Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news.

Today, we delve into the world of data breaches, risk assessment tools, and the rising costs of cyber threats. Ford recently completed an investigation into a data breach, concluding that its systems and customer data remain uncompromised. The automotive giant pointed the finger at a third-party supplier for the leaked data. In the startup world, data protection company Cyera secured a whopping $300M in funding, doubling its valuation to $3B. The funds will be used to enhance its data security offerings.

On the risk assessment front, SentinelOne highlights the top 12 cybersecurity risk assessment tools for 2025, emphasizing the importance of identifying vulnerabilities well in advance of an attack. Data breaches continue to plague various sectors. Patelco Credit Union, Aspen Healthcare Services, and AdventHealth are all under investigation following data breaches. Meanwhile, Belton ISD is grappling with a cyber attack that targeted student information. In the tech world, Microsoft has launched a 'Zero Day Quest' competition to enhance cloud and AI security.

The initiative is part of Microsoft's broader Secure Future Initiative, aimed at pre-emptively addressing security vulnerabilities. Finally, T-Mobile managed to thwart a data breach before it occurred, marking a significant win in the ongoing battle against cyber threats. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. Ford Data Breach: Ford has concluded its investigation into recent data breach claims, confirming that its systems and customer data remain uncompromised. The breach was traced back to a third-party supplier. Source: SecurityWeek
2. Patelco Credit Union Data Breach: Patelco Credit Union is under investigation by Levi & Korsinsky, LLP following a data breach that has raised concerns over the security of sensitive personal information. The breach occurred on June 29, 2024. Source: KGET
3. Aspen Healthcare Services Data Breach: Aspen Healthcare Services announced a data breach following a ransomware attack. The company filed a notice of data breach with the Attorney General of Texas on November 18, 2024. Source: JDSupra
4. AdventHealth Data Breach: AdventHealth filed an official notice of data breach with the Attorney General of Texas on November 18, 2024, after discovering that confidential patient information had been compromised. Source: JDSupra
5. Data Breach at Debt Services Firm: A data breach at an unnamed debt services firm exposed the records of 1.5 million customers. The breach has led to an increase in spam emails and scam phone calls for affected customers. Source: Westlaw

Security Research

1. CISA's Internship Program Delivers Outstanding Results in Vulnerability Management: The program has seen significant success in enhancing open-source information gathering and security researcher partnership efforts, thanks to interns like Hannah B. from Old Dominion University. Source: HSToday
2. Graykey iPhone hacking tool can 'partially' access iPhone 16: The security researcher community is actively working to identify and block exploits used by hacking companies, including those that can partially access the iPhone 16. Source: 9to5Mac
3. How Hackers Are Using AI To Bypass Facial Recognition Systems: Security researchers from Cato Threat Research Labs have uncovered a new deepfake tool that hackers are using to bypass facial recognition systems. Source: Forbes
4. The 2024 Elastic Global Threat Report: Basic Security Settings Are Easily Exploited by Adversaries: Tenable's Cloud Security Research team has discovered new attack techniques that exploit basic security settings, as detailed in the 2024 Elastic Global Threat Report. Source: CXOToday
5. Microsoft announces Zero Day Quest hacking event with big rewards: Microsoft's Zero Day Quest invites security researchers to discover and report high-impact vulnerabilities in Microsoft AI and Cloud offerings, with substantial rewards on offer. Source: Help Net Security

Top CVEs

1. CVE-2023-21270: A vulnerability in PermissionManagerServiceImpl.java could allow an app to maintain permissions that should be revoked, leading to a local escalation of privilege. No user interaction is needed for exploitation. Source: CVE-2023-21270
2. CVE-2024-31141: Apache Kafka Clients have a vulnerability that could allow an untrusted party to read arbitrary contents of the disk and environment variables, potentially leading to an escalation of privilege. Users are recommended to upgrade to version >=3.8.0. Source: CVE-2024-31141
3. CVE-2024-10524: Applications using Wget to access remote resources with shorthand URLs and arbitrary user credentials are vulnerable to crafted credentials causing Wget to access an arbitrary resource. Source: CVE-2024-10524
4. CVE-2018-9466: In valid.c, there is a possible out of bounds write that could lead to remote escalation of privilege in an unprivileged app. User interaction is needed for exploitation. Source: CVE-2018-9466
5. CVE-2018-9341: In impeg2d_mc.c, there is a possible out of bound write due to a missing bounds check. This could lead to remote arbitrary code execution. User interaction is needed for exploitation. Source: CVE-2018-9341

API Security

1. 2FAuth API Vulnerability (CVE-2024-52598): 2FAuth, a web app for managing Two-Factor Authentication (2FA) accounts, has two interconnected vulnerabilities in version 5.4.1 - a Server Side Request Forgery (SSRF) and a URI validation bypass issue. These vulnerabilities could allow an attacker to force the application to make a GET request to an arbitrary URL, potentially gaining access to sensitive information. Source: Vulners
2. MStore API SQL Injection Vulnerability (CVE-2024-11179): The MStore API plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to and including 4.15.7. This vulnerability could allow authenticated attackers to append additional SQL queries into existing ones, potentially extracting sensitive information. Source: Vulners
3. Linux Kernel WiFi Vulnerability (CVE-2024-53074): A vulnerability in the Linux kernel's wifi module could impact devices that do not support the MLD API (9260 and down). This vulnerability could prevent the AP from being restarted after it has already been started. Source: Vulners
4. Hints Naver Blog CSRF Vulnerability (CVE-2024-51639): A Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog could allow Stored XSS. This issue affects Naver Blog versions from n/a through... Source: Vulners
5. Apache Kafka Clients Privilege Escalation Vulnerability (CVE-2024-31141): Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins that could be manipulated by an untrusted party. This vulnerability could allow attackers to read arbitrary contents of the disk and environment variables, potentially escalating from REST API access to filesystem/environment access. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a range of topics from Ford's data breach investigation to the rise of data protection startups like Cyera. We've also highlighted the importance of robust cybersecurity risk assessment tools and the ongoing investigations into data breaches at Patelco Credit Union and Aspen Healthcare Services.

Remember, staying informed is the first step in protecting your data and systems. Share this newsletter with your colleagues and friends to help them stay one step ahead of potential threats. Until next time, stay safe and secure.