Welcome to today's edition of the Secret CISO newsletter, where we delve into the most pressing cybersecurity issues of the day. Today, we're focusing on the massive AT&T data breach that has exposed 73 million current and former accounts on the dark web. The company has been scrambling to notify users and reset millions of passcodes, but the source of the breach remains unknown. In addition to this, we'll be looking at the potential security threats to ChatGPT, as researchers have discovered a malware worm that could infect the AI model. We'll also be discussing the surge in WordPress vulnerabilities, as highlighted by security researchers at Patchstack. In other news, a security researcher has found a critical vulnerability in the data leaked from AT&T, revealing that the encrypted account passcodes were surprisingly easy to decipher. This has led to AT&T resetting millions of customer passcodes. We'll also be touching on the discovery of a secret backdoor in the XZ Utils Library, which impacts major Linux distros, and the rise in cross-site scripting vulnerabilities in various WordPress plugins. Stay tuned for these stories and more in today's Secret CISO newsletter.

Data Breaches

1. AT&T Data Breach: AT&T experienced a data breach that exposed the personal information of approximately 73 million current and former customers on the dark web. The company has started notifying affected customers and resetting passcodes. The source of the breach is still unknown. Source: Fox Business, CBS News, The Globe and Mail, AP News, Business Insider, WSJ, Daily Mail
2. Equifax Data Breach: Equifax, a credit reporting company, had a massive data breach that exposed the personal information of approximately 147 million people. The company has reached a settlement with the affected individuals. Source: Equifax Breach Settlement
3. Yahoo Data Breach: Yahoo experienced one of the largest data breaches in history, affecting approximately 3 billion user accounts. The breach exposed names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. Source: Reuters
4. Marriott Data Breach: Marriott International experienced a data breach that exposed the personal information of approximately 500 million customers. The breach exposed contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal details. Source: BBC
5. Facebook Data Breach: Facebook experienced a data breach that exposed the personal information of approximately 50 million users. The breach allowed hackers to take over user accounts. Source: NY Times

Security Research

1. "AT&T confirms 73 million affected in massive data breach": A security researcher found a critical vulnerability in AT&T's encrypted account passcodes, which were surprisingly easy to decipher, leading to a massive data breach affecting 73 million customers. Source: Interesting Engineering
2. "Researchers Uncover Potential Security Threats To ChatGPT": Researchers have discovered a malware worm that could infect ChatGPT and other AI models, posing a significant security threat. Source: CoinGape
3. "Pakistani researcher achieves milestone in artificial vision": A Pakistani researcher has made significant strides in the field of artificial vision, with potential applications in security through the use of neuromorphic computing. Source: The Express Tribune
4. "Data Confirms A Surge In WordPress Vulnerabilities": Security researchers at Patchstack have published a whitepaper highlighting a significant increase in high and critical vulnerabilities in WordPress. Source: Search Engine Journal
5. "Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros": Microsoft security researcher Andres Freund discovered a heavily obfuscated malicious backdoor in the XZ Utils library, impacting major Linux distributions. Source: The Hacker News

Top CVEs

1. CVE-2024-3094: A malicious code was found in the upstream tarballs of xz, starting with version 5.6.0. The liblzma build process extracts a prebuilt object file from a disguised test file, resulting in a modified liblzma library that can intercept and modify data interaction. Source: CVE-2024-3094
2. CVE-2024-30441: PickPlugins Post Grid has a Cross-site Scripting vulnerability due to improper neutralization of input during web page generation. This allows for Reflected XSS. Source: CVE-2024-30441
3. CVE-2024-30437: WPPOOL's Webinar and Video Conference with Jitsi Meet has a Stored XSS vulnerability due to improper neutralization of input during web page generation. Source: CVE-2024-30437
4. CVE-2024-29686: Winter CMS v.1.2.3 has a Server-side Template Injection (SSTI) vulnerability that allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin. Source: CVE-2024-29686
5. CVE-2024-30442: BoldThemes Bold Page Builder has a Stored XSS vulnerability due to improper neutralization of input during web page generation. Source: CVE-2024-30442

Final Words

And that's a wrap for today's edition of Secret CISO. The AT&T data breach is a stark reminder of the importance of robust cybersecurity measures. Remember, it's not just about protecting your own data, but also about safeguarding the information of millions of customers who trust you with their personal details. As we continue to navigate this digital landscape, let's strive to stay informed, vigilant, and proactive in our cybersecurity efforts. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. After all, in the world of cybersecurity, knowledge is our best defense. Stay safe and secure until our next update.