Secret CISO 4/2: AT&T, MarineMax, PandaBuy Data Breaches, OWASP Wiki Misconfiguration, Enhancing Security Research, XZ Utils Backdoor
Welcome to today's issue of Secret CISO. We're diving into the deep end of data breaches, starting with the massive AT&T data breach that has compromised the personal information of 73 million customers. From full names to social security numbers, the breach has left a trail of exposed data that cybercriminals are eager to exploit. But AT&T isn't alone. MarineMax, a leading yacht retailer, and PandaBuy, a popular global shopping platform, have also fallen victim to data breaches, with customer and employee data stolen and exposed. We'll also be discussing the steps you should take if you're caught up in these breaches, and how to protect yourself in the future. Plus, we'll be looking at the latest research in cybersecurity, including a backdoor implanted in the XZ Utils in a multiyear supply chain attack, and the potential use of large language model (LLM) tools to spread non-existent software packages. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.
Data Breaches
- AT&T Data Breach: AT&T confirmed a massive data breach affecting 73 million customers. The breach exposed customers' full names, birthdays, social security numbers, physical and email addresses, and AT&T account details. The company is investigating the incident and offering credit monitoring for affected customers. Source: KOAA, FOX 26 Houston, Dark Reading.
- MarineMax Data Breach: MarineMax, one of the world's largest recreational boat and yacht retailers, disclosed a data breach following a cyberattack. The attackers stole employee and customer data, but the extent of the breach is still under investigation. Source: Bleeping Computer.
- PandaBuy Data Breach: Global shopping platform PandaBuy suffered a data breach, exposing the personal information of 1.3 million users. The breach was claimed by malicious threat actors. Source: Cybernews.
- ABC News Data Breach: ABC News reported a significant data breach that put many Americans at risk. The specifics of the breach, including the number of affected individuals and the type of compromised data, are not yet disclosed. Source: YouTube.
- OWASP Data Breach: The OWASP Foundation disclosed a data breach caused by a misconfiguration of its old Wiki web. The breach exposed some members' resumes online, but the full extent of the breach is still under investigation. Source: Bleeping Computer.
Security Research
- "Call to strengthen national security narratives - The Express Tribune": Dr Mukhtar emphasizes the need for improving the quality of research in Pakistan, highlighting the importance of data-driven, meticulously crafted research. Source: The Express Tribune
- "XZ Utils Backdoor Implanted in Multiyear Supply Chain Attack - Dark Reading": A researcher discovered a malware implanted in a multi-year supply chain attack, highlighting the ongoing security threats such as the Log4Shell vulnerability and the attack on SolarWinds. Source: Dark Reading
- "Cybercriminals Weigh Options for Using LLMs: Build It or Break? - Dark Reading": Researchers at AI security firm HiddenLayer noted that cybercriminals are weighing their options on whether to build or break LLMs, indicating a shift in cybercrime tactics. Source: Dark Reading
- "AT&T confirms theft of 73M records, 7.6M current customers affected | SC Media": AT&T confirmed a data leak after TechCrunch reported the findings of security researcher Sam “Chick3nman” Croley, affecting 73M records and 7.6M current customers. Source: SC Media
- "Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor": Security researchers released a script that allows users to scan their systems for a malicious library, following a major supply chain attack impacting Linux distributions. Source: Security Week
Top CVEs
- CVE-2024-1274: The My Calendar WordPress plugin before 3.4.24 has a vulnerability that allows users with a role as low as Subscriber to perform Cross-Site Scripting attacks. It's recommended to update to the latest version to mitigate this risk. Source: vulners.com
- CVE-2023-33111: An information disclosure vulnerability has been identified when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration. The details of the vulnerability are not fully disclosed yet. Source: vulners.com
- CVE-2024-26653: A vulnerability in the Linux kernel has been resolved that involved a double free error in the usb: misc: ljca component. The issue has been fixed by cleaning up the redundant kfree() in all callers and adding kfree() the passed in platform_data on errors which happen before auxiliary_device_init() succeeds. Source: vulners.com
- CVE-2024-20799: Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com
- CVE-2024-28232: The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package. Source: vulners.com
Final Words
And that's a wrap for today's edition of Secret CISO. We've navigated through the choppy waters of data breaches, from AT&T's massive leak to the cyberattack on MarineMax. We've also delved into the dark web, where stolen data often ends up, and explored how to protect yourself in the aftermath of a breach. Remember, knowledge is power. By staying informed, you're already one step ahead in the cybersecurity game. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and create a safer digital world together. Stay safe, stay informed, and see you in the next edition of Secret CISO.