Welcome to today's issue of Secret CISO. We've got a lot to unpack, so let's dive right in. Ticketmaster is in hot water with a data breach impacting a staggering 560 million customers. The stolen data is reportedly being sold on BreachForums for a hefty $500,000. Meanwhile, the Norfolk and Norwich University Hospital was forced to pay almost £47,000 in compensation following five separate data breaches. In other news, Truliant has reported a customer data breach following a third-party cyber attack. First American has also revealed a data breach impacting 44,000 individuals, highlighting the increasing frequency and severity of such breaches. On the hardware front, Cooler Master has confirmed a data breach on May 19, leading to the theft of customer information. In a massive law enforcement operation against botnets, dubbed Operation Endgame, a data breach has exposed military personnel data.

The BBC has also suffered a data breach impacting current and former employees, while a mother has slammed the UK Passport Office over a 'concerning' data breach. In research news, a WPI researcher has received a $594K NSF grant to study computer security. Finally, we'll be looking at several new vulnerabilities, including a serious alleged breach at Ticketmaster. Stay tuned for more details on these stories and more in today's Secret CISO newsletter.

Data Breaches

1. Ticketmaster Data Breach Impacts 560 Million Customers: Ticketmaster has reportedly suffered a data breach, with the stolen information being sold on BreachForums for $500,000. The company has yet to respond or confirm the breach. Source: Channel Futures
2. Norfolk and Norwich Hospital Data Breach: The Norfolk and Norwich University Hospital was forced to pay almost £47,000 in compensation following five separate data breaches. Source: Eastern Daily Press
3. Truliant Customer Data Breach: Truliant has reported a data breach affecting its customers following a third-party cyber attack. The extent of the breach is currently unknown. Source: YouTube
4. First American Data Breach Impacting 44,000 Individuals: First American has revealed a data breach impacting 44,000 individuals, highlighting the need for more advanced security measures. Source: Infosecurity Magazine
5. Cooler Master Customer Info Stolen in Data Breach: Computer hardware manufacturer Cooler Master has confirmed a data breach on May 19, allowing a threat actor to steal customer information. Source: Bleeping Computer

Security Research

1. European Police Take Down Botnet Servers, Make Arrests: Security researcher Troy Hunt analyzed email addresses and unique passwords provided by law enforcement agencies in a major crackdown on botnet servers. Several arrests were made in the operation, significantly disrupting cybercriminal activities. Source: GovInfoSecurity
2. WPI Researcher Receives $594K NSF Grant to Study Computer Security: A researcher at Worcester Polytechnic Institute (WPI) has been awarded a $594K grant by the National Science Foundation (NSF) to study computer security. The research aims to enhance the security of computer systems and protect them from potential threats. Source: WBJournal
3. RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability: Security researcher Patryk Machowiak first documented the RedTail crypto-mining malware in January 2024. The malware exploits a vulnerability in Palo Alto Networks' firewall, highlighting the need for robust cybersecurity measures. Source: The Hacker News
4. Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities: Cybersecurity researchers have discovered multiple high-severity security vulnerabilities in WordPress plugins. These vulnerabilities are being actively exploited, posing significant risks to websites and their users. Source: The Hacker News
5. AMD Willing to Pay You Up to $30k Via Its New Bug Bounty Program: AMD has launched a new bug bounty program, offering up to $30k for security researchers and ethical hackers who discover vulnerabilities in its systems. The initiative aims to enhance AMD's cybersecurity by leveraging the expertise of the global security research community. Source: Tom's Hardware

Top CVEs

1. Yubico YubiKey Incorrect Access Control: Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control vulnerability. This could potentially allow unauthorized access to sensitive information. Source: CVE-2024-35311
2. NGINX Plus or NGINX OSS HTTP/3 QUIC module vulnerability: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. This could potentially lead to a denial of service attack. Source: CVE-2024-32760
3. Linux Kernel tty: n_gsm vulnerability: In the Linux kernel, a vulnerability has been resolved in tty: n_gsm. This vulnerability could potentially allow an attacker to cause a buffer overflow and potentially lead to arbitrary code execution, denial of service, or data disclosure. Source: CVE-2024-36016
4. Rubygems.org Remote DoS: Rubygems.org, the Ruby community's gem hosting service, has a vulnerability that allows a Gem publisher to cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. Source: CVE-2024-35221
5. Aircompressor Decompressor Implementations: Aircompressor, a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java, has a vulnerability in all decompressor implementations. This vulnerability can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process. Source: CVE-2024-36114

API Security

1. Yumpu ePaper Publishing Plugin Vulnerability (CVE-2024-3277): The Yumpu ePaper publishing plugin for WordPress was vulnerable to unauthorized data modification due to a missing capability check. This allowed authenticated attackers to upload and publish PDF files, as well as modify the API. Source: vulners.com
2. Symfony XML Decoding Attack Vector: The XMLEncoder component of Symfony 2.0.x failed to disable external entities when parsing XML, making it possible to include arbitrary files from the file system. Source: vulners.com
3. Sylius Admin Bundle CSRF Vulnerability: Versions 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 of Sylius AdminBundle and ResourceBundle were affected by a CSRF vulnerability. This issue has been fixed in later versions by adding a required CSRF token to certain actions. Source: vulners.com
4. Nautobot Dynamic Group Members Permission Restrictions: In versions of Nautobot between 1.3.0 and 1.6.22, and 2.0.0 through 2.2.4, Nautobot failed to restrict listings of Dynamic Group members based on the member object permissions. This issue has been fixed in Nautobot 1.6.23 and 2.2.5. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of staying vigilant in the face of ever-evolving cyber threats. From the massive data breach impacting Ticketmaster's 560 million customers to the Norfolk and Norwich hospital's £47k payout following multiple data breaches, it's clear that no organization is immune. We also saw how Truliant's customer data was compromised after a third-party cyber attack, and how Cooler Master confirmed customer info was stolen in a data breach. These incidents underscore the need for robust security measures and the importance of regular system checks. In the world of research, we saw how WPI researchers received a $594K NSF grant to study computer security, highlighting the ongoing efforts to advance our understanding and capabilities in this critical field.

As always, we've also included the latest CVE updates to keep you informed about potential vulnerabilities. Remember, knowledge is power. By staying informed, we can all play a part in enhancing our collective security.

So, don't keep this information to yourself. Share Secret CISO with your friends and colleagues and help spread the word. Stay safe, stay informed, and see you in the next edition!