Good day, Secret CISO readers! In today's edition, we delve into the world of cyber threats and data breaches, starting with the recent attack on Croatia's Port of Rijeka by the 8Base ransomware group.

We'll also discuss the growing trend of QR codes bypassing browser isolation for malicious C2 communication, and the questionable tactics of KillSec3 using publicly leaked data for extortion. In the financial sector, we explore how AI is helping to cut the cost of data breaches and the fight against online fraud in banking. Despite the escalating threats and increasing data breaches, the cyber insurance market is projected to reach USD 97.3 billion by 2032. We also touch on the importance of encryption in securing your calls and texts, especially in light of recent data hacks.

Additionally, we'll look at the RedLine info-stealer campaign targeting Russian businesses and the massive cyberattack on Hoboken, NJ by 3AM. In our research section, we highlight the latest studies on cybersecurity, including the alarming finding that 87% of cyber threats use encryption. We also discuss the advent of quantum computing and its potential security implications.

Finally, we wrap up with a roundup of the latest vulnerabilities and exploits, including those affecting IBM AIX, IBM QRadar SIEM, and the Mini Program API plugin for WordPress. Stay tuned for these stories and more in today's Secret CISO newsletter. Stay safe and informed!

Data Breaches

1. 8Base Ransomware Group Hacks Croatia's Port of Rijeka: The 8Base ransomware group has launched an attack on Croatia's Port of Rijeka, resulting in the theft of sensitive data, including contracts and accounting information. The impact of this breach is yet to be determined. Source: Security Affairs
2. QR Codes Bypass Browser Isolation for Malicious C2 Communication: A recent study by Mandiant has revealed that QR codes can be used to bypass browser isolation for malicious C2 communication. This discovery highlights the need for additional security measures such as domain reputation, URL scanning, data loss prevention, and request. Source: Bleeping Computer
3. KillSec3 Extorts Victims Using Publicly Leaked Data: KillSec3, a notorious cyber threat actor, is reportedly extorting victims using publicly leaked data. The group has been listing exposed servers on its leak site, some of which were subsequently secured. Source: DataBreaches.Net
4. RedLine Info-Stealer Campaign Targets Russian Businesses: An ongoing RedLine information-stealing campaign is targeting Russian businesses using pirated corporate software. The impact of this campaign on the targeted businesses is currently unknown. Source: Security Affairs
5. Anna Jaques Hospital Notifies 316,300 People About 2023 Ransomware Attack: Anna Jaques Hospital has notified 316,300 people about a ransomware attack that occurred in 2023. The hospital discovered a second data security problem a month after disclosing the data breach. Source: DataBreaches.Net

Security Research

1. Israel's Airstrikes on Security Complex and Research Center in Syria's Damascus: Israel has reportedly carried out three airstrikes against a major security complex and a research center in the Kafr Sousa district of the Syrian capital. The research center is believed to be used by Iran for missile development. Source: Jerusalem Post, Times of Israel
2. Zscaler Research on Encrypted Cyber Threats: Security cloud provider Zscaler's analysis reveals that 87% of cyber threats are now using encryption. The manufacturing sector is facing a surge in these encrypted attacks, with threat actors exploiting HTTPS. Source: Cyber Magazine
3. Research Seminar by Postdoctoral Researcher Mahtab Shahin at TalTech Estonian Maritime Academy: The next Maritime Cyber Security Centre seminar will be conducted via MS Teams, featuring Postdoctoral Researcher Mahtab Shahin, PhD, from TalTech Estonian Maritime Academy. Source: TalTech
4. Participatory Regulation as a Tool for Tackling Complex Security-Related Challenges: A study on ResearchGate discusses the potential of participatory regulation as a tool for addressing complex security-related challenges, as set out in the Government Resolution on Security Strategy for Society. Source: ResearchGate
5. Missouri's Quantum Leap: Revolutionizing Research or Security Threat?: Missouri's new initiative propels the university into a new age of computational research but also raises questions about the security implications of such advancements. Source: YANoticias

Top CVEs

1. CVE-2024-47115: IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 are vulnerable to local users executing arbitrary commands on the system due to improper neutralization. Source: CVE-2024-47115
2. CVE-2024-47107: IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting, allowing authenticated users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure. Source: CVE-2024-47107
3. CVE-2024-11380: The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts. Source: CVE-2024-11380
4. CVE-2024-11457: The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action. Source: CVE-2024-11457
5. CVE-2024-41762: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Source: CVE-2024-41762

API Security

1. Zabbix SQL Injection Vulnerability (CVE-2024-42327): A significant SQL Injection vulnerability has been identified in Zabbix's user.get API endpoint. The flaw can be exploited by non-admin users with API access, potentially allowing attackers to inject SQL commands by manipulating API calls. Successful exploitation could result in unauthorized access and control. Affected versions include 6.0.0 – 6.0.31, 6.4.0 – 6.4.16, and 7.0.0. Source: vulners.com
2. Mini Program API Plugin for WordPress Vulnerability (CVE-2024-11380): The Mini Program API plugin for WordPress, up to and including version 1.4.5, is vulnerable to Stored Cross-Site Scripting via the 'qvideo' shortcode. This vulnerability is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From ransomware attacks on Croatia's Port of Rijeka to the rising demand for cyber insurance, we've covered a lot of ground. But remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense. If you found this newsletter helpful, why not share it with your colleagues and friends?

Let's spread the knowledge and create a safer digital world together. Stay safe, stay informed, and see you in the next edition of Secret CISO.