Secret CISO #4: 1M Google Fi users under risk, Facebook 2FA bypassed, Vimeo is searching for new CISO
Welcome to Episode #4 of the Secret CISO Newsletter! We are excited to announce that our subscriber count has reached 221 in the third episode, and we couldn't have done it without your support. Our goal is to provide valuable information and insights to the CISO community and make it accessible to everyone. Thank you for sharing and inviting your colleagues to join the newsletter. Your help is greatly appreciated. Together, we can make this newsletter even better. Let's continue to spread the word and make this the go-to source for all things CISO. So, go ahead, forward this email to 3-5 of your friends and colleagues, and let's make the Secret CISO Newsletter even more impactful. Here's to another great episode!
1. Data Breaches
The most recent T-Mobile API hack affected 1M Google Fi users, Vice Media confirmed a breach including SSN, TruthFinder and Instant Checkmate data loss counts in dozens on millions of users
- TruthFinder and Instant Checkmate Data Breach Affects 20 Million Customers
Owners of the TruthFinder and Instant Checkmate background check services, PeopleConnect, confirmed a data breach after hackers leaked a 2019 backup database containing the information of millions of customers. On January 21st, the data was leaked on the Breached hacking and data breach forum. The exposed data includes email addresses, hashed passwords, first and last names, and phone numbers. PeopleConnect immediately launched an investigation and found no evidence of their network being breached. The company has engaged with a third-party cybersecurity firm and warns customers to be on the lookout for targeted phishing attacks. The incident is believed to be an "inadvertent leak or theft of a particular list."
Source: https://www.bleepingcomputer.com/news/security/truthfinder-instant-checkmate-confirm-data-breach-affecting-20m-customers - Vice Media Data Breach Affects 1700 People
A data breach at Vice Media leaked sensitive information and financial data of more than 1,700 people. The company was alerted in March 2022 and hired a cybersecurity firm to investigate the incident. The investigation found that hackers managed to break into an internal Vice email account. The breach involved Social Security numbers, financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs for accounts. The company did not respond to requests for comment on why it took nearly a year to complete the process. Victims are being offered 12 months of credit and identity monitoring services as well as identity restoration services through Equifax.
Source: https://therecord.media/data-breach-at-vice-media-involved-ssns-financial-info - Google Fi Data Breach Linked To T-Mobile hack affects 1M users at least
Google’s cell network provider Google Fi confirmed a data breach after being informed by its primary network provider of suspicious activity relating to a third-party support system containing a “limited amount” of Google Fi customer data. The timing of the notice suggests the breach is linked to the recent T-Mobile hack. No further details have been provided by Google at this time.
Source: https://techcrunch.com/2023/01/31/google-fi-says-hackers-accessed-customers-information/
2. Research
Adobe Acrobat is on the focus of research again, ChatGPT applied to AWS policies review, Facebook 2FA hacked
- Adobe Acrobat Reader has been the latest target in the fuzzing campaign aimed at popular PDF readers. A use-after-free vulnerability (CVE-2023-21608) was discovered and exploited to achieve Remote Code Execution. The exploit was acquired by Zero Day Initiative (ZDI) along with the vulnerability. The 64-bit version of the Adobe Reader was also affected, but the bug proved to be useless for 64-bit exploitation due to the presence of consecutive NULL bytes in the addresses. The exploit code and more information about the bug can be found at https://github.com/hacksysteam/CVE-2023-21608. We recommend this write-up for everyone who wants to do a deep-dive into binary exploitation. Source: https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-cve-2023-21608
- A 2FA bypass has been discovered in Facebook's new account center APIs. The settings page has strict access control, but the way it was implemented could lead to account take over or 2FA bypass. For example, if the page does not verify emails properly, someone might be able to send a verification code to the target's email and brute force it, making the email detached from the target's account and attached to theirs. If a number is used for 2FA and it gets detached from the target's account, 2FA won't exist on their account any longer. Combining removing the email with a merge functionality could result in Account Take Over (ATO). This type of 2FA bypass is a clever approach, but it is caused by bad application design. Source: https://medium.com/@TheCrazyAcademic/setting-you-up-for-failure-exploring-2fa-bypasses-in-web-application-settings-page-functionality-85cb382e1bda
- CloudGPT is a tool that utilizes ChatGPT to analyze AWS policies for vulnerabilities. It works by pulling your AWS policies and checking for vulnerabilities by asking ChatGPT. The tool will soon be released and a webcast is coming soon. All you have to do is set your OpenAI key and configure your AWS CLI. Source code: https://gist.github.com/ustayready/c29e9f9dca0a0b8170fbdfec11afc349
3. Podcasts
Why COO is also a CISO? How to Unleash Purple Teams?
- EP 118: Chief Operating Officer is also CISO Listen to this podcast to find out what it would be like to have your Chief Operating Officer also serve as your Chief Information Security Officer. Our guests Peter Hitschler, COO of Tri Tech Manufacturing, and the hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates, will explore this topic. Source: https://www.youtube.com/watch?v=ztIim3AWt_4
- Is the Elimination of Alert Fatigue Really Possible? | CISO Talks Join us in this episode of CISO Talks to discuss the possibility of eliminating alert fatigue. The guest is Fausto Lendeborg, Co-Founder & CCO at Secberus, shares his insights on reducing the chances of missing important alerts while minimizing fatigue and burnout. Source: https://soundcloud.com/user-305373143/is-the-elimination-of-alert-fatigue-really-possible-ciso-talks
- UNLEASHING THE POWER OF CYBERSECURITY PURPLE TEAMS WITH MARIL VERNON. Maril Vernon, a key player in promoting the concept of purple teaming, joins Ron and Chris in this episode of the podcast to discuss the importance of breaking down silos between cyber teams and inspiring individuals to drive their own careers in cybersecurity. Maril emphasizes hands-on experience and practical knowledge, and shares her plans for the future, including a doctorate program in cybersecurity. Source: https://hackervalley.com/e/unleashing-the-power-of-cybersecurity-purple-teams-with-maril-vernon/
4. CISO Jobs
CrowdStrike, Vimeo and GoHealth are hiring!
- GoHealth - Vice President of Information Security GoHealth is searching for a Vice President of Information Security to lead their team of experienced security professionals and drive their Information Security vision, strategy, adoption, and continuous improvement. The ideal candidate will be a motivated consensus builder and able to work across business lines. Apply: https://www.linkedin.com/jobs/view/3438190351
- Vimeo - CISO Vimeo is looking for a CISO to build and spread the word about their comprehensive security practices. The role involves leading teams in areas like application security, infrastructure security, compliance, IT, and security engineering. The CISO will be interacting with the Board and Executive team and representing security concerns to internal teams, vendors, and clients. Apply: https://www.linkedin.com/jobs/view/3462166649
- CrowdStrike - CISO CrowdStrike is committed to cultivating an inclusive and remote-first culture and is looking for a CISO to lead their information security strategy. The role involves reducing risk, protecting customer information, and ensuring the resiliency of core technical infrastructure. The CISO will report to the Chief Security Officer and partner with the Enterprise Risk Management Group and Product Security team. Apply: https://www.linkedin.com/jobs/view/3456873972
Epilogue
That's it for Episode #4 of the Secret CISO newsletter. Thank you for taking the time to read and engage with our content. We hope you found it informative and valuable.
We would love for you to help us spread the word and grow our community. Please forward this email to 3-5 CISO colleagues you know. The more, the merrier! Together we can make this newsletter better and more useful to the CISO community.
As a token of our appreciation, we would like to offer you a cyber cat digital gift for reading this newsletter in full:
Once again, thank you for your support and we look forward to your continued engagement with the Secret CISO newsletter.