacker News
4. Security researchers circumvent Microsoft Azure AI Content Safety: Researchers have identified two vulnerabilities that allow attackers to bypass Microsoft Azure AI Content Safety guardrails to push malicious content onto protected LLM instances. This discovery underscores the need for continuous security testing and improvement in AI systems. Source: CSO Online
5. New tool bypasses Google Chrome's new cookie encryption system: A researcher has released a tool that can bypass Google's new App-Bound cookie encryption system. This discovery highlights potential vulnerabilities in browser security measures and the need for ongoing research and improvement. Source: Bleeping Computer

Top CVEs

1. IBM Flexible Service Processor Static Credentials Vulnerability (CVE-2024-45656): IBM's Flexible Service Processor (FSP) has static credentials that may allow network users to gain service privileges. The affected versions are FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10. Source: Vulners
2. JetBrains YouTrack Reflected XSS Vulnerability (CVE-2024-50575): JetBrains YouTrack before 2024.3.47707 is susceptible to reflected XSS in Widget. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user. Source: Vulners
3. iOS and iPadOS Authentication Vulnerability (CVE-2024-44274): An issue with improved authentication was addressed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information. Source: Vulners
4. Squid Proxy Denial of Service Vulnerability (CVE-2024-45802): Squid, an open-source caching proxy for the Web, is vulnerable to Denial of Service attacks due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs. This bug is fixed in the default build configuration of Squid version. Source: Vulners
5. Apple Devices Malicious Font Processing Vulnerability (CVE-2024-44240): Apple has addressed an issue with improved checks in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory. Source: Vulners

API Security

1. CVE-2024-6674 Data Leak through CORS Misconfiguration in parisneo/lollms-webui: A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. Source: CVE-2024-6674
2. CVE-2024-10464 Denial of Service in Firefox & Thunderbird: Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird &lt. Source: CVE-2024-10464
3. CVE-2024-47401 Amplified GraphQL Response in Mattermost: Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request. Source: CVE-2024-47401
4. CVE-2024-10008 Unauthorized User Profile Modification in Masteriyo LMS: The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. Source: CVE-2024-10008
5. CVE-2024-50084 Memory Leaks in Linux Kernel: In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. Source: CVE-2024-50084

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of the Secret CISO newsletter, we're reminded of the ever-evolving landscape of cybersecurity. From the Transak data breach affecting over 92,000 users to the rising costs of data breaches, it's clear that the need for robust security measures is more critical than ever.

In the face of these challenges, we see the tireless efforts of security experts and researchers working to safeguard businesses and individuals alike. Whether it's combatting human error, strengthening security post-breach, or offering advice on recognizing and avoiding social engineering attacks, their work is invaluable in this digital age.

Remember, knowledge is power. Share this newsletter with your friends and colleagues to keep them in the loop. Let's work together to create a safer digital world. Stay vigilant and stay secure.