Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist, affecting hundreds of thousands of customers. We'll also discuss the $31.5 million settlement T-Mobile agreed to over data breach allegations and the CISA warning about credential access in FY23 risk and vulnerability assessment. In a shocking revelation, every Dutch police officer was exposed in a major breach, suspected to be the work of a state-sponsored actor.

Furthermore, we'll explore the data breach of the Matru Poshan app, affecting pregnant women beneficiaries, and the USAA data breach lawsuit over a 'system error' that exposed the info of 32K customers. In regulatory news, we'll look at what the White House should do next for cyber regulation and debunk some cybersecurity misconceptions with Shawn Tuma.

Lastly, we'll touch on the latest cybersecurity research, including vulnerabilities in government platforms, bot attacks costing businesses billions annually, and the discovery of a new DDoS attack vector. Stay tuned for these stories and more in today's Secret CISO. Stay safe and informed!

Data Breaches

1. Comcast, Truist Impacted by FBCS Breach: In a significant data breach, Comcast and Truist were impacted when FBCS, a debt collection agency, was targeted. The breach resulted in the exfiltration of individuals' names, addresses, birthdates, Social Security numbers, account numbers, and internal FBCS ID. Source: MSSP Alert
2. T-Mobile Agrees to $31.5 Million Settlement Over Data Breach Allegations: T-Mobile has reached a settlement with the Federal Communications Commission (FCC) to pay $31.5 million following a series of data breaches. The settlement aims to resolve allegations of the company's failure to protect customer data adequately. Source: teiss
3. Major Breach Exposes Every Dutch Police Officer: A major data breach suspected to be orchestrated by a state-sponsored actor has exposed the personal data of every Dutch police officer. The breach has raised serious concerns about the safety of law enforcement officers and their ability to perform their duties without fear of retribution. Source: Cybernews
4. USAA Data Breach Lawsuit Claims 'System Error' Exposed Info of 32K Customers: USAA is facing a class-action lawsuit over an apparent "system error" that may have impacted the personal data of approximately 32,000 customers in April 2024. The breach has raised questions about the company's data security measures. Source: Class Action
5. Personal Information Compromised in Universal Music Data Breach: Universal Music Group is informing hundreds of individuals about a recent data breach impacting personal information. The breach has raised concerns about the company's data security measures and the potential misuse of the compromised data. Source: SecurityWeek

Security Research

1. Single HTTP Request Can Exploit 6M WordPress Sites: A security researcher named TaiYou discovered a flaw in LiteSpeed Cache, a popular plugin used by WordPress sites. This vulnerability could potentially allow an attacker to exploit over 6 million WordPress sites with a single HTTP request. Source: Dark Reading
2. Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds: The UK's National Cyber Security Centre (NCSC) found a significant disconnect between board members and security leaders regarding who is responsible for cybersecurity within their organizations. This confusion could potentially lead to gaps in security protocols and increased vulnerability. Source: Infosecurity Magazine
3. Utilities Security Industry Research Report 2024: Global Market to Surpass $30 Billion by 2030: The global market for utilities security is expected to exceed $30 billion by 2030, driven by the adoption of AI and machine learning solutions. This growth indicates the increasing importance of cybersecurity in the utilities industry. Source: GlobeNewswire
4. 19 platforms used by government agencies have vulnerabilities: A recent study revealed that 19 platforms used by government agencies have vulnerabilities that could allow malicious actors to gain access to confidential data, compromise personal information, and alter documents. This research underscores the need for robust security measures in government systems. Source: Security Magazine
5. Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually: Data from Imperva Threat Research shows that vulnerable APIs and bot attacks could be costing businesses up to $186 billion annually. The widespread adoption of APIs has created significant security challenges, highlighting the need for effective security measures. Source: The Hacker News

Top CVEs

1. CVE-2024-9560 in ESAFENET CDG V5: A critical vulnerability was found in the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public. Source: CVE-2024-9560
2. CVE-2024-9561 in D-Link DIR-605L 2.13B01 BETA: A critical vulnerability has been found in the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public. Source: CVE-2024-9561
3. CVE-2024-47335 in Bit Form – Contact Form Plugin: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. The exploit has been disclosed to the public. Source: CVE-2024-47335
4. CVE-2024-9563 in D-Link DIR-605L 2.13B01 BETA: A critical vulnerability has been found in the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public. Source: CVE-2024-9563
5. CVE-2024-20102 in wlan driver: There is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Source: CVE-2024-20102

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the ever-evolving landscape of cybersecurity. From the fallout of healthcare companies navigating change, to the alarming data breaches impacting Comcast, Truist, and FBCS, it's clear that vigilance and proactive measures are more crucial than ever. We've also seen how T-Mobile is dealing with the aftermath of data breach allegations, and how the CISA is warning about credential access in risk assessments.

It's a stark reminder that no industry is immune, and that robust security programs are not just optional, but essential. In the face of these challenges, we're also seeing strides in cybersecurity regulation, with the White House considering a new office of cyber-regulation strategy. It's a hopeful sign that the government is taking steps to improve security and protect Americans.

As we sign off, we urge you to share this newsletter with your friends and colleagues. The more informed we all are, the better equipped we'll be to navigate the complex world of cybersecurity. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.