Welcome to today's issue of Secret CISO. We're diving into a series of data breaches that have recently made headlines, starting with Mercer University's settlement over a hack that exposed sensitive information of students and staff. Meanwhile, Cisco's security business is on the rise, doubling its revenue to $2 billion in the recent quarter, thanks to Splunk's contribution. In international news, Meta (formerly Facebook) lost a court battle in Germany over a global data leak in 2021. This could set a precedent for future data breach lawsuits.

On a similar note, Twitch has been fined 2 million Turkish lira over a 2021 data breach that revealed the incomes of top streamers on the site. In the realm of cybersecurity, T-Mobile has been targeted by Chinese cyber espionage, but thanks to diligent monitoring and robust security controls, the telecom giant reports no significant impacts to its systems or data.

We also delve into the world of data breaches and spreadsheets, exploring how organizations can avoid hefty fines when handling sensitive data. Plus, we'll look at how to preserve your cybersecurity during the holiday season, a time when data breaches and online scams often spike.

Finally, we'll explore the latest in cybersecurity research, including a new cyber risk analyzer launched by Aon to help clients mitigate their cyber risk exposure. Stay tuned for all this and more in today's Secret CISO.

Data Breaches

1. Mercer University Data Breach Lawsuit Settlement: Mercer University has agreed to settle a lawsuit following a data breach that exposed sensitive information, including driver's license numbers, names, and social security numbers of victims. Source: Macon Telegraph
2. Cisco's Security Revenue Boosted by Splunk: Cisco's security revenue doubled to $2 billion in its recent quarter, largely due to Splunk's contribution. Without Splunk, Cisco's total revenue would have dropped by 14%. Source: Cybersecurity Dive
3. Meta Loses German Court Fight Over 2021 Data Leak: Meta, formerly Facebook, lost a court battle in Germany over a global data leak in 2021. Despite the company's confidence in prevailing in the lower court, the systems were not hacked, and there was no data breach. Source: Yahoo Finance
4. PSNI Fined for Data Breach: The ICO issued its largest public sector fine of £750,000 to the PSNI for a data breach that exposed the details of 9,483 officers and staff. Source: The National Law Review
5. Twitch Fined Over Data Breach: Twitch was fined 2 million Turkish lira over a 2021 data breach that revealed the incomes of the top streamers on the site. Source: Dexerto

Security Research

1. Don't Fall for This Fake Image Generator and Its Political AI Slop: Security researchers have discovered a new threat where fake image generators are being used to infect Windows and macOS systems with Lumma Stealer and AMOS information-grabbing malware. Users are advised to be cautious of suspicious image generators. Source: PCMag
2. New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers: Security researcher Ryan Robinson has reported a new stealthy malware, BabbleLoader, which is being used in several campaigns to deliver WhiteSnake and Meduza stealers. The loader's stealthy nature makes it a significant threat. Source: The Hacker News
3. Research finds 56% increase in active ransomware groups: A recent report by Searchlight Cyber shows a 56% increase in active ransomware groups, indicating that despite a gradual decline in the prevalence of ransomware attacks, the threat is far from over. Source: Security Intelligence
4. Apple's Latest M4 Macs Cannot Run macOS Virtual Machines On Versions Earlier Than...: Security researcher Csaba Fitzl has highlighted an issue with Apple's latest M4 Macs, which are unable to run macOS virtual machines on versions earlier than the current one. This could potentially limit the functionality of these devices. Source: Wccftech
5. Researchers report rise in 'ClickFix' social engineering attacks: Security researchers have reported a rise in 'ClickFix' social engineering attacks. These attacks involve pop-up dialogue boxes appearing on fake websites or malicious files or attachments, tricking users into compromising their security. Source: Computing UK

Top CVEs

1. CVE-2021-1379 - Cisco IP Phone Series Vulnerabilities: Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. Cisco has released software updates that address these vulnerabilities. Source: CVE-2021-1379
2. CVE-2020-3431 - Cisco Small Business RV042 Dual WAN VPN Routers Vulnerability: A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Cisco has released software updates that address this vulnerability. Source: CVE-2020-3431
3. CVE-2020-26073 - Cisco SD-WAN vManage Software Vulnerability: A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. Cisco has released software updates that address this vulnerability. Source: CVE-2020-26073
4. CVE-2020-26071 - Cisco SD-WAN Software Vulnerability: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. Source: CVE-2020-26071
5. CVE-2024-38828 - Spring MVC Controller Methods Vulnerability: Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS. Source: CVE-2024-38828

API Security

1. Cisco Network Services Orchestrator API Vulnerability (CVE-2021-1132): A flaw in the API subsystem and web-management interface of Cisco Network Services Orchestrator could allow unauthorized remote access to sensitive data. The issue arises from improper validation of user-supplied input. Cisco has released software updates to address this vulnerability. Source: vulners.com
2. Cisco Data Center Network Manager REST API Vulnerability (CVE-2020-3538): A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. Cisco has released software updates to address this vulnerability. Source: vulners.com
3. Cisco SD-WAN vManage Software API Vulnerability (CVE-2020-26073): A flaw in the application data endpoints of Cisco SD-WAN vManage Software could allow unauthorized remote access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within API requests. Cisco has released software updates to address this vulnerability. Source: vulners.com
4. Cisco Integrated Management Controller API Vulnerability (CVE-2020-26063): A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. Source: vulners.com
5. OpenCTI GraphQL Endpoint Vulnerability (CVE-2024-37155): In OpenCTI, an open-source platform for managing cyber threat intelligence, the regex validation used to prevent Introspection queries can be bypassed by removing extra whitespace, carriage return, and line feed characters from the query. This could allow an attacker to gather information about the GraphQL endpoint functionality and potentially perform actions or read data without authorization. Users should upgrade to version 6.1.9 to receive a patch. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from the Mercer University lawsuit settlement to the growth of Cisco's security business, data breaches at Meta and Twitch, and the latest cybersecurity research. Remember, staying informed is the first step in protecting your systems and data. If you found this information useful, please consider sharing this newsletter with your colleagues and friends. They might find it helpful too. Stay safe, stay secure, and see you next time.

Don't forget to share your thoughts and feedback with us. We're always looking to improve and bring you the most relevant cybersecurity news.