Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and cybersecurity. Ticketmaster and AT&T are both in the spotlight for data breaches, with class actions being consolidated in North Texas Court for the latter. Meanwhile, Panorama Eyecare and Family Health Center are under investigation for recent breaches that have potentially exposed the personal information of hundreds of thousands of consumers. In other news, Snowflake, a cloud storage company, is facing scrutiny after reports of data breaches affecting some of its major clients, including Santander Bank and Ticketmaster. This highlights the importance of multi-factor authentication (MFA) in preventing such incidents.

On the legal front, Federman & Sherwood are investigating Medjet and Medjet Assist for data breaches, while Amsterdam Schools are probing a data breach that occurred in February. In the realm of cybersecurity, we delve into why strong password security is the best prevention against account takeover. We also discuss the reality of board member liability in cyber attacks and data breaches, underscoring the importance of governance. Lastly, we touch on the latest research in enhancing self-driving vehicle safety with advanced tracking tools and the misconceptions surrounding the ransomware-as-a-service model. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe and secure!

Data Breaches

1. Ticketmaster Scalped by Data Breach: Ticketmaster has suffered a data breach, potentially impacting customers' personal and financial information. The breach's extent is still under investigation. Source: JDSupra
2. AT&T Data Breach Class Actions Consolidated In North Texas Court: AT&T is facing multiple class-action lawsuits following a significant data breach. The cases have been consolidated and will be heard in a North Texas court. Source: Bloomberg Law News
3. Panorama Eyecare Data Breach Affects the Personal Information of Over 377k Consumers: Panorama Eyecare has suffered a data breach impacting over 377,000 consumers. The breach exposed patients' personal information, prompting legal investigations. Source: JDSupra
4. Snowflake Hit With Data Breach: Cloud storage company Snowflake has experienced a data breach affecting major clients, including Santander Bank and Ticketmaster. The breach has led to the exposure of millions of customer passwords online. Source: Benzinga
5. Advance Auto Parts: Alleged Data Breach Exposes Millions After Snowflake Cyberattack: Advance Auto Parts has suffered a data breach following a cyberattack on Snowflake, a cloud storage company. The breach has exposed the data of millions of customers. Source: The Cyber Express

Security Research

1. New Darktrace Managed Service Combines AI and Expert Analysis for Advanced Threat Containment: Darktrace has released a new managed service that combines AI and expert analysis to improve cyber resistance and address security leaders and operations centers' needs. Source: SiliconANGLE
2. Researchers Enhance Self-Driving Vehicle Safety With Advanced Tracking Tools: Engineering researchers at the University of Toronto Institute for Aerospace Studies (UTIAS) are developing two high-tech tools aimed at enhancing the safety of self-driving vehicles. Source: IoT World Today
3. Security Industry Has Ransomware-as-a-Service Model Wrong, Says Expert: Martin Zugec, technical solution director at BitDefender, likened RaaS to the gig economy in a talk at Infosecurity Europe in London, suggesting the industry's understanding of the model is flawed. Source: SC Media
4. Zyxel NAS Devices Hit by Critical Security Threat: Researchers have discovered three critical flaws in Zyxel NAS devices, along with two additional moderately severe ones. Users are urged to patch their devices immediately. Source: TechRadar
5. Prompt Injection Vulnerability in EmailGPT Discovered: The Synopsys Cybersecurity Research Center (CyRC) has discovered a vulnerability in EmailGPT that allows malicious users to inject harmful prompts and potentially take over the system. Source: Security Boulevard

Top CVEs

1. CVE-2024-33655: A vulnerability in the DNS protocol allows remote attackers to cause a denial of service by accumulating DNS queries for seconds, leading to a pulsing burst of responses, also known as the "DNSBomb". This could potentially lead to traffic amplification in some cases. Source: CVE-2024-33655
2. CVE-2024-5141: The Rotating Tweets plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Source: CVE-2024-5141
3. CVE-2024-0912: Under certain circumstances, the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. This does not impact non-web service interfaces C•CURE 9000 or prior. Source: CVE-2024-0912
4. CVE-2024-5684: A faulty implementation of the JWT-library can be exploited by an attacker with access to the private network or local access to the Ethernet-Interface to bypass the password authentication to the web configuration interface. However, the attacker will not have developer or admin rights. Source: CVE-2024-5684
5. CVE-2024-5615: The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure via the 'opengraph_default_description' function. This allows unauthenticated attackers to extract sensitive data, including partial content of password-protected blogs. Source: CVE-2024-5615

API Security

1. Race Condition Vulnerability in zenml-io/zenml: A race condition vulnerability was found in zenml-io/zenml versions up to 0.55.3, allowing for the creation of multiple users with the same username when requests are sent in parallel. This could lead to data inconsistencies and potential authentication problems. The issue was fixed in version 0.55.5. Source: CVE-2024-2032
2. Server-Side Request Forgery in mintplex-labs/anything-llm: A Server-Side Request Forgery (SSRF) vulnerability was discovered in the upload link feature of mintplex-labs/anything-llm. This could potentially allow an attacker to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. Source: CVE-2024-3149
3. Business Logic Error in lunary-ai/lunary: A business logic error in lunary-ai/lunary version 1.2.2 allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. This could enable users to invite and add more members to a team than allowed, effectively circumventing the system's subscription model. Source: CVE-2024-5132
4. Improper Authorization in zenml-io/zenml: An improper authorization vulnerability was found in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including deactivating their accounts. The issue was fixed in version 0.56.2. Source: CVE-2024-2035
5. Blind SQL Injection in berriai/litellm: A blind SQL injection vulnerability was discovered in the berriai/litellm application, specifically within the '/team/update' process. An attacker could exploit this vulnerability by injecting malicious SQL commands, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. Source: CVE-2024-4890

Sponsored by Wallarm API Security Solution

Final Words

That's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the Ticketmaster data breach to the consolidation of AT&T data breach class actions. We've also touched on the importance of strong password security and the ongoing investigations into various data breaches. Remember, in the world of cybersecurity, knowledge is power. So, don't keep this information to yourself.

Share this newsletter with your friends and colleagues to help them stay informed and secure. Stay safe, stay informed, and see you in the next edition of Secret CISO.