Secret CISO 3/19: Fujitsu and Mintlify Fall Victim to Data Breaches, Chinese APT Targets 120 Organizations, New Research Reveals Vulnerabilities in GitHub Tokens and Ivanti
Welcome to today's edition of Secret CISO, your daily source for the latest in cybersecurity news. Today, we're diving into a series of data breaches that have rocked the tech world. Japanese ICT giant, Fujitsu, has confirmed a data breach after malware infiltrated multiple computer systems. This comes on the heels of a series of international data breaches conducted by Chinese APT, affecting nearly 120 organizations across 45 countries. In startup news, Mintlify, a documentation startup, has disclosed a data breach compromising numerous customers' GitHub tokens. This breach has exposed the vulnerability of startups and the importance of robust cybersecurity measures. On the legal front, the final days are approaching for Americans affected by a data breach to claim up to $1,625 from a $2.3 million data breach settlement. In sports, Manchester United is in court following an HR data breach that accidentally revealed the wage slips of hundreds of staff. In research news, a new report finds that unauthorized access to employee mobile devices leads to more than half of organizations experiencing a data breach. Lastly, we'll look at the latest vulnerabilities, including a data breach at French Unemployment Agency affecting 43 million benefit recipients and a security breach at Nations Direct Mortgage impacting 83,000 individuals. Stay tuned for more details on these stories and more in today's Secret CISO newsletter.
Data Breaches
- Fujitsu Data Breach: Fujitsu, a Japanese ICT giant, confirmed a data breach after malware infiltrated multiple computer systems. The breach follows a previous incident where data from a Japanese government agency was stolen via a supply chain attack on Fujitsu's ProjectWEB service. Source: Silicon Republic and The Register.
- Chinese APT Data Breaches: Nearly 120 organizations across 45 countries were targeted by Chinese advanced persistent threat operation Earth Krahang. The international data breaches highlight the extensive reach and impact of state-sponsored cyberattacks. Source: SC Magazine.
- Mintlify Data Breach: Mintlify, a documentation startup, suffered a data breach that compromised numerous customers' GitHub tokens. The breach involved the exploitation of a system vulnerability, leading to unauthorized access of 91 GitHub tokens. Source: Tech Times and SecurityWeek.
- Norwood Clinic Data Breach Settlement: Norwood Clinic agreed to a $2.3 million data breach settlement, with affected individuals entitled to up to $1,625. However, claimants must meet specific criteria and submit a claim form soon to be eligible. Source: The Sun.
- French Unemployment Agency Data Breach: A data breach at the French Unemployment Agency may span 20 years, affecting 43 million benefit recipients. The breach included contact information and social security numbers, highlighting the extensive duration and scale of some data breaches. Source: CPO Magazine.
Security Research
- Making Desync attacks easy with TRACE: Martin Doyhenard's research on TRACE Desync attacks reveals a new method to exploit HTTP request smuggling vulnerabilities. The research provides a detailed explanation of the attack and how it can be used to compromise web applications. Source: PortSwigger
- WordPress Brute-Force Attacks: Security researcher Denis Sinegubko has noted a surge in brute-force attacks targeting WordPress websites. The attacks use the browsers of unsuspecting site visitors to launch the attack, turning legitimate sites into staging grounds. Source: Security Boulevard
- China-linked hackers target governments in Southeast Asia: Researchers have discovered new backdoors used by China-linked hackers to target governments and research organizations in Southeast Asia. The groups are believed to be linked to a Chinese security company called I-Soon. Source: The Record Media
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability: Security researcher Tom Wedgbury discovered a critical vulnerability in Fortra FileCatalyst MFT. The flaw was disclosed in a coordinated manner in March 2024, and a proof-of-concept exploit has been released. Source: Help Net Security
- Research institutions under siege: Research institutions are facing daily attempts to breach security protocols, according to a report from the University of São Paulo. The report highlights the increasing challenges faced by research institutions in maintaining cybersecurity. Source: Nature
Top CVEs
- CVE-2024-20767: ColdFusion versions 2023.6, 2021.12 and earlier have an Improper Access Control vulnerability that could lead to unauthorized access to sensitive files and perform arbitrary file system write. Source: CVE-2024-20767
- CVE-2023-5388: NSS was susceptible to a timing side-channel attack when performing RSA decryption, potentially allowing an attacker to recover private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird <. Source: CVE-2023-5388
- CVE-2024-28054: Amavis before 2.12.3 and 2.13.x before 2.13.1, due to its use of MIME-tools, has an Interpretation Conflict when there are multiple boundary parameters in a MIME email message, leading to an incorrect check for banned files. Source: CVE-2024-28054
- CVE-2024-20752: Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Source: CVE-2024-20752
- CVE-2024-22257: In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication. Source: CVE-2024-22257
Final Words
As we wrap up today's edition of Secret CISO, we're reminded of the ever-evolving landscape of cybersecurity. From the data breach at Fujitsu to the compromise of customer GitHub tokens at Mintlify, the need for robust and proactive security measures has never been more apparent. In the face of these challenges, we stand committed to bringing you the latest news and insights in the world of cybersecurity. Remember, knowledge is power, and staying informed is the first step towards safeguarding your digital assets. If you found today's newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can foster a more secure digital environment for all. Stay safe, stay informed, and see you in the next edition of Secret CISO.