Welcome to today's issue of Secret CISO. We're diving deep into the world of data breaches, with a special focus on recent incidents at Bojangles Restaurants, Inc., Andrew Tate's online 'university', and Stop and Shop.

We'll also be discussing Ford's successful debunking of data breach claims, and the importance of understanding the contents of credit monitoring letters post-breach. In the realm of cybersecurity, we'll be examining the 'worst' Telco cyber attack in US history, the recent ransomware attack on RRCA Accounts Management, and the gap in understanding of data priorities between IT and business leaders. We'll also be looking at the recent data breach investigations involving Facebook-Cambridge Analytica, TracFone, and T-Mobile, and the potential data leak at a gangster counseling center.

In research news, we'll be discussing the latest findings in AI and endpoint security, the establishment of a new institute at Montana State to address national security, and the latest bugs found in open-source projects by Google's AI tool. Lastly, we'll be examining the latest vulnerabilities in IBM PowerVM, PHP, and Logsign Unified SecOps Platform, among others. Stay tuned for an in-depth look at these stories and more, as we keep you updated on the latest happenings in the world of tech security.

Data Breaches

1. DATA BREACH ALERT: Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Bojangles Restaurants, Inc. Customers: Edelson Lechtzin LLP is investigating a data breach that may have affected customers of Bojangles Restaurants, Inc. The extent of the breach and the specific data compromised have not been disclosed yet. Source: GlobeNewswire.
2. Andrew Tate 'online university' suffers breach: 800,000 users' data exposed: A data breach has affected fans of Andrew Tate, a far-right influencer, after hackers targeted his online university. The breach exposed the data of approximately 800,000 users. Source: Mashable.
3. 'Stocked and largely recovered': Stop and Shop provides update after data breach affected stores: Stop and Shop has announced recovery from a data breach that affected stores throughout New England. The extent of the breach and the specific data compromised have not been disclosed. Source: Boston 25 News.
4. Members Trust Company Data Breach Following Compromised Email Accounts Affects: Members Trust Company filed a notice of data breach with the Attorney General of Maine after discovering that an unknown number of email accounts were compromised. The specific data compromised has not been disclosed. Source: JD Supra.
5. UK fintech Finastra investigating data breach impacting internal SFTP platform: Finastra, a UK-based financial software provider, is investigating a data breach impacting an internally hosted file transfer platform. The extent of the breach and the specific data compromised have not been disclosed. Source: Fintech Futures.

Security Research

1. 2K Palo Alto un-patched firewalls hacked despite warnings: Despite warnings and patching two PAN-OS bugs, 2000 Palo Alto firewalls were hacked. Security research at the Qualys Threat Research Unit advises users to sift through their installations and ensure none of the IOCs exist on their system. Source: SC Media
2. Zero Days Top Cybersecurity Agencies' Most-Exploited List: A blog post by a security researcher at vulnerability intelligence firm VulnCheck reveals that nation-state advanced persistent threat groups are exploiting zero-day vulnerabilities. Source: GovInfoSecurity
3. AI messes with scammers, autonomous endpoint security, malware targets Excel: The latest security research highlights AI's role in disrupting scammers, the importance of autonomous endpoint security, and how malware is targeting Excel. Source: SC Magazine
4. Google AI Tool Finds 26 Bugs in Open-Source Projects: Google's AI security tool has found 26 bugs in open-source projects, highlighting the importance of AI in identifying vulnerabilities. Source: GovInfoSecurity
5. 'Alarming' security bugs lay low in Linux's needrestart server utility for 10 years: Researchers at Qualys have discovered five bugs in the Linux world's needrestart utility that allow unprivileged local users to exploit the system. These bugs have been lying low for ten years, raising concerns about long-standing vulnerabilities in widely used systems. Source: The Register

Top CVEs

1. CVE-2024-41781: IBM PowerVM Platform KeyStore has a vulnerability that could be exploited if an attacker gains service access to the HMC. The attacker could locate and decrypt data contained in the Platform through a series of service procedures. Source: vulners.com
2. CVE-2021-30299: There is a potential out of bound access in the audio module due to lack of validation of user-provided data. This could lead to unauthorized access or information disclosure. Source: vulners.com
3. CVE-2024-8932: In certain PHP versions, uncontrolled long string inputs to the ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds read. This could lead to a denial of service or potentially information disclosure. Source: vulners.com
4. CVE-2017-9711: Certain unprivileged processes are able to perform IOCTL operations. This could lead to unauthorized actions being performed, potentially compromising the security of the system. Source: vulners.com
5. CVE-2024-52052: Wowza Streaming Engine below 4.9.1 has a vulnerability that permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. Source: vulners.com

API Security

1. Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability (CVE-2024-9665): A vulnerability in Zimbra allows remote attackers to disclose sensitive information on affected installations. The flaw exists within the implementation of the graphql endpoint, lacking proper protections against CSRF attacks. User interaction is required to exploit this vulnerability. Source: CVE-2024-9665
2. Macrozheng Mall JWT Token Handler Vulnerability (CVE-2024-11619): A problematic vulnerability has been found in macrozheng mall up to version 1.0.3. The issue lies in an unknown functionality of the JWT Token Handler component, leading to the use of a default cryptographic key. The vendor has not responded to this disclosure. Source: CVE-2024-11619
3. Sentry Application Integration Client Secret Leak (GHSA-V5H2-Q2W4-GPCX): During routine testing, a specific error message generated by Sentry's platform was found to include a plaintext Client ID and Client Secret for an application integration. The ID and Secret pair alone does not provide direct access to any data. For that secret to be abused, an attacker would also need to obtain a valid API token for a Sentry application. Source: GHSA-V5H2-Q2W4-GPCX
4. Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability (CVE-2024-5721): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. The flaw exists within the implementation of the cluster HTTP API, which lacks authentication prior to allowing access to functionality. Source: CVE-2024-5721
5. Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability (CVE-2024-5722): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. The flaw exists within the HTTP API, which uses a hard-coded cryptographic key. Source: CVE-2024-5722

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving security threats. From the data breach investigations at Bojangles Restaurants to Ford debunking data breach claims, it's clear that no industry is immune. We also saw how Andrew Tate's online university fell victim to a breach, exposing the data of 800,000 users. And let's not forget the 'worst' telco cyber attack in US history, which served as a stark reminder of the potential consequences of lax security measures. In the world of research, we saw a significant gap in understanding of data priorities between IT and business leaders.

This highlights the need for clear communication and collaboration in order to effectively safeguard our data. Finally, we delved into a number of security vulnerabilities, from the Logsign Unified SecOps Platform to the Sentry error tracking and performance monitoring platform. These cases underscore the importance of regular security audits and updates to keep our systems secure. Remember, knowledge is power. By staying informed, we can better protect ourselves and our organizations from potential threats.

So, share this newsletter with your friends and colleagues to help them stay one step ahead of the cybercriminals. Stay safe and see you tomorrow for more updates from the world of cybersecurity.