Welcome to today's issue of Secret CISO, where we delve into the latest happenings in the world of data security. In today's issue, we'll be discussing the bleak picture painted by Verizon's 2024 Data Breach Investigation Report, which highlights the increasing exploitation of vulnerabilities as a major gateway for data breaches. We'll also look into a recent data breach that exposed the details of Australians who visited clubs and RSLs in NSW. In the manufacturing sector, we'll explore why a data-focused approach is crucial despite the dire consequences of a data breach.

We'll also look at the key takeaways from Verizon's report, including the rise in ransomware and extortion attacks. In the healthcare sector, we'll discuss a data breach suit reinstated against a healthcare provider, and the potential impact of a data breach at Kaiser Permanente that may affect 13.4M customers. We'll also delve into the world of cybersecurity research, where Adobe has expanded its bug bounty program to reward researchers for discovering bugs in its AI security. Stay tuned for these stories and more in today's issue of Secret CISO.

Data Breaches

1. Verizon DBIR Highlights Increasing Vulnerability Exploitation: The 2024 Verizon Data Breach Investigation Report has identified an increasing trend in vulnerability exploitation as a primary gateway for data breaches. The report provides a comprehensive analysis of the current data breach landscape. Source: SDxCentral
2. Data Breach Exposes Visitors to Clubs NSW Venues: A data breach has potentially exposed the personal details of Australians who have visited clubs and RSLs in NSW. The extent and impact of the breach are currently under investigation. Source: 9News
3. Data Security and Integrity in Manufacturing: Despite the potential dire consequences of data breaches, many manufacturing companies continue to adopt a data-focused approach. This article explores the importance of data security and integrity in the manufacturing sector. Source: Forbes
4. Data Breaches in April 2024: The OWASP has emphasized that a recent security incident was a data leak, not a breach, and is taking steps to strengthen security and remove exposed information. The article also highlights the PandaBuy breach among others. Source: Security Boulevard
5. Key Takeaways from Verizon's 2024 Data Breach Investigations Report: Verizon's data breach report reveals significant findings, including a surge in breaches driven by the MOVEit zero-day vulnerability and an increase in ransomware and extortion attacks. Source: CSO Online

Security Research

1. Microsoft Azure, Cloudflare lures leveraged to spread Latrodectus malware downloader: Security researcher ProxyLife has discovered that Microsoft Azure and Cloudflare are being exploited to spread the Latrodectus malware downloader. The malware is spread through a fraudulent "Cloudflare security check" that targets are redirected to when they download a PDF document. Source: SC Magazine
2. Security risks must not 'smother' UK research and development: The national security threats that emerge from university research must be dealt with in a way that does not “smother” potentially groundbreaking developments, according to a recent report. The balance between security and innovation is crucial for the future of UK research and development. Source: Research Professional News
3. Adobe Adds Firefly and AI Watermarking to Bug Bounty Program: Adobe has expanded its bug bounty program to include rewards for finding vulnerabilities in Adobe Firefly and Content Credentials. This move is aimed at encouraging security researchers to help improve the security of Adobe's products. Source: TechRepublic
4. Curve Finance Rewards Security Researcher $250,000 for Uncovering Critical Vulnerability: A researcher known as Marco Croc from Kupia Security identified a reentrancy vulnerability in Curve Finance. As a result, Curve Finance rewarded the researcher with $250,000 for uncovering this critical vulnerability. Source: CryptoNews
5. Docker Imageless Repositories Abused to Push Malware: Security researchers have exposed the widespread abuse of Docker Hub as a mechanism to deliver malware and phishing scams. The researchers from JFrog discovered three instances where Docker imageless repositories were used for malicious purposes. Source: SC Magazine UK

Top CVEs

1. CVE-2024-4058 - Heap Corruption in Google Chrome: A type confusion vulnerability in ANGLE in Google Chrome versions prior to 124.0.6367.78 could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Users are advised to update to the latest version. Source: CVE-2024-4058
2. CVE-2024-4368 - Use After Free in Google Chrome: A use-after-free vulnerability in Dawn in Google Chrome versions prior to 124.0.6367.118 could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Users are advised to update to the latest version. Source: CVE-2024-4368
3. CVE-2024-3591 - PHP Object Injection in Geo Controller WordPress Plugin: The Geo Controller WordPress plugin versions before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, potentially allowing unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the site. Users are advised to update to the latest version. Source: CVE-2024-3591
4. CVE-2024-26331 - Authentication Bypass in ReCrystallize Server: ReCrystallize Server 5.10.0.0 uses an authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser, and bypass the authentication mechanism. Source: CVE-2024-26331
5. CVE-2023-38002 - Session Hijacking in IBM Storage Scale: IBM Storage Scale versions 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. Users are advised to update to the latest version. Source: CVE-2023-38002

API Security

1. Uptime Kuma vulnerable to authenticated remote code execution: Uptime Kuma, a monitoring tool, is vulnerable to remote code execution by an authenticated attacker through the installation of a maliciously crafted plugin. The vulnerability exists because the corresponding API endpoints are still available after login, even though the feature is currently disabled in the web interface. Source: GHSA-7GRX-F945-MJ96
2. Uptime Kuma's authenticated path traversal: Uptime Kuma has a path traversal vulnerability via the plugin repository name that can lead to unavailability or data loss. An authenticated attacker can delete files on the server, potentially causing Uptime Kuma or the entire system to become unavailable. Source: GHSA-VR8X-74PM-6VJ7
3. LibreSpeed speedtest's stored Cross-site scripting in the JSON API: LibreSpeed speedtest, an open-source, self-hosted speed test for HTML5, has a stored Cross-site scripting vulnerability in the JSON API due to missing neutralization of the ISP information in a speedtest result. This vulnerability affects instances running version 5.2.5 or higher with telemetry enabled. Source: CVE-2024-32890

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the ever-evolving landscape of data breaches and the importance of robust data security measures. From the alarming findings of Verizon's Data Breach Investigation Report to the exposure of visitor data at Clubs NSW venues, it's clear that data breaches are a persistent threat across industries.

In the manufacturing sector, data security is being hailed as the 'secret sauce' for success, even as concerns over data breaches continue to loom large. Meanwhile, the healthcare sector is grappling with its own set of challenges, with a data breach lawsuit being reinstated against a healthcare provider. On the tech front, we're seeing companies like Adobe expanding their bug bounty programs to incentivize security researchers for discovering bugs. This highlights the critical role that these researchers play in strengthening security frameworks. In the end, it all boils down to one thing - staying one step ahead of potential threats. And that's exactly what we aim to help you do with our daily newsletter.

If you found today's edition insightful, do share it with your friends and colleagues. Remember, when it comes to cybersecurity, knowledge is your best defense. Stay safe and see you tomorrow with more updates.