Good morning, Secret CISO readers! In today's issue, we're diving into a whirlwind of cybersecurity news that's been making headlines.

First up, we're examining the recent claim by the Brain Cipher hacker group that they've successfully breached Deloitte's systems. Despite Deloitte's assertion that "no systems have been impacted", we'll be discussing the details of Deloitte's monitoring systems and security tools, and the potential implications of compromised client data. In other news, Atrium Health has reported a data breach impacting 585,000 individuals.

We'll be looking into the incident and its potential connection to online tracking. We're also covering the conclusion of the Data Protection Commission's inquiry into Maynooth University, and discussing why when you're warned about a data breach depends on where you live. In the wake of these breaches, we'll be exploring the importance of a layered defense against data theft, and discussing the potential impacts of proposed data reforms. Lastly, we'll be discussing the FBI's recent warning to iPhone and Android users to stop texting each other amid major security breaches, and the implications of this for personal data security.

Stay tuned for all this and more in today's issue of Secret CISO. Stay safe and informed!

Data Breaches

1. Deloitte Data Breach by Brain Cipher: The hacker group Brain Cipher claims to have breached Deloitte's systems and stolen 1TB of data. Deloitte, however, denies any system impact. The group is known for multi-pronged extortion and hosting a TOR-based data leak site. Source: Times of India, Infosecurity Magazine
2. Maynooth University Data Breach: The Data Protection Commission (DPC) has concluded its inquiry into a personal data breach at Maynooth University. The inquiry began in July 2019 on an own-volition basis. Source: Data Protection Commission
3. Chemonics International Data Breach: Chemonics International is under investigation for a data breach. A class action lawsuit could be filed to help those affected recover money for the incident. Source: ClassAction.org
4. Elekta and Northwestern Memorial Healthcare Data Breach: Elekta Inc. and Northwestern Memorial Healthcare have agreed to pay $8.9 million to resolve claims they failed to prevent a 2021 data breach. Source: Top Class Actions
5. Robinhood Data Breach: A lawsuit has been filed against Robinhood following a data breach earlier this year. The suit alleges that Robinhood failed to safeguard customer information, leading to the breach. Source: About Lawsuits

Security Research

1. How TikTok is reframing cybersecurity efforts: Over the past four years, more than 450 security researchers have discovered 1,000 security vulnerabilities, which were then reported to TikTok's security teams for rectification. This highlights the platform's proactive approach to cybersecurity. Source: Security Intelligence
2. What is Salt Typhoon? A security expert explains the Chinese hackers and their attack: Security vendor Trend Micro's research reveals that Salt Typhoon, a group of Chinese hackers, has compromised critical infrastructure globally. This study underscores the increasing threat posed by state-sponsored cyberattacks. Source: The Conversation
3. Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks: Critical vulnerabilities have been found in popular open-source machine learning frameworks like MLflow and PyTorch. These flaws could enable remote code execution, posing a significant threat to AI and ML security. Source: The Hacker News
4. Windows, macOS users targeted with crypto-and-info-stealing malware: Cado Security Labs researchers have reported websites impersonating companies offering a video conferencing app. These sites are being used to spread malware that steals information and cryptocurrency from Windows and macOS users. Source: Help Net Security
5. Solana JavaScript SDK backdoored to steal keys, funds: Security researcher Christophe Tafani-Dereeper has discovered a backdoor in the Solana JavaScript SDK version 1.95.7. This backdoor has been used to steal keys and funds, highlighting the increasing risk of supply chain attacks. Source: The Register

Top CVEs

1. CVE-2024-54128 - Directus HTML Injection Vulnerability: Directus, a real-time API and App dashboard for managing SQL database content, has a vulnerability in its Comment feature. The client-side filter designed to prevent users from adding restricted characters can be bypassed, making the application vulnerable to HTML Injection. This vulnerability is fixed in version 10.13.4. Source: Vulners.
2. CVE-2018-9390 - Procfile_write of gl_proc.c Out of Bounds Read: In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Source: Vulners.
3. CVE-2024-52798 - Path-to-regexp Regular Expression Vulnerability: Path-to-regexp, a tool that turns path strings into regular expressions, can output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12 to fix this vulnerability. Source: Vulners.
4. CVE-2018-9388 - Store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c Out of Bound Writes: In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. Source: Vulners.
5. CVE-2024-49041 - Microsoft Edge (Chromium-based) Spoofing: A spoofing vulnerability exists in the Chromium-based Microsoft Edge. More details are not provided in the source. Source: Vulners.

API Security

1. CVE-2024-53142 - Linux Kernel Vulnerability: A vulnerability in the Linux kernel has been resolved that could have led to a filename buffer overrun in the initramfs. Although the ability to exploit this vulnerability would require full control of the system, it's an important fix to prevent potential security breaches. Source: CVE-2024-53142
2. CVE-2024-12028 - WordPress Friends Plugin: The Friends plugin for WordPress, in all versions up to and including 3.2.1, was found to be vulnerable to unauthorized access due to a missing capability check on several REST API endpoints. This could have allowed unauthenticated attackers to send and accept friend requests on behalf of another website. Source: CVE-2024-12028
3. PYO3_CONFIG_FILE Environment Variable Build Corruption: In PyO3 0.23.0, a regression occurred in the PYO3_CONFIG_FILE environment variable used to configure builds. Changing the environment variable would no longer trigger PyO3 to reconfigure and recompile, leading to Python wheels being compiled against the wrong Python API version. Source: GHSA-VXCF-C7MX-PG53
4. Unsound Usages of std::slice::from_raw_parts: The library breaks the safety assumptions when using the unsafe API std::slice::from_raw_parts. This could lead to potential uninitialized memory exposure and cause several downstream applications to crash. This issue was patched in version 0.14.0. Source: GHSA-GW5W-5J7F-JMJJ
5. CVE-2024-54128 - Directus HTML Injection Vulnerability: Directus, a real-time API and App dashboard for managing SQL database content, was found to be vulnerable to HTML Injection due to a client-side filter that could be bypassed. This vulnerability was fixed in version 10.13.4. Source: CVE-2024-54128

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we navigate the ever-evolving landscape of cybersecurity, it's crucial to stay informed and vigilant. From the Brain Cipher hacker group's claims against Deloitte to the data breach impacting Atrium Health, it's clear that no organization is immune to these threats. Remember, cybersecurity isn't just about protecting systems; it's about safeguarding the data that fuels our businesses, our economies, and our lives.

So, let's continue to learn, share, and support each other in this journey. If you found today's newsletter helpful, please consider sharing it with your colleagues and friends.

Let's work together to create a safer digital world. Until next time, stay safe and secure. P.S. If you have any insights, questions, or comments, feel free to reply to this email. We'd love to hear from you.