Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news.

Today, we delve into the role of communication platforms in data breaches. A recent study reveals that the use of multiple communication tools, such as video conferencing and file sharing, can increase a company's risk of a data breach. In corporate news, Ford is currently investigating a potential data breach after hackers claimed to have stolen data. The company is yet another victim of IntelBroker, known for leaking data from high-profile companies.

In legal news, a German court has ruled that Facebook users can claim money over a data breach. The ruling recognizes user rights to non-material damages following a massive data breach. In healthcare, TriHealth Physician Partners reports a data breach after unauthorized access to patient information. Meanwhile, Oklahoma Spine Hospital is dealing with the aftermath of an email breach affecting almost 39,000 patients. In the tech industry, Maxar Space Systems confirms a data breach, with attackers gaining access to employee data. This raises concerns about security gaps in the aerospace industry. In other news, a Change Healthcare data breach has led to concerns about scam letters being sent to affected individuals. Finally, in research news, a new report reveals that incident recovery is taking 25% longer, highlighting the evolving challenges in cybersecurity. Stay tuned for more updates and remember, knowledge is the first line of defense.

Data Breaches

1. Ford Investigating Potential Data Breach: Ford is currently investigating a potential data breach after hackers claimed to have stolen data. IntelBroker, known for leaking data from high-profile companies, is the suspected culprit. Source: SecurityWeek
2. TriHealth Physician Partners Suffers Data Breach: TriHealth Physician Partners reported a data breach to the Massachusetts Attorney General after unauthorized access to patient information by hackers. Source: Becker's ASC
3. Maxar Space Systems Confirms Data Breach: Maxar Space Systems, a leader in satellite and space technology, has confirmed a data breach. Their information security team discovered that a hacker had accessed employee data. Source: Help Net Security
4. Change Healthcare Data Breach: Change Healthcare reported a data breach involving personal data such as Social Security numbers, driver's license or state ID numbers. Source: Democrat and Chronicle
5. Library of Congress's Email Communications Hacked: The Library of Congress disclosed the compromise of some of its IT systems, with an alleged foreign threat actor hacking their emails. Source: Security Affairs

Security Research

1. Spotify Abused to Promote Pirated Software and Game Cheats: Security researchers have discovered that Spotify is being used to promote pirated software and game cheats. The platform's collaborative playlist feature is being exploited to distribute malicious content. Source: Bleeping Computer
2. 1 Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks: Infoblox security researchers have discovered multiple vulnerabilities that leave over a million websites susceptible to 'sitting duck' cyber attacks. The underreported attack methodology could be the reason for the widespread vulnerability. Source: Forbes
3. Microsoft Announces Its Own Black Hat-like Hacking Event with Big Rewards for AI Security: Microsoft has announced a hacking event similar to Black Hat, offering significant rewards for AI security research. The event will qualify security researchers for bounty awards. Source: The Verge
4. New Security Alert from Push Security: Cross-IdP Impersonation Threatens SSO: Security researchers at Push Security have issued a new security alert regarding Cross-IdP impersonation, which threatens Single Sign-On (SSO). The company is a pioneer in identity threat detection and response. Source: Yahoo Finance
5. Fastly Report: Cyber Attack Recovery Times Surge to 7.3 Months as Security Risks Mount: Fastly's latest annual Global Security Research Report reveals that businesses now take 25% longer to recover from cyber attacks. The report also highlights the risks of cutting security budgets. Source: Stock Titan

Top CVEs

1. CVE-2021-1379 - Cisco IP Phone Series Vulnerabilities: Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. Cisco has released software updates that address these vulnerabilities. Source: CVE-2021-1379
2. CVE-2020-3431 - Cisco Small Business RV042 Dual WAN VPN Routers Vulnerability: A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Cisco has released software updates that address this vulnerability. Source: CVE-2020-3431
3. CVE-2024-31141 - Apache Kafka Clients Vulnerability: Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. Source: CVE-2024-31141
4. CVE-2020-26073 - Cisco SD-WAN vManage Software Vulnerability: A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. Cisco has released software updates that address this vulnerability. Source: CVE-2020-26073
5. CVE-2024-52318 - Apache Tomcat Vulnerability: Incorrect object recycling and reuse vulnerability in Apache Tomcat. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the vulnerability. Source: CVE-2024-52318

API Security

1. Apache Kafka Clients Vulnerability (CVE-2024-31141): Apache Kafka Clients, versions 2.3.0 through 3.5.2, 3.6.2, 3.7.0, have a vulnerability that allows attackers to read arbitrary contents of the disk and environment variables. This flaw can be used to escalate from REST API access to filesystem/environment access. Users are recommended to upgrade to version >=3.8.0. Source: CVE-2024-31141
2. SVG Block Plugin for WordPress Vulnerability (CVE-2024-11098): The SVG Block plugin for WordPress, versions up to and including 1.1.24, is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Administrator-level access to inject arbitrary web scripts. Source: CVE-2024-11098
3. Harden-Runner Command Injection Weaknesses: Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low. Source: GHSA-G85V-WF27-67XC
4. Cisco Network Services Orchestrator Vulnerability (CVE-2021-1132): A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. Source: CVE-2021-1132
5. Cisco Data Center Network Manager Vulnerability (CVE-2020-3538): A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. Source: CVE-2020-3538

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We hope you found this information valuable. Remember, staying informed is the first step in ensuring the security of your systems. Don't forget to share this newsletter with your friends and colleagues to help them stay secure too. Until next time, stay safe and secure!