Secret CISO 4/11: Unprecedented Surge in Data Breaches, Microsoft, Home Depot, OWASP, and AT&T Under Attack, Security Measures in Question, Latest Research on Spectre Threats and AI-Powered Security

Secret CISO 4/11: Unprecedented Surge in Data Breaches, Microsoft, Home Depot, OWASP, and AT&T Under Attack, Security Measures in Question, Latest Research on Spectre Threats and AI-Powered Security

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and updates. Today, we're diving into a series of data breaches that have hit major companies like Home Depot, Microsoft, and AT&T, affecting millions of customers and employees. We'll explore how these breaches occurred, the impact they've had, and what steps are being taken to prevent future incidents. We'll also look at the surge in US data breach reports, which have grown by a staggering 90% in the first quarter of this year. In addition, we'll discuss the importance of upgrading data breach prevention and response strategies, with insights from experts on how to enhance data security and reduce losses caused by breaches. On the research front, we'll delve into the latest findings from security researchers, including vulnerabilities in Intel CPUs and new AI-powered security capabilities from Google Cloud. We'll also highlight the work of the National Security Agency in maturing data security practices used in zero trust. Stay tuned for all this and more in today's issue of Secret CISO. Don't miss out on the latest cybersecurity news and insights!

Data Breaches

  1. Home Depot Data Breach: Home Depot suffered a data breach affecting its staff due to a mistake by a third-party SaaS vendor. The extent of the breach and the data compromised remains undisclosed. Source: Hardlines.
  2. Microsoft Data Breach: Microsoft was hit with another data breach when cybersecurity firm SOCRadar discovered that employees' credentials were stored on a server without a password. The breach's impact is still under investigation. Source: Firstpost.
  3. OWASP Data Breach: The Open Worldwide Application Security Project (OWASP) experienced a data breach due to server misconfiguration, leaking members' personal information. The organization is currently working on mitigating the impact. Source: CPO Magazine.
  4. HTW Data Breach: National valuation firm Herron Todd White was suspended from new work by the country's largest banks following a data breach. The breach's extent and the type of data compromised are yet to be revealed. Source: AFR.
  5. AT&T Data Breach: AT&T has begun the process of informing state authorities and regulators about a security breach exposing millions of customer records. The exact number of affected customers and the type of data exposed are still under investigation. Source: BBN Times.

Security Research

  1. "Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool": A cloud security researcher warns that a stolen Microsoft signing key was more powerful than initially thought, not limited to Outlook.com and Exchange Online. This raises concerns about the potential misuse of the key. Source: SecurityWeek
  2. "German defence industry welcomes paper on military research": A position paper from the German Federal Ministry of Education and Research aims to balance academic freedom and national security. This could potentially lead to new advancements in security technology. Source: Science|Business
  3. "Intel CPUs are still vulnerable to Spectre threats": Despite hardware and software updates, Intel's CPUs remain vulnerable to Spectre attacks, according to security researchers from VU Amsterdam. This highlights the ongoing challenge of securing hardware against sophisticated threats. Source: TechRadar
  4. "European Managed Security Services Industry Research, 2023 and 2024-2026": The "European Managed Security Services Growth Opportunities" report has been added to the market research offerings, indicating a growing demand for managed security services in Europe. Source: Yahoo Finance
  5. "New Homeland Security research center marks opening at University of Alaska Anchorage": The new research center aims to confront emerging threats, strengthen security infrastructure, and enhance safety through research, innovation, and collaboration. This marks a significant investment in security research in the region. Source: Anchorage Press

Top CVEs

  1. CVE-2024-31309: A DoS attack can cause Apache Traffic Server to consume excessive resources. Versions from 8.0.0 to 8.1.9 and 9.0.0 to 9.2.3 are affected. Users are recommended to upgrade to versions 8.1.10 or 9.2.4. Source: CVE-2024-31309
  2. CVE-2023-51672: A Missing Authorization vulnerability exists in FunnelKit Checkout. The specific affected versions are not mentioned. Source: CVE-2023-51672
  3. CVE-2024-27991: A Cross-site Scripting vulnerability in SupportCandy allows Stored XSS. The specific affected versions are not mentioned. Source: CVE-2024-27991
  4. CVE-2024-27988: A Cross-site Scripting vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS. The specific affected versions are not mentioned. Source: CVE-2024-27988
  5. CVE-2024-29019: ESPHome's API endpoints in the dashboard component are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to perform operations on configuration files. This vulnerability affects version 2023.12.9. Source: CVE-2024-29019

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our coverage of the latest data breaches and cybersecurity updates insightful. Remember, in the digital world, staying informed is the first step towards staying secure. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's spread the knowledge and create a safer digital environment for everyone. Stay safe and see you tomorrow with more updates from the world of cybersecurity. Until then, keep those firewalls up! [Share Secret CISO](http://www.secretciso.com)

Read more

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Secret CISO 4/3: Canvas LMC and Highline Public Schools Data Breaches, Zoll and Lockton Companies Class Action, Hamilton County Government's Response, GitHub's Security Expansion, Kaspersky Patches Chrome Flaw

Welcome to today's edition of Secret CISO, where we delve into the latest happenings in the world of cybersecurity. Today, we're unpacking a series of data breaches that have sent shockwaves across various sectors. First up, we're looking at a data breach involving a

By Secret CISO
Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO