Hello there, Secret CISO readers! Today's newsletter is packed with the latest cybersecurity updates you need to know. We're seeing a surge in data breaches, with Ticketmaster and Santander acknowledging breaches of their Snowflake accounts. Meanwhile, the renowned French fashion brand Zadig & Voltaire has suffered a data breach, exposing 587,000 unique email addresses. In other news, China's covert military drone tie-up with UK's Imperial College London in 2019 has raised eyebrows, while the Asia-Pacific region is witnessing a growing appetite for cybersecurity following over 30,000 security incidents last year. We also delve into the growing threat cyberattacks pose to public entities, with Dominic Paluzzi emphasizing the importance of immediate action when a breach occurs. On the AI front, we discuss the risk of breaches as more data fuels AI and the challenges AI-based attacks pose to traditional security awareness training. We also cover the latest cyberattacks on MARINA's web-based systems and the South Korean watchdog's fine on TAG Heuer for a data breach. Plus, we explore how the absence of multi-factor authentication led to the Medibank hack and the tactics change of notorious cyber gang UNC3944.

Stay tuned for more updates on data breaches at luxury watch brands, London hospitals' cyber vulnerabilities, and the exposure of sensitive patient information in a pharma giant's data breach. Don't miss our expert insights on the relevance of IoT in real estate, the role of genetically modified crops in ensuring food security, and the threat extreme weather poses to democracy. Lastly, we share the latest vulnerabilities and exploits, including undisclosed factory testing backdoors in certain D-Link wireless routers and the Popup Builder WordPress plugin's susceptibility to Stored Cross-Site Scripting. Stay safe and informed, Secret CISO readers!

Data Breaches

1. Ticketmaster Data Breach: Ticketmaster and banking firm Santander have suffered a significant data breach via their Snowflake accounts. The breach was allegedly orchestrated by ShinyHunters, leading to the theft of sensitive customer data. Source: WIRED
2. Prudential Financial Data Breach: Prudential Financial has notified 36,000 individuals of a data breach. The breach occurred at the Data Science Institute at Imperial College London in 2019, potentially compromising personal and financial data. Source: Infosecurity Magazine
3. Zadig & Voltaire Breach: French fashion brand Zadig & Voltaire has suffered a data breach, exposing 587,000 unique email addresses. The breach's impact on customers and the brand's reputation is yet to be determined. Source: Cyber Security News
4. TAG Heuer Data Breach: Luxury watch brand TAG Heuer, owned by LVMH, has been fined KRW 126 million by South Korea's Personal Information Protection Commission (PIPC) for a data breach that compromised customer data. Source: Telecompaper
5. MARINA Data Breach: The Maritime Industry Authority (MARINA) has suffered multiple data breaches of its web-based systems. The breach follows cyberattacks on the Philippine National Police and the Department of Information and Communications Technology. Source: Rappler

Security Research

1. Genetically Modified Crops and Food Security: A leading expert in biotechnology has stated that genetically modified crops could be the key to ensuring food security in Nigeria. The Global Biotechnology Potato Partnership is set to release biotech potatoes by 2026. Source: Vanguardngr
2. Extreme Weather Threatens Democracy: Alice Hill, a former senior director for resilience policy on the National Security Council, warns that extreme weather conditions pose a threat to democracy. The impact of climate change on security is becoming a significant concern. Source: NPR
3. Australian Businesses and Data Breaches: A security expert warns that Australian businesses are at risk of irreversible brand damage due to data breaches. Cybercriminals are continually devising new ways to infiltrate Australia's infrastructure. Source: Tech Times
4. Spotting a Business Email Compromise Scam: Selena Larson, a threat researcher at cybersecurity firm Proofpoint, is working to educate people about email scams. Business email compromise scams are a growing threat to companies. Source: WIRED
5. IoT Relevance in Real Estate: A recent study highlights the potential for IoT to drive security and provide detailed insights into building performance and occupancy rates, making it highly relevant in the real estate profession. Source: Tribune Online

Top CVEs

1. CVE-2024-6045 - D-Link Wireless Routers Backdoor: Certain models of D-Link wireless routers have an undisclosed factory testing backdoor. Attackers can force the device to enable Telnet service by accessing a specific URL and log in using the administrator credentials. Source: vulners.com
2. CVE-2024-3236 - Popup Builder WordPress Plugin XSS: The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting. Source: vulners.com
3. CVE-2024-38396 - iTerm2 Escape Sequence Injection: An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature, allows an attacker to inject arbitrary code into the terminal. Source: vulners.com
4. CVE-2024-38439 - Netatalk Buffer Overflow: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login. Source: vulners.com
5. CVE-2024-5163 - Transsion Carlcare App Permission Settings: Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security. Source: vulners.com

API Security

1. Shenzhen Guoxin Synthesis Image System Unauthorized User Information Retrieval: The Shenzhen Guoxin Synthesis image system, versions prior to 8.3.0, has a vulnerability that allows unauthorized users to retrieve user information via the queryUser function. This vulnerability could potentially lead to unauthorized access and data breaches. Source: CVE-2024-38467.
2. Shenzhen Guoxin Synthesis Image System Unauthorized Password Resets: A security flaw has been identified in the Shenzhen Guoxin Synthesis image system, versions before 8.3.0, that allows unauthorized password resets via the resetPassword function. This vulnerability could be exploited to gain unauthorized access to user accounts. Source: CVE-2024-38468.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the alleged data theft from Ticketmaster to the growing cyber security appetite in Asia-Pacific, we've covered a lot of ground. Remember, staying informed is the first step in protecting your data and systems. If you found this newsletter helpful, why not share it with your friends and colleagues? They might appreciate the heads up on the latest security news and insights. And if you have any feedback or suggestions for our next issue, we'd love to hear from you. Stay safe, stay informed, and keep those cyber defenses strong. Until next time, this is your Secret CISO signing off.