Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into the dark web, where Tesla charging stations, Banque de France, and the NOQ Group have been targeted. We'll explore how these cyber attacks raise concerns about national security and the safety of sensitive data. We'll also look at the overlooked danger within organizations - insider threats. With data loss prevention solutions, security teams can monitor for unusual file transfers or downloads.

In the AI sector, we're seeing a projected growth in the cybersecurity market from $19.2B to a whopping $154.8B. As AI continues to evolve, so does its application in security measures, capturing even the most elusive cyber threats using machine learning and behavioral analysis. But it's not all smooth sailing. More than 2,000 Palo Alto Networks PAN-OS firewalls have been exploited following the disclosure and patching of two security vulnerabilities.

We'll also discuss the importance of data encryption and two-factor authentication in safeguarding online gamers, and how geopolitical strife is driving increased ransomware activity. Stay tuned for more on these stories and other top cybersecurity news. Stay safe, stay informed with Secret CISO.

Data Breaches

1. Tesla Charging Stations, Banque de France, and NOQ Group Targeted on Dark Web: A significant data leak was discovered involving user data from Tesla EV charging stations. Unauthorized access to Banque de France systems was also reported, along with a large data leak from the NOQ Group. Source: SOCRadar
2. Geopolitical strife drives increased ransomware activity: As different threat actors leverage each other's resources, it is crucial for organizations to ensure that they're on top of fundamental security practices to protect against increased ransomware activity driven by geopolitical strife. Source: Computer Weekly
3. The Overlooked Danger Within: Managing Insider Threats: Data loss prevention (DLP) solutions are proving to be useful tools for security teams to monitor for unusual file transfers or downloads, helping manage the often-overlooked danger of insider threats. Source: Tripwire
4. AI in Cybersecurity Market to Grow from $19.2B to $154.8B: The AI in cybersecurity market is projected to grow from $19.2 billion to $154.8 billion, with the cloud security segment expected to experience the highest growth. Source: The Cyber Express
5. Finastra Confirms Breach Amid Hacker's 400GB Data Theft Claim: Finastra, a major financial software provider that serves many of the world's leading banks, is grappling with a data breach, with a hacker claiming to have stolen 400GB of data. Source: Fintech News Singapore

Security Research

1. New Laboratory for AI Security Research: The UK has announced a new Laboratory for AI Security Research at the NATO Cyber Defence Conference. The lab aims to counter the growing threat of hostile states using AI in cyberattacks. Source: Counter Terror Business, TechCrunch
2. Malware Exploits Avast Anti-Rootkit Driver to Bypass Security Software: Cybersecurity researchers at Trellix have identified a malicious campaign that exploits Avast driver to bypass antivirus, terminate 142 processes, and disable security protections. Source: Hackread, The Hacker News
3. TLU Security Experts Call for Change in Security and Peace Thinking: Researchers stress the urgency of democratizing security dialogues to reflect the experiences of grassroots actors and marginalized regions. Source: ERR News
4. Cybersecurity Flaws in IaC and PaC Tools Expose Cloud Platforms to New Attacks: Security researcher Shelly Raban highlighted cybersecurity flaws in Infrastructure as Code (IaC) and Policy as Code (PaC) tools that expose cloud platforms to new attacks. Source: The Hacker News
5. How Hezbollah Diversified Its Funding: Security researchers Clara Broekaert and Colin P. Clarke have published a report on Hezbollah's diversified funding methods, focusing on disinformation and violent extremism. Source: Foreign Policy

Top CVEs

1. CVE-2024-53901: A heap-based buffer overflow vulnerability has been identified in the Imager package before 1.025 for Perl. This could lead to denial of service or potentially other unspecified impacts when the trim() method is called on a crafted input. Source: CVE-2024-53901
2. CVE-2024-53899: A command injection vulnerability has been found in virtualenv before 20.26.6. Magic template strings are not quoted correctly when replacing. This vulnerability is distinct from others previously reported. Source: CVE-2024-53899
3. CVE-2024-11664: A critical vulnerability has been discovered in eNMS up to 4.2. The function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler is affected, leading to path traversal. The attack can be launched remotely and the exploit has been publicly disclosed. Source: CVE-2024-11664
4. CVE-2024-53915: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is not properly validated. Source: CVE-2024-53915
5. CVE-2024-53916: In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. This vulnerability is still under review. Source: CVE-2024-53916

API Security

1. CVE-2024-11662 - Critical Vulnerability in OpsManage: A critical vulnerability has been discovered in welliamcao OpsManage versions 3.0.1 to 3.0.5. The flaw lies in the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the API Endpoint, leading to deserialization. The attack can be initiated remotely and the exploit is publicly disclosed. The vendor has been contacted but has not responded. Source: CVE-2024-11662
2. CVE-2024-6538 - SSRF Vulnerability in OpenShift Console: An SSRF (Server Side Request Forgery) vulnerability has been found in OpenShift Console. This flaw allows an attacker to supply all or part of a URL to the server to query, potentially disclosing information or having other nefarious effects on the system. The /api/dev-console/proxy/internet endpoint on the OpenShift Console allows authenticated users to perform arbitrary HTTP requests. Source: CVE-2024-6538
3. CVE-2024-11483 - Privilege Escalation in Ansible Automation Platform: A vulnerability has been discovered in the Ansible Automation Platform (AAP) that allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls. Source: CVE-2024-11483

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the alleged data leak at Tesla EV charging stations to the unauthorized access to Banque de France systems, and the targeting of NOQ Group on the Dark Web. We've also delved into the increasing role of AI in cybersecurity and the importance of managing insider threats. Remember, in this rapidly evolving digital landscape, staying informed is your first line of defense.

So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of the cyber threats.

Stay safe, stay informed, and see you in the next edition of Secret CISO.