Good Morning, Welcome to today's issue of Secret CISO. We're diving into the world of data breaches and the legal battles that follow. The T-Mobile data breach settlement is under scrutiny as lawyers challenge the $78 million fee award. Meanwhile, the Oakwood data breach class-action lawsuit has been settled, ending a legal fight. In other news, Liberty Latin America has been fined $100,000 for failing to inform the FCC about a data breach. As companies grapple with these security issues, CIOs are looking for ways to safely unleash generative AI on their company's data.

We also discuss the arrest of the man behind the 2021 T-Mobile data breach and the importance of a solid framework for generative AI security. In the stock market, JPMorgan has highlighted a data security stock as a great pick for the second half of the year, thanks to AI tailwinds. We'll also touch on the massive data breach at Cook County Health and the $2.5 million Bay Bridge data breach class action settlement. Stay tuned for more updates on data breaches, AI security, and the latest research in the field.

Data Breaches

1. T-Mobile Data Breach Settlement Challenged: Lawyers are contesting a US$ 78 million fee award in a T-Mobile data breach settlement. The settlement was approved by a Kansas City, Missouri judge last year. Source: The Lawyer Mag
2. Oakwood Data Breach Lawsuit Settled: A class-action lawsuit related to a data breach at Oakwood has been settled. The details of the settlement have not been disclosed. Source: WAFF
3. Liberty Latin America Fined for Data Breach: Liberty Latin America has been fined $100,000 by the Federal Communications Commission for failing to report a data breach. Source: Law360
4. Bay Bridge Data Breach Settlement: Consumers affected by a 2022 cyberattack on Bay Bridge can benefit from a $2.5 million data breach settlement. Source: Top Class Actions
5. Keytronic Data Breach: PCBA manufacturing giant Keytronic has confirmed a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data. Source: Bleeping Computer

Security Research

1. Energy Lab Officials Highlight Importance of AI Security: Edmon Begoli, director of the Center for AI Security Research (CAISER), emphasizes the importance of AI security in the energy sector. The lab is focusing on developing AI systems that can detect and respond to cyber threats. Source: GovCIO Media & Research
2. CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919: The vendor proactively disclosed a vulnerability in the CheckPoint Security Gateway. The vulnerability, CVE-2024-24919, is being addressed and users are advised to update their systems. Source: Security Boulevard
3. TellYouThePass ransomware widely targets vulnerable PHP instances: Security researchers have discovered a new ransomware, TellYouThePass, which is targeting vulnerable PHP instances. The threat actors are mass scanning the internet rather than targeting specific organizations. Source: Cybersecurity Dive
4. Research Highlights Groundwater Depletion Vs. Food Security Tradeoffs: A study by the International Food Policy Research Institute (IFPRI) highlights the trade-offs between groundwater depletion and food security. The research reaffirms the world's need for sustainable water management practices. Source: Mirage News
5. Security Researchers Expose Critical Flaw in Ivanti Software: A major vulnerability in Ivanti's widely-used endpoint management system has been discovered by security researchers. The flaw could allow hackers to gain unauthorized access to systems. Source: GovInfoSecurity

Top CVEs

1. Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site: A missing authorization vulnerability has been detected in Brainstorm Force ProjectHuddle Client Site. The issue affects versions from n/a through... and could lead to unauthorized access. Source: CVE-2023-51376.
2. Permission escalation vulnerability in snipe-it: Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call. The issue affects snipe-it versions from v4.6.17 through... and could lead to unauthorized privilege escalation. Source: CVE-2024-5685.
3. SQL Injection vulnerability in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0: A critical vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. The vulnerability, found in an unknown function of the file /api/v2/maps, allows for SQL injection via manipulation of the argument orderColumn. The exploit has been disclosed to the public. Source: CVE-2024-6003.
4. Open redirect issue in Kibana: An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana. This could potentially lead to phishing attacks or other security breaches. Source: CVE-2024-23442.
5. Firmware upload vulnerability in ASUS routers: Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the router, potentially gaining unauthorized access or control. Source: CVE-2024-3912.

API Security

1. Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0 Vulnerability (CVE-2024-6003): A critical vulnerability has been discovered in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. The vulnerability lies in an unknown function of the file /api/v2/maps, where the manipulation of the argument orderColumn can lead to SQL injection. The exploit is publicly available and can be launched remotely. The vendor has been contacted but has not responded yet. Source: vulners.com
2. Snipe-IT v4.6.17 API Vulnerability (CVE-2024-5685): Users with "User:edit" and "Self:api" permissions in Snipe-IT versions from v4.6.17 can promote or demote themselves or other users by performing changes to the group's memberships via API call. This vulnerability can potentially lead to unauthorized access and misuse of the system. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the legal battles over data breach settlements to the ongoing challenges of securing AI systems. Remember, the world of cybersecurity is ever-evolving, and staying informed is your first line of defense.

If you found this newsletter helpful, why not share it with your colleagues and friends?

Let's spread the knowledge and foster a culture of security awareness. After all, in the digital world, we're all in this together. Stay safe, stay informed, and see you in the next edition of Secret CISO.