Welcome to today's issue of Secret CISO, where we delve into the world of cybersecurity and data breaches. First up, we have a story about Cash App users who have a few days left to claim up to a $2,500 settlement payout. If you've experienced losses from Cash App's data breaches, you can get some money back as part of a $15 million class action settlement. Next, we look at how auto-rebooting iPhones are causing chaos for cops. Plus, Hot Topic confirms a customer data breach, and Germany arrests a US suspect. In other news, over 100,000 fake accounts linked to a South African grant-fraud claim have triggered a data breach alert. The N4aughtySecGroup claims to have breached credit bureaus to fraudulently obtain R175m in SRD grants.

Meanwhile, the Denver DA has launched an investigation of voting machine passwords following the Tina Peters data breach. On the regulatory front, China has passed new regulations on network data security management. In the healthcare sector, a data breach lawsuit has been filed against Southwest Family Medicine Associates. We also cover how to create better benefits experiences when staff don't want to give away their data, and the importance of addressing AI security threats.

Finally, we look at the security of the 2024 elections, with a statement from the Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly. Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the cybersecurity game.

Data Breaches

1. Cash App Data Breach Settlement: Cash App users who suffered losses due to data breaches can claim part of a $15 million class action settlement. The deadline for claims is imminent. Source: ZDNET
2. Hot Topic Customer Data Breach: Hot Topic confirmed a customer data breach this week, causing significant disruption. Further details are yet to be disclosed. Source: WIRED
3. SA Grant-Fraud Linked Data Breach: Over 100,000 fake accounts linked to South African grant-fraud have been breached. TymeBank and Investec have taken action to mitigate the impact. Source: Bizcommunity
4. Southwest Family Medicine Associates Data Breach: A data breach at Southwest Family Medicine Associates has exposed patient information, leading to potential class action lawsuits. Source: ClassAction.org
5. Columbus, Ohio Ransomware Attack: A ransomware attack in Columbus, Ohio has resulted in a data breach affecting 500,000 individuals. The city's data, including personal information, was posted on the dark web. Source: JD Supra

Security Research

1. Resignation of Lilian Weng from OpenAI: Lilian Weng, VP of Research and Safety at OpenAI, has announced her resignation. This marks a significant loss for the organization as she was one of the main researchers in safety. Source: VOI
2. Security Flaw in ChatGPT: Security researcher Johann Rehberger discovered a major security vulnerability in ChatGPT. The AI can be tricked into revealing sensitive information, posing a significant risk. Source: CyberGuy
3. October Telecommunications Attack: A report by the Congressional Research Service sheds light on the attack on U.S. telecommunications companies in October 2024. The attack was reportedly carried out by security researchers. Source: JD Supra
4. iPhone Reboot Mystery Solved: A security researcher on Mastodon has debunked the theory that iPhones are secretly communicating with each other to reboot. The researcher proved that the phenomenon has nothing to do with secret communication. Source: 9to5Mac
5. EFF's Support for Security Research: The Electronic Frontier Foundation (EFF) has been instrumental in supporting a security researcher during DEF CON 32, highlighting the need to protect good faith security research globally. Source: EFF

Top CVEs

1. CVE-2024-45763 - Dell Enterprise SONiC OS Command Injection: Dell's Enterprise SONiC OS versions 4.1.x and 4.2.x have a critical vulnerability that allows high privileged attackers with remote access to execute commands. Dell recommends customers to upgrade immediately. Source: CVE-2024-45763
2. CVE-2024-52004 - Remote Code Execution in MediaCMS: MediaCMS, an open-source video and media CMS, has vulnerabilities that could lead to remote code execution. All versions before v4.1.0 are susceptible and users are highly recommended to upgrade. Source: CVE-2024-52004
3. CVE-2024-52007 - XML External Entity Injections in HAPI FHIR: HAPI FHIR, a Java implementation of the HL7 FHIR standard for healthcare interoperability, is vulnerable to XML external entity injections. The issue has been addressed in release version 6.4.0 and all users are advised to upgrade. Source: CVE-2024-52007
4. CVE-2024-50966 - CSRF in dingfanzu CMS V1.0: dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability. Source: CVE-2024-50966
5. CVE-2024-35421 - Segmentation Violation in vmir e8117: vmir e8117 was discovered to contain a segmentation violation vulnerability. Source: CVE-2024-35421

API Security

1. Improper Neutralization of Input During Web Page Generation in Askew Brook Bing Search API Integration (CVE-2024-51692): A Cross-site Scripting (XSS) vulnerability has been discovered in the Bing Search API Integration by Askew Brook. The flaw allows for Reflected XSS, affecting all versions of the Bing Search API Integration. Source: vulners.com
2. Sensitive Information Disclosure in CE21 Suite Plugin for WordPress (CVE-2024-10285): The CE21 Suite plugin for WordPress, up to and including version 2.2.0, is vulnerable to sensitive information disclosure via the plugin-log.txt. This vulnerability allows unauthenticated attackers to log in as the user associated with the JWT. Source: vulners.com
3. Authentication Tokens Not Invalidated on Log Out in Cognito (CVE-2024-52311): In Cognito, authentication tokens issued via data.all are not invalidated upon logging out. This allows previously authenticated users to continue executing authorized API requests until the token expires. Source: vulners.com
4. Remote Code Execution Vulnerability in MediaCMS (CVE-2024-52004): MediaCMS, an open-source video and media CMS, is susceptible to vulnerabilities that can lead to remote code execution. The vulnerabilities are related to insufficient input validation while uploading media content. All versions before v4.1.0 are affected, and users are highly recommended to upgrade. Source: vulners.com
5. Privilege Escalation Vulnerability in Watcharr (CVE-2024-50634): A vulnerability in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. From Cash App's data breach settlement to the chaos caused by auto-rebooting iPhones, we've covered a lot of ground. We've also delved into the latest security measures for the 2024 elections and the new regulations on network data security management in China.

Remember, staying informed is the first step towards ensuring your digital safety. Share this newsletter with your friends and colleagues to keep them in the loop too. Stay safe and secure until our next update. Goodbye for now!