Secret CISO 4/6: BoAt and Kaspersky Massive Data Breaches, EDPS and ENISA Seminar on Data Breaches Response, Australian Cyber Security Centre Reveals Cybercrime Frequency, Security Startup Raises $30M
Welcome to today's issue of the Secret CISO newsletter, where we bring you the latest and most impactful cybersecurity news. Today, we're diving into a series of significant data breaches, the latest cyber threats targeting Australians, and the rising costs of these security incidents. BoAt, a popular Indian electronics brand, has suffered a massive data breach, losing the data of 7.5 million customers. The threat actor dumped an encrypted file containing access to the personal data of these customers. In another incident, the Russian language fan club forum for cybersecurity giant Kaspersky has experienced a data breach by the RGB hacking group, compromising the data of 157,000 users. On the other side of the globe, the Australian Cyber Security Centre revealed that a cybercrime report is made every six minutes on average, highlighting the increasing frequency of cyber threats. Initial access brokers are the latest cybercriminals targeting Australians. These breaches are costly. A former cyber spy has raised $30 million for a security startup targeting a pressing problem: the average data breach costs the victim company $4.5 million. In response to these threats, the European Data Protection Supervisor (EDPS) and the European Network and Information Security Agency (ENISA) hosted a seminar on "Responding to Data Breaches." We'll also look at a vulnerability in a government cloud service that could have exposed the sensitive personal data of around 250,000 individuals, and AT&T's recent discovery of data linked to 73 million users that was more than four years old. Stay tuned for more updates on cybersecurity culture, data breaches, and the latest research in the field. Stay safe and secure!
Data Breaches
- BoAt Data Breach: BoAt, a popular audio brand, suffered a massive data breach, losing data of 7.5 million customers. The threat actor dumped an encrypted file with access to personally identifiable information (PII) of customers. Source: Forbes India
- Kaspersky Fan Club Forum Breach: The Russian language fan club forum for cybersecurity giant Kaspersky experienced a data breach by the RGB hacking group, leaking data of 57,000 users. Source: Hackread
- AT&T Data Breach: AT&T discovered data linked to 73 million users that was more than 4 years old. The breach highlights the ongoing challenges in data security and protection. Source: Colorado Sun
- Government Cloud Service Vulnerability: A vulnerability in a government cloud service could have potentially exposed sensitive personal data of around 250,000 individuals. The flaw was discovered by security researcher Sourajeet Majumder. Source: Internet Freedom Foundation
- Israel's Justice Ministry Cyber Incident: Hacktivists protesting against the war in Gaza claimed to have breached the ministry's servers and retrieved hundreds of gigabytes of data. The incident is currently under review by Israel's Justice Ministry. Source: Reuters
Security Research
- "Info session: National Science Foundation updates and research security": The National Science Foundation is testing a new approach to research security, aiming to improve it without disrupting peer review. This comes as the university continues to extend its global reach, making research security an essential component of sponsored projects. Source: news.vt.edu
- "Hackers Can Use AI Hallucinations to Spread Malware": A security researcher found that hackers are using AI-hallucinated libraries to spread malware, with chat bots calling for a nonexistent Python package. This highlights the potential for AI to be exploited for malicious purposes. Source: bankinfosecurity.com
- "Sophisticated Latrodectus Malware Linked to 2017 Strain": Security researchers have warned about a new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. This demonstrates the ongoing evolution and sophistication of malware threats. Source: govinfosecurity.com
- "Critical Bugs Put Hugging Face AI Platform in a 'Pickle'": Wiz and other security researchers have found critical bugs in the Hugging Face AI platform, with pickle files being at the core of the research. This underscores the importance of robust security measures in AI platforms. Source: darkreading.com
- "AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks": New research reveals critical security risks for AI-as-a-service providers like Hugging Face, where attackers could gain access to hijack models. This highlights the need for improved security measures in AI services. Source: thehackernews.com
Top CVEs
- CVE-2024-29740: A missing bounds check in tmu_set_table of tmu.c could lead to a local escalation of privilege with no additional execution privileges needed. No user interaction is required for exploitation. Source: CVE-2024-29740.
- CVE-2024-29745: There is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. No user interaction is required for exploitation. Source: CVE-2024-29745.
- CVE-2024-31083: A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. Source: CVE-2024-31083.
- CVE-2024-2444: The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disabled. Source: CVE-2024-2444.
- CVE-2024-29746: In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. No user interaction is required for exploitation. Source: CVE-2024-29746.
Final Words
As we wrap up today's edition of Secret CISO, we're reminded of the ever-evolving landscape of cybersecurity. From massive data breaches affecting millions of customers to the rise of initial access brokers targeting Australians, the need for robust security measures has never been more apparent. We've also seen how the average data breach can cost companies millions, and how even giants like Microsoft are being urged to prioritize security improvements. The stories we've shared today underscore the importance of staying vigilant and proactive in our cybersecurity efforts. Remember, cybersecurity isn't just a concern for big corporations. We're all in this together. So, share this newsletter with your friends and colleagues to help them stay informed and protected. Stay safe, stay informed, and see you in the next edition of Secret CISO.