Good morning, Secret CISO readers! Today's newsletter is packed with the latest cybersecurity news you need to know. We'll start with Pure Storage's confirmation of a Snowflake data breach, which, fortunately, has not impacted its customers. In legal news, lawyers are battling over a $78 million fee bid in a T-Mobile data breach settlement, while Federman & Sherwood are investigating Parksite, Inc. for a data breach that exposed personal information.

BlackBerry Cylance has also been hit by a data breach, with the stolen data appearing for sale on hacking forums. In retail, a data breach at a company operating Ashley Furniture HomeStores has allegedly exposed bank accounts. In regulatory action, the Nigerian government has imposed a hefty fine on four banks for data breaches.

SouthStar Bank and Adventist Health have both announced data breaches, while Trionfo Solutions has reported a breach affecting BCBS of Texas, Illinois, Montana. In funding news, Cyberhaven has secured $88 million to strengthen its data security platform. Finally, we'll look at a security breach at Jacksonville airport and a surge in data breach litigation in California. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. Data Breach at T-Mobile: A data breach at T-Mobile compromised the personal information of 76 million customers. Lawyers are currently disputing over a $78 million fee bid in the settlement. Source: ET Telecom
2. Data Breach at Parksite, Inc.: Parksite, Inc. is under investigation after a data breach where personal information including names, Social Security numbers, and driver's license details were accessed. Source: Business Wire
3. Data Breach at Ashley Furniture HomeStores: A company operating over a hundred Ashley Furniture HomeStores faces a proposed class action due to negligent cybersecurity, which led to a data breach exposing bank accounts. Source: Bloomberg Law News
4. Data Breach at SouthStar Bank: SouthStar Bank announced a data breach following an email phishing attack. The bank filed a notice of the breach with the Attorney General of Massachusetts. Source: JD Supra
5. Data Breach at Adventist Health: Adventist Health reported a major data breach affecting clients in Tulare County. The medical provider assures that the data was not used for illegal activity. Source: The Sun-Gazette Newspaper

Security Research

1. Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability: Microsoft has released patches for 51 vulnerabilities, including a critical flaw in Microsoft Message Queuing (MSMQ). Once exploited, this vulnerability allows an attacker to execute arbitrary commands. Source: The Hacker News
2. Ransomware Gang TellYouThePass Exploits PHP Vulnerability: The ransomware gang TellYouThePass has been exploiting a PHP vulnerability, as observed by Chinese network security firm Snagfor and Imperva researchers. The gang has been making multiple hacking attempts against Windows PHP. Source: GovInfoSecurity
3. Apple Promises Personalized AI in a Private Cloud: Apple is developing a process called Private Cloud Compute, which promises personalized AI in a private cloud. The company has invited independent security researchers to verify the process. Source: Technology Review
4. GitHub Phishing Campaign Wipes Repos, Extorts Victims: A phishing campaign on GitHub has been wiping repositories and extorting victims, as revealed by Security Researcher Germán Fernández. Users are roped into the scam when their username is mentioned. Source: SC Magazine
5. “Trivially Exploitable” Bug in SolarWinds File Server Needs Prompt Fixing: A bug in SolarWinds file server, disclosed by security researcher Hussein Daher, needs immediate fixing. File transfer servers have been widely exploited in recent years. Source: The Stack

Top CVEs

1. CVE-2023-51682 (Missing Authorization vulnerability in ibericode MC4WP): This issue affects MC4WP versions from n/a through. The vulnerability allows unauthorized access to sensitive information. Source: CVE-2023-51682
2. CVE-2023-47828 (Missing Authorization vulnerability in Mandrill wpMandrill): This issue affects wpMandrill versions from n/a through. The vulnerability could allow unauthorized access to sensitive data. Source: CVE-2023-47828
3. CVE-2023-48280 (Missing Authorization vulnerability in Consensu.IO Consensu.Io): This issue affects Consensu.Io versions from n/a through. The vulnerability could allow unauthorized access to sensitive information. Source: CVE-2023-48280
4. CVE-2023-47845 (Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save): This issue affects Grab & Save versions from n/a through. The vulnerability could allow an attacker to trick a victim into making an unintended action on a web application. Source: CVE-2023-47845
5. CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website): This issue affects Preloader for Website versions from n/a through. The vulnerability could allow unauthorized access to sensitive data. Source: CVE-2023-48273

API Security

1. CVE-2024-5674: The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue. Unauthenticated attackers can list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 2.4.5. Source: CVE-2024-5674
2. CVE-2024-4898: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to missing authorization checks on the REST API calls. Unauthenticated attackers can connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. Source: CVE-2024-4898
3. Keycloak's admin API allows low privilege users to use administrative functions: Users with low privileges are able to utilize administrative API functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. Source: Keycloak's admin API
4. CVE-2024-37301: Document Merge Service, a document template merge service providing an API to manage templates and merge them with given data, is vulnerable to remote code execution via server-side template injection. When executed as root, it can result in full takeover of the affected system. Source: CVE-2024-37301
5. CVE-2024-5812: A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API. Source: CVE-2024-5812

Sponsored by Wallarm API Security Solution

Final Words

That's all for today's edition of Secret CISO. We've covered a lot of ground, from Pure Storage's Snowflake incident to the ongoing legal battle over T-Mobile's data breach settlement. We've also looked at the latest investigations into data breaches at Parksite, Inc., BlackBerry Cylance, and various banks. The security landscape is constantly evolving, and it's our mission to keep you informed and prepared. Remember, knowledge is your best defense against the ever-present threat of cyber attacks.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

They might find it just as enlightening. Stay safe, stay informed, and see you in the next edition of Secret CISO.