Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into the world of data breaches, litigation, and the growing risk for cybersecurity providers. In Maryland, cybersecurity providers are being warned of the increasing risk of exposure to lawsuits for negligence when data breaches occur. Meanwhile, over 20,000 at CUHK have been affected by a data breach on its online learning platform.

In legal news, KeyBank Borrowers' $6M data breach deal has been given initial approval, and PharMerica Corp. is facing a class action over a 2023 data breach affecting more than 5.8 million people. Truist Bank has also confirmed a breach after stolen data surfaced on a hacking forum.

In other news, Snowflake's data breach has sparked urgency for MFA enforcement, and eight arrests have been made in Quebec in connection to the 2019 Desjardins data breach.

We'll also be discussing the importance of reasonable security from federal regulators' rulemaking and enforcement action, and the $6.75 million settlement secured by Attorney General Bonta against Blackbaud over a 2020 data breach. Stay tuned for more on these stories and other cybersecurity news. Stay safe, stay informed with Secret CISO.

Data Breaches

1. Data Breach Affects Over 20,000 at CUHK: The online learning platform of the Chinese University of Hong Kong (CUHK) has been breached, compromising data such as names and emails of over 20,000 students. The school discovered the breach last week. Source: RTHK
2. KeyBank Borrowers' $6M Data Breach Deal Gets Initial OK: A Georgia federal judge has granted preliminary approval to a $6 million settlement deal resolving a class suit over data breaches at KeyBank. The details of the breach and the number of affected customers were not disclosed. Source: Law360
3. Truist Bank Confirms Breach After Stolen Data Shows Up on Hacking Forum: Truist, a leading U.S. commercial bank, confirmed a breach in its systems during an October 2023 cyberattack after a threat actor posted some of the stolen data on a hacking forum. The extent of the breach is still under investigation. Source: BleepingComputer
4. Snowflake Data Breach Sparks MFA Enforcement Urgency: A data breach at Snowflake, a cloud-based data-warehousing company, has impacted 165 clients. The breach has been attributed to a lack of multi-factor authentication (MFA), sparking urgency for MFA enforcement. Source: Channel Insider
5. New York Times Warns Freelancers of GitHub Repo Data Breach: The New York Times has warned its freelancers of a data breach involving an exposed GitHub token used by a threat actor to access the company's repositories and steal data. The extent of the stolen data is still under investigation. Source: Bleeping Computer

Security Research

1. Globe Life – Cyber Security Failures: Globe Life has reported potential vulnerabilities related to consumer access permissions. The company is currently investigating these concerns. Source: Viceroy Research
2. New Wi-Fi Takeover Attack: Security experts have warned Windows users to update their systems immediately due to a new Wi-Fi takeover attack. This is considered an immediate patch priority. Source: Forbes
3. Flawed Draft UN Cybercrime Convention: The draft UN Cybercrime Convention has been criticized for potentially criminalizing essential activities in security research. If not amended, states are being urged to reject it. Source: EFF
4. Cyberinsurance claims increase, Remcos RAT phishing: South Korean researchers have reported an increase in cyberinsurance claims and a new phishing technique using Remcos RAT. Source: CISO Series
5. ZKTeco Biometric System Vulnerabilities: Security researcher Georgy Kiguradze has discovered 24 critical security flaws in the ZKTeco Biometric System. The impact of these vulnerabilities is alarmingly diverse. Source: The Hacker News

Top CVEs

1. NVIDIA GPU Display Driver Vulnerability (CVE-2024-0089): NVIDIA's GPU Display Driver for Windows has a vulnerability that could potentially disclose information from a previous client or another process. Successful exploitation could lead to code execution, information disclosure, or data corruption. Source: CVE-2024-0089
2. Pixel GPU SLC Vulnerability (CVE-2024-32929): A possible EoP due to a use after free has been identified in gpu_slc_get_region of pixel_gpu_slc.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. Source: CVE-2024-32929
3. Wl_cfg80211.c Vulnerability (CVE-2024-32913): In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. Source: CVE-2024-32913
4. WooCommerce Ship to Multiple Addresses Vulnerability (CVE-2023-51497): A missing authorization vulnerability has been identified in WooCommerce Ship to Multiple Addresses. The affected versions are from n/a through. Source: CVE-2023-51497
5. WooCommerce Easy Duplicate Product Vulnerability (CVE-2023-51523): A missing authorization vulnerability has been identified in WriterSystem WooCommerce Easy Duplicate Product. The affected versions are from n/a through. Source: CVE-2023-51523

API Security

1. CVE-2024-5685: Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. This issue affects snipe-it: from v4.6.17 through. Source: CVE-2024-5685
2. Exploit for CVE-2024-4898: CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation. Source: CVE-2024-4898
3. CVE-2024-5469: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC. Source: CVE-2024-5469
4. CVE-2024-27169: Toshiba printers provide API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. Source: CVE-2024-27169
5. CVE-2024-27168: Some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. Source: CVE-2024-27168

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the growing risk of lawsuits for cybersecurity providers to the latest data breaches affecting schools, banks, and tech companies. It's clear that the cybersecurity landscape is constantly evolving, and staying informed is the first step in staying secure. Remember, cybersecurity isn't just about protecting your own data - it's about safeguarding the information of your clients, your employees, and your business partners.

So, share this newsletter with your colleagues and friends to help them stay informed too. Stay safe, stay informed, and see you in the next edition of Secret CISO.