Welcome to today's issue of Secret CISO, where we delve into the latest cybersecurity news that matters to you. Today, we're looking at a series of data breaches that have rocked the globe, from food service giant Jollibee, potentially affecting millions of customers, to the theft of 30M user records from Australia's TEG. In the UK, the NHS has suffered a significant data breach, with 400GB of data leaked. Meanwhile, Optus' database was compromised in 2022 due to a simple coding error, highlighting the importance of robust security measures.

We also explore the persistent problem of endpoint security, with MEAD offering a new approach to cover data security gaps. In addition, we discuss the need for cyber resilience, not just security, in the era of dynamic computing. Finally, we examine the latest research on RAT malware attacks on Windows systems, and the potential security threats posed by Chrome Web Store extensions. Stay tuned for more in-depth analysis and expert insights in the world of cybersecurity.

Data Breaches

1. Jollibee Data Breach: Food service giant Jollibee has reportedly suffered a cyberattack and data breach, potentially affecting millions of customers. Experts claim to have discovered a database filled with customer data, and the National Privacy Commission (NPC) has confirmed that personal data of about 11 million customers may have been compromised. Source: TechRadar, Philstarlife
2. TEG User Records Theft: Ticketek Entertainment Group (TEG), an Australia-based live events and ticketing firm, announced that a hacker claims to have stolen 30 million user account records. The company is currently investigating the data breach. Source: SecurityWeek
3. NHS London Data Breach: NHS London has reportedly suffered a data breach with 400GB of data leaked. The National Cyber Security Centre (NSCS) is currently discussing potential responses to the attack. Source: DIGIT
4. Optus Database Compromise: Optus, a telecommunications company, had its database compromised in 2022 due to a simple coding error. The Australian Communications and Media Authority (ACMA) is seeking civil penalties against Optus for its failures. Source: Mobile World Live
5. Change Healthcare Data Breach: Change Healthcare has suffered a data breach, with an unknown amount of data compromised. Customers are advised to check their mail in July for a data breach notice. Source: The Cyber Express

Security Research

1. New RAT Malware SneakyChef & SugarGhost Attack Windows Systems: Security researchers at Comodo Cybersecurity have discovered two new RAT malware, SneakyChef and SugarGhost, targeting Windows systems. These malicious software are capable of stealing sensitive data and taking control of infected systems. Source: GBHackers
2. CryptoWatch: $3M Kraken Exploit Theft: Security researchers exploited a vulnerability in the Kraken cryptocurrency exchange to steal $3 million. The incident highlights the ongoing security challenges facing the cryptocurrency industry. Source: TechTimes
3. Security Researchers Discover RAT Android Malware For Espionage And Ransom: Check Point Research has discovered a new Android RAT malware targeting users globally. The malware is capable of espionage and ransom attacks, posing a significant threat to Android users. Source: HotHardware
4. Chinese telecoms overseas a security threat: academic: A researcher has warned that data transmitted via cables can be intercepted, physically monitored or spied on, making Chinese telecoms overseas a potential security threat. The researcher suggests that data should be kept within premises to mitigate this risk. Source: Taipei Times
5. Research Reveals Alarming Security Threats Posed by Chrome Web Store Extensions: A new study has highlighted the security risks associated with Chrome Web Store extensions. Researchers found that a significant number of extensions pose serious security threats to users. Source: Smartphone Magazine

Top CVEs

1. CVE-2024-6268: A critical vulnerability has been discovered in lahirudanushka School Management System 1.0.0/1.0.1. The vulnerability lies in the login.php file and can lead to SQL injection. The exploit is publicly available and can be launched remotely. Source: CVE-2024-6268
2. CVE-2024-24554: Bludit has been found to use predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens. This allows attackers to authenticate against the Bludit. Source: CVE-2024-24554
3. CVE-2024-6269: A critical vulnerability has been found in Ruijie RG-UAC 1.0. The vulnerability affects the HTTP POST Request Handler and can lead to command injection. The exploit is publicly available and can be launched remotely. Source: CVE-2024-6269
4. CVE-2024-39334: MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. Source: CVE-2024-39334
5. CVE-2024-24551: A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP. Source: CVE-2024-24551

API Security

1. CVE-2024-24554 - Bludit API Token Vulnerability: Bludit's predictable methods and use of the MD5 hashing algorithm for generating sensitive tokens like the API token and user token can be exploited by attackers for authentication. This vulnerability exposes the system to potential unauthorized access. Source: Vulners.
2. CVE-2024-4460 - ZenML DoS Vulnerability: ZenML version 0.56.3 has a denial of service (DoS) vulnerability due to improper handling of line feed characters in component names. This vulnerability can lead to uncontrolled resource consumption, degrading user experience and potentially rendering the ZenML Dashboard unusable. Source: Vulners.
3. CVE-2024-24551 - Bludit Image API Vulnerability: Bludit has a security vulnerability that allows authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP. Source: Vulners.
4. CVE-2024-24550 - Bludit File API Vulnerability: Bludit has a security vulnerability that allows attackers with knowledge of the API token to upload arbitrary files through the File API, leading to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP. Source: Vulners.
5. CVE-2024-4499 - LoLLMS-XTTS CSRF Vulnerability: The XTTS server of parisneo/lollms version 9.6 has a Cross-Site Request Forgery (CSRF) vulnerability due to a lax CORS policy. This vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the Jollibee data breach affecting millions to the persistent endpoint security problem, it's clear that the cyber landscape is ever-evolving and full of challenges. But remember, knowledge is power. By staying informed, we can better prepare and protect ourselves and our organizations.

If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and help create a safer digital world for everyone. Until next time, stay safe and secure!