Welcome to today's issue of Secret CISO, your daily source for the latest in cybersecurity news. Today, we're diving into a series of data breaches that have left companies and consumers on edge. Ticketmaster is under scrutiny for a data breach that potentially compromised South African customers' personal information. Meanwhile, luxury retailer Neiman Marcus is notifying consumers of a data breach that exposed over 31 million customer email addresses. In the financial sector, Patelco Credit Union is facing two class action lawsuits following a security breach, and Evolve Bank & Trust has reported a breach impacting 7.6 million customers.

On the legal front, we're looking at state-level data breach notification laws and their implications for security event incidents. In India, Angel One is denying reports of a data leak affecting 8 million users, despite claims from a hacker that they accessed sensitive data. We'll also discuss the reactions of Ticketmaster users to multiple data breaches and the resources available for Arkansans affected by a data breach. In the realm of security research, we'll explore the latest vulnerabilities discovered in popular software and systems, and how companies are responding. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. Ticketmaster Data Breach Uncertainty: Ticketmaster is yet to confirm whether the personal data of South African customers was compromised in a data breach that occurred between April 2 and 23. Customers are frustrated and seeking answers as the company has hinted that multiple breaches may have compromised their data. Source: MyBroadband and CTV News
2. Neiman Marcus Data Breach: Neiman Marcus Group LLC filed a notice of data breach with the Attorney General of Maine on June 24, 2024, after discovering unauthorized access. The breach has exposed more than 31 million customer email addresses. Source: JD Supra and Security Affairs
3. Patelco Security Breach: Dublin-based Patelco Credit Union is facing two class-action lawsuits following a security breach. The breach led to system interruptions and has raised concerns among customers. Source: Danville San Ramon
4. Evolve Bank Data Breach: Evolve Bank & Trust suffered a data breach last month, impacting 7.6 million customers. The breach was carried out by LockBit, who leaked the data after the bank refused to pay the ransom demand. Source: Cyber Daily and TechCrunch
5. Angel One Data Leak: Indian broking firm Angel One faced a massive data leak affecting 8 million users. The hacker claims to have accessed sensitive data, including profit and loss statements of affected customers. Source: Hindustan Times and The Economic Times

Security Research

1. Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited: Microsoft's latest update addresses a whopping 143 vulnerabilities, two of which are currently being exploited. The flaws were discovered and reported by security researcher Haifei Li. Source: The Hacker News
2. Time to see past the blind spots of account takeover: Critical security flaws have been discovered in ChatGPT plugins, potentially exposing sensitive user data. The findings highlight the need for improved security measures in account takeover prevention. Source: SC Magazine
3. New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk: A new vulnerability in OpenSSH has been discovered by security researcher Alexander Peslyak. The bug could potentially allow for remote code execution, posing a significant risk. Source: The Hacker News
4. Research: Only 61% of top manufacturers have adopted DMARC despite rising cyber attacks: New research from email security provider EasyDMARC reveals that only 61% of top manufacturing companies have adopted DMARC, despite a rise in cyber attacks. Source: Security Boulevard
5. Microsoft Discloses 'Gargantuan' Release Of Patch Tuesday Fixes: Researcher: Microsoft has released a massive batch of security fixes, addressing 138 new Common Vulnerabilities and Exposures (CVEs). This release is just shy of the record for Microsoft's monthly security fixes. Source: CRN

Top CVEs

1. CVE-2024-31317: ZygoteProcess.java has a potential code execution vulnerability due to unsafe deserialization, which could lead to local privilege escalation. No user interaction is required. Source: CVE-2024-31317
2. CVE-2024-31310: AutofillManagerServiceImpl.java could potentially hide an enabled Autofill service app in the Autofill service settings due to improper input validation, leading to local privilege escalation. User interaction is required. Source: CVE-2024-31310
3. CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response to any other response using a chosen-prefix collision attack against MD5 Response Authenticator. Source: CVE-2024-3596
4. CVE-2024-31316: AccountManagerService.java has a potential arbitrary background activity launch due to parcel mismatch, leading to local privilege escalation. No user interaction is required. Source: CVE-2024-31316
5. CVE-2023-50805: A vulnerability in Samsung Mobile Processor, Wearable Processor, and Modems allows an out-of-bounds write in the heap in 2G. Source: CVE-2023-50805

API Security

1. Linux Kernel Vulnerability (CVE-2024-39491): A flaw in the Linux kernel's ALSA: hda: cs35l56 driver could lead to the use of an uninitialized cs_dsp instance if the driver is unbound and then re-bound. The issue has been resolved by ensuring the cs_dsp instance is initialized in the driver probe() so it can return an error if it fails. Source: CVE-2024-39491
2. Node.js Permission Model Vulnerability (CVE-2024-22018): A vulnerability in Node.js affects users of the experimental permission model when the --allow-fs-read flag is used. The flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API, allowing malicious actors to retrieve stats from files they do not have explicit read access to. Source: CVE-2024-22018
3. PingFederate REST API Vulnerability (CVE-2024-21832): A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request. Source: CVE-2024-21832
4. Cache Driver GetBlob() Vulnerability: The Cache driver GetBlob() allows read access to any blob without access control check. If dedupe is enabled, an attacker who knows the name of an image and the digest of a blob they do not have read access to, they may maliciously read it via a second repository they do have read access to. Source: GHSA-55R9-5MX9-QQ7R
5. RADIUS Vulnerability Detector (CVE-2024-3596): This script detects the CVE-2024-3596 vulnerability in RADIUS/UDP traffic by checking for MD5 collisions. It captures RADIUS Access-Request packets and attempts to generate MD5 collisions to determine if the system is vulnerable. Source: FC48FBCB-006B-56EC-9F5C-50ADFF912DED

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates helpful and informative. Remember, staying informed is the first step towards ensuring the security of your systems.

Don't forget to share this newsletter with your friends and colleagues to help them stay in the loop too.

Until next time, stay safe and secure!