Secret CISO 5/8: Massive Data Breaches at AT&T, UK Defense, El Salvador, MedStar; Google, Meta, Spotify Accused of Flouting Apple's Rules; Critical Flaw in LiteSpeed Cache Plugin for WordPress
Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have left companies and individuals vulnerable to fraud and identity theft. AT&T customers are reeling from a massive data breach, with the telecom giant offering only limited fraud protections.
Meanwhile, the UK Ministry of Defense has disclosed a third-party data breach, exposing military personnel data. In El Salvador, a data breach has exposed selfies and ID numbers for 80% of the country's population. MedStar Health and DocGo have also revealed data breaches, with threat actors accessing and acquiring data, including protected health information.
The European Parliament has unearthed a data breach during election prep, and the Kennedy Collective has reported a data breach of patients and employees. In other news, Google, Meta, and Spotify are accused of flouting Apple's device fingerprinting rules, and hackers are exploiting a LiteSpeed Cache Bug to gain full control of WordPress sites.
Stay tuned for more updates and remember, knowledge is the first line of defense. Stay safe, stay informed with Secret CISO.
Data Breaches
- AT&T Data Breach: AT&T customers have been affected by a significant data breach, with the company offering only a one-year Experian credit monitoring membership as compensation. This has led to lawsuits against the company. Source: About Lawsuits
- Defence Personnel Data Breach: A security review is underway following a data breach involving a contractor-operated system for the UK's defence personnel. The extent of the breach and the steps to be taken are yet to be determined. Source: Hansard - UK Parliament
- El Salvador Data Breach: A cybercriminal has attempted to sell breached personal information, including selfies and ID numbers, of 80% of El Salvador's population. The extent of the data dump is still under investigation. Source: Biometric Update
- MedStar Health and DocGo Data Breaches: Following an investigation, it has been determined that a threat actor accessed and acquired data, including protected health information, from MedStar Health and DocGo. The extent of the breaches is still being determined. Source: Infosecurity Magazine
- European Parliament Election Prep Data Breach: A breach occurred in an external recruitment application used by the European Parliament earlier this year. The cybersecurity issue was discovered during election preparations. Source: Euronews
Security Research
- Top security guard firm exposed over a million files online: Cybersecurity researcher Jeremiah Fowler discovered an online database containing over 1.2 million documents from a top security guard firm, exposing sensitive data. The firm has yet to comment on the breach. Source: TechRadar
- Google, Meta, Spotify accused of flouting Apple's device fingerprinting rules: Security researchers have accused Google, Meta, and Spotify of collecting data from iOS devices, violating Apple's policy on device fingerprinting. The companies have yet to respond to the allegations. Source: CSO Online
- Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites: A critical flaw in the LiteSpeed Cache plugin for WordPress is being exploited by hackers to create rogue admin accounts. WordPress users are advised to update their plugins to the latest version to avoid falling victim to the exploit. Source: The Hacker News
- Orange Cyberdefense reveals new vulnerabilities in credit card machines, electronic access: Orange Cyberdefense has revealed new vulnerabilities in credit card machines and electronic access control devices. The vulnerabilities were discovered by the company's SensePost team. Source: ITWeb
- Aqua Security Reveals Crucial Insights On Kinsing Malware: Aqua Security has released research on Kinsing malware, providing crucial insights into its operation. The company has also integrated with Orca Security for better cloud protection and launched new protection measures. Source: Forbes
Top CVEs
- CVE-2023-27321 - OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability: This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. By sending a large number of requests, an attacker can consume all available resources on the server. Source: CVE-2023-27321
- CVE-2024-0042 - TBD Crypto Confusion: In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. Source: CVE-2024-0042
- CVE-2024-23706 - Health Data Permissions Bypass: In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. Source: CVE-2024-23706
- CVE-2021-34981 - Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability: This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. The specific flaw exists within the CMTP module. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Source: CVE-2021-34981
- CVE-2024-23713 - NotificationManagerService.java Failure to Persist Notifications Settings: In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. Source: CVE-2024-23713
API Security
- Unverified Password Change in UniFi Connect Products (CVE-2024-29208): A vulnerability has been discovered in several UniFi Connect products that could allow a malicious actor with API access to change the system password without knowing the previous one. Users are advised to update their UniFi Connect applications and devices to the latest versions to mitigate this risk. Source: CVE-2024-29208
- Improper Access Control in UniFi Connect Products (CVE-2024-29206): An Improper Access Control vulnerability has been found in various UniFi Connect products. This could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Updating UniFi Connect applications and devices to the latest versions can mitigate this risk. Source: CVE-2024-29206
- Incorrect Authorization in Apache Superset (Apache Superset Incorrect Authorization vulnerability): An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request in Apache Superset versions before 4.0.0. Users are recommended to upgrade to version 4.0.0 to fix this issue. Source: GHSA-299Q-3P96-5898
- Unauthorized Access in Apache Superset (CVE-2024-28148): A similar vulnerability to the one above has been found in Apache Superset versions before 3.1.2. An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Users are recommended to upgrade to version 3.1.2 or above to fix this issue. Source: CVE-2024-28148
- Unauthorized Access in ClickCease Click Fraud Protection Plugin (CVE-2023-6810): The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API. Source: CVE-2023-6810
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. As we've seen, data breaches continue to be a significant concern across various sectors, from healthcare to defense. It's a stark reminder of the importance of robust security measures and the need for constant vigilance. Remember, security is not a one-time event but a continuous process. Stay informed, stay vigilant, and most importantly, stay secure.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends to help them stay informed about the latest in cybersecurity. Until next time, keep your data safe and your systems secure.