Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we're diving into a flurry of data breaches and security gaps that are shaking up the tech world. Snowflake, the cloud data company, is under scrutiny as another customer confirms a data breach, while Ticketmaster is dealing with a data leak affecting Canadian customers. Change Healthcare is facing lawsuits consolidated in Minnesota over allegations of inadequate data-security measures. Meanwhile, organizations are being urged to prioritize endpoint data security to manage the growing risks posed by remote work and sophisticated cyber threats. Cryptocurrency data aggregator, CoinGecko, confirms a data breach through its third-party email platform, GetResponse.

In legal news, Guardian Analytics and Webster Bank have reached a $1.4M settlement over a data breach that left individuals vulnerable to identity theft and other forms of fraud. In the realm of data security legislation, Texas is setting new rules for businesses and expanding privacy protections. On the research front, we're looking at a new PHP vulnerability exposing Windows servers to remote code execution, and experts are calling for a security audit of government sites and apps. Lastly, we're keeping an eye on several recent accusations leveled at OpenAI and Sam Altman, and a French researcher pleading guilty in Moscow for failing to register as a foreign agent. Stay tuned for more details on these stories and more in today's issue of Secret CISO. Stay safe out there!

Data Breaches

1. Snowflake Customer Data Breach: Another Snowflake customer has confirmed a data breach, but the cloud data company maintains its position remains unchanged. Source: TechCrunch
2. Ticketmaster Data Leak: Canadian users' data is likely among the leaked information in a recent Ticketmaster hack. Source: YouTube
3. Change Healthcare Data Breach: Allegations suggest that Change Healthcare failed to implement adequate data-security measures, leading to a data breach. Source: Bloomberg Law News
4. CoinGecko Data Breach: CoinGecko experienced a data breach through GetResponse, affecting personal user data. However, no passwords were compromised. Source: Crypto Briefing
5. BBC Employee Data Breach: A data breach at the BBC has impacted 25,000 pension scheme members, current and former workers, involving unauthorized access to an online data storage service. Source: CPO Magazine

Security Research

1. New PHP Vulnerability Exposes Windows Servers to Remote Code Execution: A new PHP vulnerability that exposes Windows servers to remote code execution has been discovered by DEVCORE security researchers. The bug is simple to exploit and poses a significant threat to server security. Source: The Hacker News
2. Evergrande audit critic GMT says China research trips now too risky: GMT, an audit critic of Evergrande, has deemed research trips to China too risky due to the national security law imposed on Hong Kong in mid-2020. This highlights the increasing geopolitical risks in conducting international security research. Source: Nikkei Asia
3. Microsoft Makes Controversial Recall Feature Opt-In: Microsoft has made its controversial Recall feature opt-in following criticism from security researchers and privacy experts. The feature, which was deemed a potential security risk, has been modified to address these concerns. Source: MSN
4. Experts call for security audit of government sites and apps: Security experts are calling for a comprehensive audit of government sites and apps following a series of breaches. The call to action emphasizes the need for transparency and accountability in how these systems are secured. Source: Times of India
5. OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias: Research from OpenAI and Anthropic has revealed more about how large language models (LLMs) affect security and bias. The findings could help tune generative AI to avoid safety-relevant features. Source: TechRepublic

Top CVEs

1. GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2024-0444): This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the parsing of tile list data within AV1-encoded video files, resulting from the lack of proper validation of user-supplied data length. An attacker can exploit this vulnerability to execute code in the current process context. Source: CVE-2024-0444
2. itsourcecode Bakery Online Ordering System Vulnerability (CVE-2024-5745): A critical vulnerability was found in itsourcecode Bakery Online Ordering System 1.0, affecting an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload, allowing remote attacks. The exploit has been publicly disclosed. Source: CVE-2024-5745
3. SkyScrape API Security Vulnerability (CVE-2024-37163): SkyScrape, a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs, has unsecured HTTP requests in its API, leading to potential vulnerabilities for the user's temporary credentials and data. Source: CVE-2024-37163
4. Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 Authentication Bypass (CVE-2024-36787): An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified methods. Source: CVE-2024-36787
5. Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 Password Security Issue (CVE-2024-36789): An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Source: CVE-2024-36789

API Security

1. Exploit for Path Traversal in Wso2 Api Manager (CVE-2022-29464): A pre-authentication arbitrary file upload vulnerability in WSO2 API Manager has been discovered by Orange Tsai. This allows an attacker to execute code by uploading a malicious JSP file. Affected versions include WSO2 API Manager 2.2.0 - 4.0.0, WSO2 Identity Server 5.2.0 - 5.11.0, and others. Source: vulners.com
2. Symlink bypasses filesystem sandbox: A vulnerability has been found where if the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access the host filesystem if the caller sets both oflags::creat and rights::fd_write. This can also crash the runtime by creating a symlink pointing outside with path_symlink and path_opening the link. Source: vulners.com
3. SkyScrape API Vulnerability (CVE-2024-37163): SkyScrape, a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs, has an API vulnerability. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded that the world of data security is a constantly evolving landscape. From Snowflake's stance on data breaches to the latest vulnerabilities in popular software, it's clear that staying informed is our first line of defense. Remember, knowledge is power. Sharing this newsletter with your colleagues and friends not only helps them stay updated on the latest in cybersecurity but also contributes to a safer digital environment for us all.

So, why not take a moment to forward this newsletter to someone who could benefit from it? After all, in the world of cybersecurity, we're all in this together. Stay safe, stay informed, and we'll see you in the next edition of Secret CISO.