Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we delve into the intriguing connection between mass layoffs and data breaches, as suggested by researchers at Binghamton University. We also take a closer look at the recent data breach affecting 33.4 million Authy users, a multifactor authentication app by Twilio, currently under investigation. In the UK, councils have reported over 5000 data breaches in 2023, raising concerns about data protection legislation compliance. Meanwhile, in the US, Pennsylvanians are being offered free credit monitoring following a major healthcare data breach at Change Healthcare. In the retail sector, UAE's Lulu Hypermarket has fallen victim to a massive data breach, with hackers claiming to have millions of customer records. On a similar note, Fellowship Village and Nationwide Vision are dealing with the aftermath of their own data breaches. We also explore the potential impact of a massive data breach at the largest health insurer in the U.S., which could affect one-third of Americans. In the entertainment industry, Ticketmaster is under fire for potential data breaches affecting millions of customers. In other news, Google is set to reveal a free Dark Web report, which could shed light on the type of information spilled in data breaches. We also discuss the ongoing investigation into a data breach at New York's Mount Kisco Surgery Center and the growing concern for Alabama teachers as a data breach investigation continues. Finally, we touch on the latest security research, including the discovery of new malware targeting the mining sector, the exploitation of a Microsoft zero-day for over a year, and the introduction of bipartisan legislation to advance Department of Energy AI research for science, security, and technology. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. "Mass layoffs and data breaches connection": Binghamton researchers have found a correlation between mass layoffs and data breaches, suggesting that companies undergoing layoffs may be more susceptible to cyber attacks. The global average cost of a data breach is also highlighted in the report. Source: Binghamton University
2. "Authy data breach": A data breach affecting 33.4 million Authy users, a multifactor authentication app by Twilio, is currently under investigation by Schubert Jonckheer & Kolbe LLP. Source: ThePaypers
3. "UK councils data breaches": Over 5000 data breaches have been reported in UK councils in 2023, with Lancashire County Council highlighted for failing to meet data protection legislation. Source: THINK Digital Partners
4. "Change Healthcare data breach": Following a data breach at Change Healthcare, one of the nation's largest health insurers, Pennsylvania Attorney General Michelle Henry has offered free credit monitoring to affected Pennsylvanians. Source: LevittownNow
5. "Lulu Hypermarket data breach": Lulu Hypermarket, a prominent UAE retail chain, has suffered a massive data breach, with hackers claiming to have accessed millions of customer records. Source: HackRead

Security Research

1. "Veeam flaw becomes malware target a year after patching": A year after patching a flaw in Veeam backup software, it has become a target for malware. Singaporean security researchers at Group-IB have discovered the vulnerability being exploited by the Estate ransomware group. Source: The Register
2. "Manchin, Murkowski Introduce Bipartisan Legislation to Advance Department of Energy AI Research for Science, Security, and Technology": Senators Manchin and Murkowski have introduced a bipartisan bill to advance AI research within the Department of Energy. The legislation aims to improve science, security, and technology. Source: Manchin Senate
3. "Researchers Discover New Malware Aimed at Mining Sector": Cyberthreat intelligence manager Max Gannon from Cofense has revealed a simple remote access Trojan affecting victims in the mining sector. The malware is designed to steal sensitive data. Source: BankInfoSecurity
4. "Ethereum Foundation Rolls Out 'Attackathon' To Bolster Blockchain Security, Plans To Raise Over $2,000,000 In Reward": The Ethereum Foundation has launched an 'Attackathon' event to enhance the security of the Ethereum protocol. The event aims to crowdsource security solutions and offers a reward pool of over $2 million. Source: Daily Hodl
5. "A vulnerability was discovered in an NSA SkillTree training platform": Researchers have discovered a security vulnerability in the NSA's SkillTree training platform. The vulnerability was found during a study aimed at uncovering and understanding security flaws in popular GitHub repositories. Source: Security Magazine

Top CVEs

1. CVE-2024-6151: A local privilege escalation vulnerability has been discovered in the Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops. This allows a low-privileged user to gain SYSTEM privileges. Source: CVE-2024-6151
2. CVE-2024-5492: An open redirect vulnerability in NetScaler ADC and NetScaler allows a remote unauthenticated attacker to redirect users to arbitrary websites. Source: CVE-2024-5492
3. CVE-2024-5491: A Denial of Service vulnerability has been identified in NetScaler ADC and NetScaler Gateway. Source: CVE-2024-5491
4. CVE-2024-6286: Another local privilege escalation vulnerability has been found in Citrix Workspace app, allowing a low-privileged user to gain SYSTEM privileges. Source: CVE-2024-6286
5. CVE-2024-6235: A sensitive information disclosure vulnerability has been identified in NetScaler. Source: CVE-2024-6235

API Security

1. JSON API User plugin for WordPress vulnerability (CVE-2024-6624): The JSON API User plugin for WordPress, up to and including version 3.9.3, is susceptible to privilege escalation due to improper controls on custom user meta fields. This allows unauthenticated attackers to register as administrators on the site. Source: vulners.com
2. InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress vulnerability (CVE-2024-6397): The plugin, up to and including version 0.1.0.44, is vulnerable to authentication bypass due to insufficient verification of the API key. This allows unauthenticated attackers to log in as any existing user on the site and perform administrative tasks. Source: vulners.com
3. witmy my-springsecurity-plus vulnerability (CVE-2024-6676): A critical vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03. The vulnerability lies in an unknown functionality of the file /api/user and can lead to SQL injection. The attack can be launched remotely. Source: vulners.com
4. Gallagher Command Centre vulnerability (CVE-2024-23194): Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects Gallagher Command Centre v9.10 prior to vEL9.10.1268. Source: vulners.com
5. PHP OS Command Injection vulnerability (CVE-2024-4577): Certain versions of PHP, when used with Apache and PHP-CGI on Windows, are vulnerable to OS command injection. This could allow malicious users to run arbitrary PHP code on the server. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've delved into the connection between mass layoffs and data breaches, investigated the Authy data breach, and explored the implications of the UK councils' data breaches. We've also touched on the recent data breaches at Change Healthcare, Lulu Hypermarket, and Fellowship Village, among others. Remember, in this digital age, staying informed is your first line of defense. Share this newsletter with your friends and colleagues to keep them in the loop too.

Let's foster a culture of cybersecurity awareness together. Stay safe, stay secure, and see you in the next edition of Secret CISO.