Secret CISO 6/26: Jollibee and BSNL Breaches Linked, IRS Apologizes for Ken Griffin Data Leak, Pentagon's Background Check Security Questioned, Research Reveals Industries Most Vulnerable to Data Breaches
Welcome to today's issue of Secret CISO, your daily source for the latest in cybersecurity news. Today, we're diving into a series of data breaches that have been making headlines worldwide. First up, we have a potential connection between the Jollibee breach and a string of global data breaches. The risk of identity theft and scams is on the rise, and hackers are reportedly selling the stolen data. Next, we have the second data breach in six months at BSNL, a major telecom company. The breach exposed sensitive telecom info, including international mobile subscriber identity numbers and crucial security keys. The IRS has also been in the news for a tax data leak affecting billionaire Ken Griffin and thousands of other Americans.
The Pentagon is under scrutiny over its background check security, and we'll be looking at the five industries most vulnerable to data breaches in 2024. In Indonesia, a ransomware breach has sparked a privacy crisis, with compromised data being offered for sale. Luxury retailer Neiman Marcus and Signature Performance have also suffered data breaches, affecting thousands of consumers. We'll also be discussing how to protect yourself from data leaks, the issues caused by a data breach at car dealerships in Cincinnati, and the urgent actions consumers need to take in response to rising data breaches. Lastly, we'll be highlighting some of the latest research and job opportunities in cybersecurity, as well as the latest vulnerabilities identified by security researchers. Stay tuned for all this and more in today's issue of Secret CISO.
Data Breaches
- BSNL Data Breach: Bharat Sanchar Nigam Limited (BSNL) has suffered a significant data breach, compromising sensitive information of millions of users. This includes international mobile subscriber identity (IMSI) numbers, SIM card specifics, home location register data, and crucial security keys. This is the second time in six months that BSNL has suffered a data breach. Source: Business Standard, Economic Times
- IRS Tax Data Leak: The IRS has apologized to billionaire founder of Citadel LP, Ken Griffin, and thousands of other Americans for failing to protect their tax data. The breach has raised concerns about the security of sensitive tax data. Source: CPA Practice Advisor, Fox Business
- Pentagon Background Check Security: The Department of Defense's Defense Counterintelligence and Security Agency (DCSA) has been criticized for its handling of background investigations. The issue has raised concerns about the security of sensitive information used in these investigations. Source: SC Magazine
- Neiman Marcus Snowflake Breach: Luxury retailer Neiman Marcus Group has suffered a data breach, with nearly 65,000 shoppers' personal data being stolen by an attacker. The company is currently notifying affected customers. Source: BankInfoSecurity
- Signature Performance Data Breach: Signature Performance, Inc. has disclosed a data breach affecting the personal information of consumers. An investigation into the breach is currently underway. Source: WATE
Security Research
- New Medusa Android Trojan Targets Banking Users Across 7 Countries: Security researchers Simone Mattia and Federico Valentini have identified a sophisticated Android malware, Medusa, also known as TangleBot, that is targeting banking users across seven countries. Source: The Hacker News
- Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping: Security researcher Ryan Pickren has reported a vulnerability in Apple's AirPods Bluetooth that could potentially allow eavesdropping. Apple has since patched the vulnerability, which Pickren described as the "world's first spatial computing hack". Source: The Hacker News
- New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites: Security researcher Ben Martin has discovered a new credit card skimmer that targets WordPress, Magento, and OpenCart sites. The skimmer has been designed to look less suspicious than a long obfuscated script. Source: The Hacker News
- Global Maritime Port Security Industry Research 2024-2030: A new research report highlights the use of smart port technologies for enhanced security and efficiency in the global maritime port security industry. Source: Yahoo Finance
- Thales Research Finds Cloud Resources Have Become Biggest Targets for Cyberattacks: A new research by Thales has found that protecting cloud environments has become the top security priority, surpassing all other security disciplines. Source: Security Info Watch
Top CVEs
- CVE-2024-29953: A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded. Source: CVE-2024-29953
- CVE-2024-29954: A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Source: CVE-2024-29954
- CVE-2024-5806: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass. This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before. Source: CVE-2024-5806
- CVE-2024-32111: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal. This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through. Source: CVE-2024-32111
- CVE-2024-38526: pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc. Source: CVE-2024-38526
API Security
- CVE-2024-38526 - pdoc API Documentation Vulnerability: A security issue was found in pdoc, an API documentation generator for Python projects. The documentation generated with pdoc --math linked to JavaScript files from polyfill.io, which has been sold and now serves malicious code. The issue has been fixed in pdoc. Source: CVE-2024-38526
- CVE-2024-29954 - Brocade Fabric OS Password Management API Vulnerability: A vulnerability was discovered in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e. The flaw allows an authenticated user to view server passwords for protocols such as scp and sftp. Source: CVE-2024-29954
- CVE-2024-34400 - VirtoSoftware Virto Kanban Board Web Part API Vulnerability: An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. The vulnerability is present in the /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2. Source: CVE-2024-34400
- CVE-2024-37843 - Craft CMS GraphQL API SQL Injection Vulnerability: Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API. Source: CVE-2024-37843
- DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document: In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. The fix is included in both 8.0 and 7.6.2. Source: DSpace Cross Site Scripting (XSS)
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. As we've seen, data breaches are on the rise, and no industry is immune. From fast food chains to luxury retailers, and even the IRS, cyber threats are a constant concern. Remember, knowledge is power. By staying informed, we can all play a part in enhancing our collective cybersecurity. So, don't keep this valuable information to yourself.
Share this newsletter with your friends and colleagues to help them stay one step ahead of the hackers. Stay safe, stay informed, and see you in the next edition of Secret CISO.