Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. In today's headlines, TeamViewer, a leading software provider, has detected a data breach in its corporate IT environment. The breach is believed to be the work of APT29, a notorious hacking group. Meanwhile, the Cybercrime Investigation and Coordinating Center is working with GCash to investigate an alleged data breach at the fintech firm. In other news, the popular data breach monitoring site, Have I Been Pwned, has revealed that more than 17 million people were impacted by a data breach at Ticketek.

On the corporate front, security professionals are calling for extra security measures following a data leak at food giant, Jollibee Foods Corp. The breach has potentially exposed the personal information of millions of customers. In the cloud sector, a recent Thales report has highlighted that cloud security is now a top priority for companies worldwide. Finally, in the wake of these breaches, experts are emphasizing the importance of empowering vulnerable workplaces with phishing-resistant multi-factor authentication (MFA) to enhance email security. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. TeamViewer Detects Data Breach: TeamViewer's internal corporate IT environment experienced a security breach on June 26, 2024. The company's security team detected the irregularity and is currently investigating the incident. No customer data has been impacted. Source: Cyber Daily and The Hacker News.
2. GCash Alleged Data Breach: The Cybercrime Investigation and Coordinating Center is collaborating with GCash to investigate an alleged data breach at the fintech company. Details of the breach are yet to be disclosed. Source: ABS-CBN News.
3. Ticketek Data Breach: Australian security researcher's data breach monitoring site, Have I Been Pwned, revealed that over 17 million people were impacted by a data breach at Ticketek. The full extent of the breach is currently being investigated. Source: Cyber Daily.
4. Jollibee Foods Corp Data Leak: A reported data breach at Jollibee Foods Corp has potentially exposed the personal information of customers. Security professionals are calling for extra security measures in response to the breach. Source: Future CIO.
5. Evolve Bank & Trust Data Breach: Evolve Bank & Trust confirmed a data breach after it was leaked by the LockBit ransomware group. The group had earlier claimed the data was stolen from the Federal Reserve. Source: Cyber News.

Security Research

1. Flaws in Industrial Gas Analysis Equipment: Researchers have discovered critical security flaws in Emerson gas chromatographs. These vulnerabilities could potentially pose significant risks to industrial operations. Emerson has released urgent firmware updates to address these issues. Source: The Hacker News
2. Ticketek Data Breach: Australian security researcher's data breach monitoring site, Have I Been Pwned, revealed that over 17 million people were impacted by a data breach at Ticketek. The full extent of the breach is still being investigated. Source: Cyber Daily
3. Critical Data Exposures in SCM Systems: Aqua Security's research team, Aqua Nautilus, has found that even deleted or updated code commits within Git-based infrastructure can retain secrets, leading to critical data exposures. Source: IT Brief Asia
4. Rising Tide of Supply Chain Attacks: A study commissioned by Checkmarx has shed light on the increasing number of supply chain attacks. The research involved a survey of 900 CISOs and application security professionals in companies worldwide. Source: Security Info Watch
5. MOVEit Transfer Vulnerability: The ReliaQuest Threat Research Team has reported a new vulnerability in MOVEit Transfer that is being actively exploited by hackers. The team is currently working on understanding the full extent of this security flaw. Source: ReliaQuest

Top CVEs

1. CVE-2024-5535 - OpenSSL API Function Vulnerability: A potential buffer overread in the OpenSSL API function SSL_select_next_proto could lead to unexpected application behavior or a crash. This could result in up to 255 bytes of arbitrary private data from memory being sent to the peer, leading to a loss of confidentiality. This issue only affects applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols. Source: CVE-2024-5535
2. CVE-2024-35260 - Microsoft Dataverse Remote Code Execution: Microsoft Dataverse is vulnerable to a remote code execution attack. The details of the vulnerability are not yet disclosed. Source: CVE-2024-35260
3. CVE-2024-24792 - Image Parsing Vulnerability: Parsing a corrupt or malicious image with invalid color indices can cause a range of potential consequences. The details of the vulnerability are not yet disclosed. Source: CVE-2024-24792
4. CVE-2024-34122 - Reserved Security Problem: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. The details of the vulnerability are not yet disclosed. Source: CVE-2024-34122
5. CVE-2024-4395 - Jamf Compliance Editor Vulnerability: The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Source: CVE-2024-4395

API Security

1. CVE-2024-37282: A vulnerability was discovered that allows an API key, originally created with specific privileges, to be used to create new API keys with elevated privileges under certain conditions. This could potentially lead to unauthorized access and misuse of the system. Source: vulners.com
2. CVE-2024-5642: CPython 3.9 and earlier versions have a low severity vulnerability due to a buffer over-read when NPN is used. This is due to the system not disallowing an empty list configuration for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. Source: vulners.com
3. CVE-2024-5980: A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution. Source: vulners.com
4. CVE-2024-5714: In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests. This can lead to unauthorized privilege escalation and inconsistencies on the platform for affected users and organizations. Source: vulners.com
5. CVE-2023-49103: An unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” is present. This vulnerability is of particular concern as file transfer and sharing platforms have come under attack from ransomware groups in the past. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the cyber landscape is constantly evolving, with new threats and vulnerabilities emerging every day. From TeamViewer detecting a data breach to the need for extra security measures amidst data leaks, it's clear that cybersecurity should be a top priority for all organizations. Remember, staying informed is the first step in protecting your data and systems.

So, don't forget to share this newsletter with your friends and colleagues to help them stay ahead of the curve too. In tomorrow's edition, we'll be diving into more cybersecurity news and insights. Until then, stay safe and secure!