Secret CISO 5/10: Dell's Massive Data Breach, Firstmac and PSNI Security Incidents, LLMjacking Scheme Uncovered, 'The Mask' Espionage Group Returns
Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news. Today, we're diving into a series of data breaches that have hit major companies like Dell and Firstmac, exposing millions of customer details. We'll also discuss the PSNI data breach that revealed sensitive details to loyalist Jamie Bryson. In other news, the Information Commissioner's Office has published a report examining lessons learned from past data breaches, while victims of the Latitude data breach are left unanswered by OAIC.
We'll also explore the latest research in cybersecurity, including a new scheme targeting cloud-hosted AI models and the resurfacing of 'The Mask' espionage group after a 10-year hiatus. Finally, we'll look at the latest vulnerabilities and how they're being addressed, including the recent Dell data breach impacting millions of customers and the Ascension hospitals in Indiana affected by a national cyberattack. Stay tuned for these stories and more in today's issue of Secret CISO.
Data Breaches
- Firstmac Customer Details Breached: Australian home lender Firstmac reported a data breach that exposed some customer details. The company has taken steps to secure their systems and engaged cybersecurity experts to investigate the incident. Source: 9News
- PSNI Data Breach: Sensitive details were mistakenly included in a national security intelligence report relating to loyalist Jamie Bryson, marking another data breach for the Police Service of Northern Ireland (PSNI). The report was used by the PSNI and Secretary of State. Source: Irish News
- Dell Data Breach: Dell confirmed a data breach that leaked personal user data, including physical addresses. The company assured that the breached data did not include email addresses, telephone numbers, financial or payment information. Source: Business Today
- Latitude Data Breach: More than a year after a data breach that exposed 14 million customers, victims of the Latitude data breach are still left unanswered by the Office of the Australian Information Commissioner (OAIC). A class-action lawsuit against Latitude is pending. Source: Business News Australia
- Ascension Cyber Attack: Ascension, a non-profit health system, confirmed reports of a cyber attack, raising data breach concerns among patients. The extent of the breach and the data involved are still under investigation. Source: JD Supra
Security Research
- 'Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models': Security researcher Alessandro Brucato has discovered a new scheme known as 'LLMjacking', which targets local Claude (v2/v3) LLM models from Anthropic. The specific details of the intrusion are yet to be disclosed. Source: The Hacker News
- 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus': A security researcher at Kaspersky has reported the resurgence of 'The Mask' espionage group after a decade of inactivity. The indicators of their activity date back to 10 years ago, suggesting a long-term operation. Source: Dark Reading
- 'AI, online gaming among the top cyber threats to kids': David Emm, a principal security researcher at Kaspersky, has highlighted AI and online gaming as the top five online threats for children and adolescents. The specifics of these threats are yet to be detailed. Source: FOX5 Vegas
- 'Fraudulent webshops reportedly process $50 million in fake orders': Security Research Labs has identified a criminal group named "BogusBazaar," which operates fraudulent webshops and has reportedly processed $50 million in fake orders. The group's modus operandi is yet to be disclosed. Source: Chain Store Age
- 'Research Aims to Improve Detection and Prevention of Stealthy Cyber-Physical Attacks': The Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has funded a research project with Sandia to improve the detection and prevention of stealthy cyber-physical attacks. The project aims to enhance the security of clean energy infrastructure. Source: energy.gov
Top CVEs
- CVE-2024-4671: This is a reserved CVE entry by an organization or individual, details will be provided once the security issue is publicized. It's crucial to stay updated for the latest information. Source: CVE-2024-4671.
- CVE-2024-34351: Another reserved CVE entry. The details of the security problem will be announced once it's publicized. Keep an eye on updates for this entry. Source: CVE-2024-34351.
- CVE-2024-34350: This CVE entry is currently reserved. The specifics of the security issue will be revealed once it's publicized. Stay tuned for more information. Source: CVE-2024-34350.
- CVE-2024-32655: This is a reserved CVE entry. Details about the security problem will be announced once it's publicized. Keep checking for updates. Source: CVE-2024-32655.
- CVE-2024-3916: A reserved CVE entry. The specifics of the security issue will be revealed once it's publicized. Stay updated for more information. Source: CVE-2024-3916.
API Security
- Genie Path Traversal vulnerability via File Uploads: Genie's API has a path traversal vulnerability via file uploads, potentially leading to remote code execution. The issue arises from the API accepting a user-specified filename for file uploads, which can be manipulated to perform path traversal. The issue has been fixed in Genie OSS v4.3.18. Source: vulners.com
- Next.js Vulnerable to HTTP Request Smuggling: Next.js has a vulnerability due to inconsistent interpretation of crafted HTTP requests, leading to desynchronized responses and response queue poisoning. The vulnerability is exploitable if the affected route uses the rewrites feature in Next.js. The issue has been resolved in Next.js 13.5.1 and newer. Source: vulners.com
- 1Panel arbitrary file write vulnerability: 1Panel has multiple command injections that are not well filtered, leading to arbitrary file writes and potentially to remote code execution. The vulnerability can be exploited by sending a crafted packet to a malicious container. Source: vulners.com
- Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service: Frigate has a vulnerability where a user can intentionally use a large Unicode filename to cause an application-level denial of service. This is due to no limitation set on the length of the filename and the costly use of Unicode normalization. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a range of topics from Firstmac's customer data breach to Dell's massive data exposure affecting 49 million customers. Remember, in the world of cybersecurity, knowledge is power. So, stay informed, stay secure.
If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, stay vigilant and keep those systems secure.