Secret CISO 4/10: Unmasking the Breach Epidemic - From Home Depot to BOC, Cyber Threats Surge Amidst Rising Security Investments
Good day, Secret CISO readers! Today's newsletter is packed with updates from the world of data security. We start with a success story from Down Under, where the Australian register of stolen data has blocked over 300,000 attempts at identity fraud, thanks to protections introduced after the 2022 Optus data breach. However, it's not all good news. The Bureau of Customs (BOC) has reported a data breach in its cloud-based platforms, affecting systems handling personal information and trade secrets. The Tandym Group has also filed a notice of data breach, and Home Depot confirmed a data breach that exposed employee data. In the startup world, data security firm Cyera has secured another $300M in funding, pushing its valuation to $1.4B. Meanwhile, the Zalkin Law Firm's proposed $285K data breach settlement was rejected by the court. On the research front, evasion data exfiltration techniques exploitable in SharePoint have been uncovered. Microsoft has patched an actively exploited security feature bypass vulnerability, and Binary Defense has launched a new threat research unit, ARC Labs. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed!
Data Breaches
- Optus Data Breach: In 2022, a significant data breach occurred at Optus, leading to the introduction of protections that have since blocked over 300,000 fraudulent attempts to use stolen Australian data. Source: ABC
- BOC Data Breach: The Bureau of Customs (BOC) disclosed a security breach within its external cloud-based online applications, potentially affecting systems handling personal information and trade secrets. Source: Bilyonaryo, YouTube
- Tandym Group Data Breach: Tandym Group, LLC filed a notice of data breach with the Attorney General of Massachusetts, notifying an unknown number of consumers about the breach. Source: JD Supra
- Home Depot Data Breach: Home Depot confirmed a data breach after one of its SaaS vendors mistakenly exposed employee data. Source: Total Retail
- Zalkin Law Firm Data Breach: The Zalkin Law Firm PC's proposed $285,000 settlement of a lawsuit over a data breach that exposed sensitive personal information was rejected by the court. Source: Bloomberg Law News
Security Research
- Microsoft security bypass bug said to be under exploit: A security bypass bug in Microsoft's software is reportedly being exploited. The issue was first identified by Stairwell in January and further detailed by Sophos. Microsoft has yet to release a patch. Source: The Register
- Microsoft employees exposed internal passwords in security lapse: Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. The issue was discovered by security researchers Can Yoleri. The company has not disclosed how long the data was exposed. Source: TechCrunch
- Researchers uncover evasion data exfiltration techniques that can be exploited in SharePoint: Researchers have discovered evasion data exfiltration techniques that can be exploited in SharePoint. These techniques can bypass traditional detection and enforcement policies, posing a significant security risk. Source: CSO Online
- Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988): Microsoft has patched a vulnerability (CVE-2024-29988) that was being actively exploited by attackers. The vulnerability was discovered by ZDI threat researcher Peter Girnus. Source: Help Net Security
- Researchers discover new ransomware gang 'Muliaka' attacking Russian businesses: A new ransomware gang, dubbed 'Muliaka', has been discovered attacking Russian businesses. The group's tactics, techniques, and procedures (TTPs) are still under investigation. Source: The Record
Top CVEs
- CVE-2024-31370 (CodeIsAwesome AIKit SQL Injection): CodeIsAwesome AIKit has an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This issue affects AIKit versions from n/a through... Source: CVE-2024-31370
- CVE-2024-31863 (Apache Zeppelin Authentication Bypass): Apache Zeppelin has an Authentication Bypass vulnerability by spoofing, which allows attackers to replace existing notes. This issue affects Apache Zeppelin versions from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0. Source: CVE-2024-31863
- CVE-2022-47894 (Apache Zeppelin SAP Improper Input Validation): Apache Zeppelin SAP has an Improper Input Validation vulnerability. This issue affects Apache Zeppelin SAP versions from 0.8.0 before 0.11.0. As this project is retired, users are recommended to find an alternative or restrict access to the instance to trusted users. Source: CVE-2022-47894
- CVE-2024-31978 (SINEC NMS Path Traversal): SINEC NMS has a path traversal vulnerability. Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Source: CVE-2024-31978
- CVE-2024-3046 (Eclipse Kura LogServlet Unauthenticated Access): In Eclipse Kura LogServlet component, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0,... Source: CVE-2024-3046
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the Australian register blocking identity fraud attempts to the rising cyber threats posing serious concerns for financial stability. It's clear that the world of cybersecurity is constantly evolving, and staying informed is our best defense. Remember, knowledge is power. So, don't keep this valuable information to yourself. Share this newsletter with your friends and colleagues to help them stay ahead of the curve. Together, we can build a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.