Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world.

The British royal family has fallen victim to a data breach, with the Snatch ransomware gang claiming to have published personal data of 25 members. Meanwhile, AT&T customers are discussing safety measures following a data breach, as data breaches continue to rise, partly due to new types of ransomware attacks. In election security news, Georgia election officials are probing claims of a Bibb County voting machine security breach. Roku has also been hit with another cyberattack, exposing data of 576,000 accounts. Despite the scale of the breach, the company assures that hackers did not manage to access any sensitive data such as credit card information. In other news, Juniper Networks has published dozens of new security advisories, patching vulnerabilities in Junos OS and Junos OS Evolved. Cisco Duo warns that a data breach involving one of its telephony suppliers exposed MFA messages sent via SMS and VOIP to its customers. In legal news, Tandym Group and Hapy Bear Surgery Center are under investigation for data breach lawsuits. American Express is also facing class actions over data sharing, swipe fees, and fraudulent transactions. Stay tuned for more updates and remember, knowledge is the key to cybersecurity. Stay safe, stay informed.

Data Breaches

1. UK Royals Data Breach: The Snatch ransomware gang has allegedly published personal data belonging to 25 members of the British royal family. The extent of the breach and the potential ramifications are currently unknown. Source: Cyber Daily
2. AT&T Data Breach: AT&T customers are expressing concern over a data breach that has potentially exposed their personal information. The breach is part of a larger trend, with data breaches increasing by 20% from 2022 to 2023. Source: Yahoo
3. Georgia Election Security Breach: The Georgia Secretary of State's office is investigating a security analyst tied to a 2020 Coffee County voting system. The details of the breach and its potential impact on election security are currently under investigation. Source: Georgia Recorder
4. Roku Cyberattack: Roku has suffered another cyberattack, this time exposing the data of 576,000 accounts. This follows a previous breach that impacted over 15,000 accounts. Despite the scale of the breach, Roku assures users that no sensitive data, such as full credit card information, was accessed. Source: WEWS
5. Cisco Duo Data Breach: Cisco Duo has warned that a data breach involving one of its telephony suppliers has exposed MFA messages sent via SMS and VOIP to its customers. The extent of the breach and the potential impact on customer security is currently unknown. Source: Security Affairs

Security Research

1. 'Disable iMessages' ASAP to avoid crypto zero-day exploit: Trust Wallet: Security researchers at Kaspersky have warned about a zero-day exploit in Apple's iMessage application, which has been used as an attack vector by hackers in the past. Users are advised to disable iMessages as soon as possible to avoid potential security risks. Source: Cointelegraph
2. UConn to launch new cybersecurity center with federal funding: The University of Connecticut is set to launch a new cybersecurity center, funded by federal grants. The center aims to address gaps in energy security research and provide cybersecurity education programs, particularly for the renewable energy sector. Source: fox61.com
3. Sisense Breach Highlights Rise in Major Supply Chain Attacks: Security researchers discovered a breach at business intelligence company Sisense on April 10. The incident underscores the increasing trend of major supply chain attacks, posing significant risks to businesses and their customers. Source: BankInfoSecurity
4. Researchers stop 'credible takeover attempt' similar to XZ Utils backdoor incident: Security researchers have successfully thwarted a "credible" takeover attempt reminiscent of the recent XZ Utils backdoor incident. This highlights the ongoing threat of sophisticated cyber attacks and the importance of robust security measures. Source: The Record
5. PoC Released For Critical Zero-Click Windows Vulnerability: Cybersecurity researchers at Akamai have unveiled a proof of concept for a critical zero-click remote code execution vulnerability in Windows. Unlike previous two-vulnerability RCE chains, this flaw enables zero-click RCE exploitation, posing a significant threat to Windows users. Source: Cyber Security News

Top CVEs

1. CVE-2024-1846 - Responsive Tabs WordPress Plugin Vulnerability: The Responsive Tabs WordPress plugin before 4.0.7 has a vulnerability that could allow users with the contributor role and above to perform Stored Cross-Site Scripting due to lack of validation and escape of some shortcode attributes. Source: CVE-2024-1846
2. CVE-2024-1310 - WooCommerce WordPress Plugin Vulnerability: The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. Source: CVE-2024-1310
3. CVE-2024-2836 - Social Share, Social Login and Social Comments Plugin Vulnerability: The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks. Source: CVE-2024-2836
4. CVE-2024-2857 - Simple Buttons Creator WordPress Plugin Vulnerability: The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Source: CVE-2024-2857
5. CVE-2024-1755 - NPS Computy WordPress Plugin Vulnerability: The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF. Source: CVE-2024-1755

Final Words

And that's a wrap for today's edition of Secret CISO. From the Royals to Roku, it's clear that no one is immune to the ever-evolving threats of cybercrime. But remember, knowledge is power. By staying informed, we can all play a part in strengthening our defenses and safeguarding our data. If you found this newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and foster a culture of cybersecurity awareness. After all, in this interconnected digital world, your security is my security, and vice versa. Stay safe, stay informed, and see you in the next edition of Secret CISO.