Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the world of data security, AI, and compliance, and how these elements are shaping the future of cybersecurity. First up, we're looking at Powerlink Queensland's move to re-platform its SAP system. With security being a top priority, this move is a significant step towards ensuring data protection and privacy. Next, we're exploring the rising threat of unapproved AI in the workplace.

From regulatory breaches to data leaks, the risks are real and companies need to be prepared. On the compliance front, a more strategic approach is long overdue. With the increasing number of data breaches, such as the recent massive mortgage lender breach exposing 14 million people, it's clear that current methods aren't cutting it. In other news, CrowdStrike is launching AI red team services to secure AI systems against emerging threats. This move highlights the importance of proactive security measures in an ever-evolving threat landscape. Lastly, we're looking at the importance of data governance.

With data breaches becoming increasingly common, businesses need to balance their data and implement robust security measures to prevent leaks. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Data Breaches

1. 14 million exposed in massive mortgage lender breach: Dallas-based mortgage lender Mr. Cooper suffered a significant data breach following a cyberattack, exposing the personal and sensitive data of approximately 14 million customers. Source: MSN
2. Prasarana probed for PDPA compliance after data breach: Malaysian public transport provider Prasarana is under investigation for compliance with the Personal Data Protection Act (PDPA) following a data breach resulting from a ransomware attack. The breach affected internal data, but public rail services remained unaffected. Source: The Star
3. 200,000 SelectBlinds Customers Exposed In Card-Skimming Data Breach: The credit card and payment details of 200,000 customers of SelectBlinds were exposed due to an e-skimming data breach. Source: Forbes
4. Game Freak data breach: A significant data breach at Game Freak, the developer behind the Pokémon franchise, has led to a massive leak of information, demonstrating the potential vulnerabilities in the gaming industry. Source: Screen Rant
5. Services Australia struggles to gauge exposure to Optus data breach: Services Australia is facing challenges in assessing the extent of exposure following a data breach at Optus, highlighting the difficulties in managing and mitigating the impacts of such incidents. Source: iTnews

Security Research

1. CISA Urges Patching of Critical Palo Alto Networks' Expedition Tool Vulnerability: The Cybersecurity and Infrastructure Security Agency (CISA) has urged users to patch a critical vulnerability in Palo Alto Networks' Expedition Tool. The vulnerability was exposed in October when security researcher Zach Hanley released a proof-of-concept exploit. Source: Hackread
2. Security updates: Dell Enterprise SONiC vulnerable to multiple attacks: Dell Enterprise SONiC is vulnerable to multiple attacks, with no interim solution available to temporarily protect systems. Security researchers from QI-ANXIN have urged admins to install the patches quickly. Source: heise online
3. Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation: Cybersecurity researchers have uncovered nearly two dozen security flaws across 15 different machine learning (ML) related open-source projects. These flaws could enable server hijacks and privilege escalation. Source: The Hacker News
4. Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware: Cybercriminals are exploiting Excel to spread fileless Remcos RAT malware, according to researcher Xiaopeng Zhang. The exploit involves a unique challenge of cloud security. Source: The Hacker News
5. 2014-2021 Mazdas vulnerable: attackers can take over infotainment system using USB: Security researcher Dmitry Janushkevich has reported that Mazdas manufactured between 2014 and 2021 are vulnerable to attacks. Attackers can take over the infotainment system using a USB, requiring just a few minutes of physical access. Source: CyberNews

Top CVEs

1. CVE-2020-10370: Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455 are vulnerable to a Bluetooth outage if a 2021-01-26 firmware update is not present. This vulnerability allows attackers to exploit the "Spectra" feature. Source: CVE-2020-10370
2. CVE-2021-35473: LemonLDAP::NG versions before 2.0.12 have a missing expiration check in the OAuth2.0 handler, which does not verify access token validity. This allows an attacker to use an expired access token from an OIDC client to access the OAuth2 handler. Source: CVE-2021-35473
3. CVE-2024-46951: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Source: CVE-2024-46951
4. CVE-2021-41737: In Faust 2.23.1, an input file with certain lines can lead to a stack overflow. This vulnerability can be exploited to cause a denial of service or possibly have unspecified other impact. Source: CVE-2021-41737
5. CVE-2024-46953: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Source: CVE-2024-46953

API Security

1. CVE-2024-43430 - Moodle External API Access Flaw: A significant vulnerability was discovered in Moodle, where the external API access to Quiz can override contained insufficient access. This flaw could potentially allow unauthorized users to manipulate quiz results or access sensitive information. Source: CVE-2024-43430
2. CVE-2024-11068 - D-Link DSL6740C Modem API Misuse: The D-Link DSL6740C modem has been found to have an Incorrect Use of Privileged APIs vulnerability. Unauthenticated remote attackers can exploit this flaw to modify any user’s password, thereby gaining access to Web, SSH, and Telnet services. Source: CVE-2024-11068
3. CVE-2024-48939 - Paxton Net2 REST API License File Validation Issue: Paxton Net2, prior to version 6.07.14023.5015 (SR4), has been found to have insufficient validation performed on the REST API License file. This vulnerability could allow attackers to use the REST API with an invalid License File and potentially retrieve access-log. Source: CVE-2024-48939

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from Powerlink Queensland's SAP system re-platforming to the rise of unapproved AI in the workplace. We've also delved into the importance of a strategic approach to compliance and the alarming rise of data breaches. Remember, in the world of cybersecurity, knowledge is power.

Stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, why not share it with your colleagues and friends? Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of the threats.

Until next time, keep your data safe and your systems secure. Stay tuned for more updates from the world of cybersecurity. Stay safe, stay informed, and remember, we're all in this together.