Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and insights. Today, we delve into the recent data breaches that have sent shockwaves through the tech industry. First up, we examine the Absolute Telecom data breach, where a hacker known as "GHOSTR" allegedly compromised 34GB of data. This incident underscores the growing threat of cyber attacks and the need for robust security measures. Next, we turn our attention to the Middle East, where governments and businesses are tightening cybersecurity measures around the Hajj season. This move comes in response to a significant surge in cybersecurity incidents reported annually during this period.

In other news, Facebook is once again in the spotlight for a fresh user data leak. Cybersecurity researchers claim that the compromised data includes full names, profiles, emails, and phone numbers. This incident highlights the ongoing challenges posed by cyber threats in the digital space. We also discuss the importance of a robust network infrastructure in enhancing patient care. With the healthcare sector marking its 13th consecutive year of data breaches, the need for secure and always-on connectivity has never been more critical.

Finally, we touch on the recent hit and run crash in Kings County, where authorities are working with a nearby casino to review any security footage of the incident. Stay tuned for more updates and remember, in the world of cybersecurity, staying informed is your first line of defense.

Data Breaches

1. Absolute Telecom Data Breach: 34GB Data Compromised: A hacker known as "GHOSTR" is believed to have infiltrated Absolute Telecom, leading to a data breach on May 15, 2024. The extent of the compromised data is yet to be determined. Source: The Cyber Express
2. Facebook User Data Leak: Researchers have discovered a fresh data leak from Facebook (Meta), with compromised data surfacing on a data breach forum. The leaked data includes full names, profiles, emails, and phone numbers. Source: ET Telecom
3. Snowflake Security Controls Breach: Snowflake, the cloud-based data analytics firm, is investigating potential data breaches as hackers target some of its customers' accounts. The company is working to enhance its security controls in response. Source: Claims Journal
4. Ticketmaster Data Breach: Ticketmaster has suffered a massive data breach, with the data of numerous customers compromised. The breach was discussed in episode 333 of the Shared Security Podcast. Source: Security Boulevard
5. Frontier Communications Data Breach: Frontier Communications has suffered a data breach, with over 750,000 individuals' personal information stolen in a recent cyber attack. The compromised data includes customer social security numbers. Source: Security Affairs

Security Research

1. Canadian universities say foreign influence registry could harm research partnerships: Canadian universities are concerned that a foreign influence registry could potentially harm their research partnerships. They have implemented research security policies to mitigate this risk. Source: CBC
2. Microsoft hastily rethinks controversial Copilot+ PC feature ahead of launch: Microsoft is rethinking its controversial Copilot+ PC feature due to security concerns. This comes after security researcher Kevin Beaumont showed video proof of potential vulnerabilities during early testing. Source: Laptop Mag
3. Former Binary and HackerOne Employee Launches Web3 AI-Based Security Platform: A former employee of Binary and HackerOne has launched a Web3 AI-based security platform. The individual has previously held leadership roles at HackerOne, Deriv, and Cobalt.io, managing security researcher teams and leading over 100 penetration tests. Source: VCCircle
4. ESG Research Reveals Attack Surface is Outgrowing Traditional Pentesting Capabilities: A survey led by TechTarget's Enterprise Strategy Group (ESG) reveals that the attack surface is outgrowing traditional penetration testing capabilities. Synack, a premier security testing platform, announced these results. Source: PRNewswire
5. Security researchers falsely reported a vulnerability in Office 2007: Security researchers falsely reported a vulnerability in Office 2007 and then spent days overtime looking for a new one to avoid losing their jobs. This highlights the pressure on researchers to find vulnerabilities and the potential for false reporting. Source: ITC.ua

Top CVEs

1. CVE-2024-5585: PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8 have a vulnerability where the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. This could allow a malicious user to execute arbitrary commands in Windows. Source: vulners.com
2. CVE-2024-4577: PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, may misinterpret certain characters as PHP options, potentially allowing a malicious user to reveal the source code of scripts or run arbitrary PHP code on the server. Source: vulners.com
3. CVE-2024-22298: A Missing Authorization vulnerability has been found in TMS Amelia ameliabooking that could allow unauthorized access. The affected versions are not specified. Source: vulners.com
4. CVE-2024-5458: PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8 have a code logic error that could lead to the acceptance and parsing of invalid URLs as valid in certain types of URLs. Source: vulners.com
5. CVE-2024-32081: A Missing Authorization vulnerability has been found in Websupporter Filter Custom Fields & Taxonomies Light that could allow unauthorized access. The affected versions are not specified. Source: vulners.com

API Security

1. Exploit for CVE-2024-29849 - Veeam Backup Enterprise Manager Authentication Bypass: This vulnerability affects all versions of Veeam Backup Enterprise Manager before 12.1.2.172. The exploit allows unauthorized users to bypass authentication, potentially gaining access to sensitive information. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com
2. Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware: This exploit uses the Shodan API to find potentially vulnerable sites and then performs a proof of concept to confirm which sites are vulnerable. Users are advised to update their firmware to the latest version to mitigate this risk. Source: vulners.com
3. Exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE): This critical vulnerability affects certain versions of PHP when used with Apache and PHP-CGI on Windows. The exploit could potentially allow an attacker to pass options to the PHP binary, leading to the exposure of script source code or the execution of arbitrary PHP code on the server. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com
4. CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE): This vulnerability affects certain versions of PHP when used with Apache and PHP-CGI on Windows. The exploit could potentially allow a malicious user to pass options to the PHP binary, revealing the source code of scripts or running arbitrary PHP code on the server. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the Absolute Telecom data breach to the ongoing cybersecurity challenges faced by Facebook, we've covered a lot of ground. Remember, in the world of cybersecurity, knowledge is power. So, stay informed, stay vigilant, and most importantly, stay secure.

If you found today's newsletter helpful, why not share it with your friends and colleagues?

Let's spread the word about the importance of cybersecurity and help each other stay one step ahead of the hackers. Until next time, keep your data safe and your systems secure.