Secret CISO 11/8: Casio and Meta Data Breaches, SpyAgent Targets Crypto Wallets, Microsoft Warns of AI Security Risks

Secret CISO 11/8: Casio and Meta Data Breaches, SpyAgent Targets Crypto Wallets, Microsoft Warns of AI Security Risks

Good morning, Secret CISO readers! Today's newsletter is packed with crucial updates from the world of cybersecurity. First up, we have a warning from Casio about a data breach that may have impacted some personal information. If you've received an email from Casio about this incident, it's time to change your password. Next, we delve into the world of cryptocurrency with news about the SpyAgent malware. This new Android malware targets crypto wallets by stealing screenshots, particularly focusing on cryptocurrency recovery phrases.

We also explore the security risks of 'bring your own AI'. As AI becomes more prevalent in businesses, it's important to consider what data it's being trained on and the potential security implications. In other news, a North Otago farmer has lost trust in the Inland Revenue Department after a data breach resulted in his personal data being supplied to Meta. We also have updates on Nokia's recent data breach, with the company claiming that hackers did not obtain critical data. However, the hackers claim to have stolen very sensitive information that could enable future breaches. In the wake of the AT&T phone records breach, we discuss the importance of implementing additional security measures such as data encryption and access controls.

Finally, we look at the growing market for Data Breach Notification Software, which is expected to grow from 2.6 billion USD in 2024 to 5.1 billion USD by 2032. Stay tuned for more updates and remember, stay safe out there!

Data Breaches

  1. Casio Data Breach: Casio has issued a warning about a security incident that may have impacted users' personal information. The company has advised customers to change their passwords as a precautionary measure. Source: Forbes
  2. SpyAgent Malware Attack: A new Android malware named SpyAgent is targeting cryptocurrency wallets by stealing screenshots of recovery phrases. Users are advised to update their security measures to protect against this threat. Source: Security Intelligence
  3. Inland Revenue Department (IRD) Data Breach: A North Otago farmer has lost trust in the IRD after it supplied his personal data to Meta. The incident has raised concerns about the department's data handling practices. Source: Otago Daily Times
  4. AT&T Phone Records Stolen: AT&T has suffered a data breach resulting in the theft of phone records. The consequences of this breach are expected to be far-reaching, and users are advised to implement additional security measures. Source: Cyber Defense Magazine
  5. 23andMe Data Breach Settlement: Genetic testing company 23andMe has reached a settlement following a data breach that exposed the personal data of nearly half of its customers. Eligible customers may receive up to $10,000 from the settlement. Source: CNET

Security Research

  1. "Godfather Is A Risk To Android Users Worldwide As 500 Apps Targeted": A new variant of malware, dubbed 'Godfather', has been identified by security researchers at Cyble Research and Intelligence Labs. This malware has targeted 500 apps worldwide, posing a significant risk to Android users. Source: Forbes
  2. "New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus": Cado Security researchers have discovered a new malware, CRON#TRAP, that infects Windows systems by hiding in a Linux virtual machine to evade antivirus software. The malware is typically spread through emails containing an archive file attachment. Source: The Hacker News
  3. "Government to prepare plan to bolster research security": Italy is preparing a plan to protect its universities and research from foreign influence, according to a government undersecretary. The move is part of a broader effort to bolster research security. Source: University World News
  4. "CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability": The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of a critical vulnerability in Palo Alto Networks. The alert was prompted by findings from a security researcher known as Gi7w0rm. Source: The Hacker News
  5. "Legal protections for security researchers sought in new German draft law": A proposed amendment in German law seeks to protect legitimate security research from being classified as data espionage. This move aims to provide legal protections for security researchers. Source: SC Media

Top CVEs

  1. CVE-2024-40715 - Veeam Backup & Replication Enterprise Manager Authentication Bypass: A vulnerability has been identified in Veeam Backup & Replication Enterprise Manager that allows attackers to bypass authentication. To exploit this, attackers must be able to perform a Man-in-the-Middle (MITM) attack. Source: CVE-2024-40715
  2. CVE-2024-45794 - SQL Injection in devtron: Devtron, an open-source tool integration platform for Kubernetes, has a vulnerability that allows an authenticated user to exploit SQL Injection via CreateUser API. This issue has been addressed in version 0.7.2 and users are advised to upgrade. Source: CVE-2024-45794
  3. CVE-2024-8424 - Improper Privilege Management in WatchGuard: A vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows allows arbitrary file deletion with SYSTEM permissions. This issue affects versions before 8.00.23.0000. Source: CVE-2024-8424
  4. CVE-2024-51434 - XSS in Froala WYSIWYG editor: Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0. Source: CVE-2024-51434
  5. CVE-2024-8810 - GitHub App Permission Upgrade: A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. Source: CVE-2024-8810

API Security

  1. Unprotected FHIR API in Medical Office: An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records. Source: CVE-2024-50589.
  2. Elementor Header & Footer Builder Plugin Vulnerability: The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages. Source: CVE-2024-10325.
  3. Easy SVG Support Plugin Vulnerability: The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages. Source: CVE-2024-10269.
  4. Linux Kernel Vulnerability: In the Linux kernel, a vulnerability has been resolved that could disable DRAM's clock parent when DRAM is active, causing system instability. Source: CVE-2024-50181.
  5. Duende.AccessTokenManagement.OpenIdConnect Vulnerability: HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This is because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Source: CVE-2024-51987.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the Casio data breach to the latest malware targeting crypto wallets. As always, the world of cybersecurity is ever-evolving, and staying informed is the first step in staying secure. Remember, the threats we face are not just about technology, but also about the people and processes that we have in place.

So, let's continue to educate ourselves and our teams, and make cybersecurity a priority in our organizations. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Until next time, stay safe and secure.

P.S. Don't forget to change your passwords regularly and be cautious of the data you share online. Your security is in your hands.

Read more

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Secret CISO 12/21: Clinic, Rapido, Monument Health, Credit Union, Duke Energy Data Breaches; Microsoft, Cisco, McDonald's Security Flaws; Research on AI, Biochar, Microgrid Cyber Resilience

Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research. We start with a critique of a clinic's response to a data breach that exposed patients' personal and financial data. In India, ride-hailing platform Rapido has

By Secret CISO