Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving deep into the massive AT&T data breach that has left nearly every customer's data exposed. We'll explore how hackers managed to steal six months of call and text records, and what this means for you. In another significant breach, the city of Philadelphia's email system was compromised, impacting over 35,000 people.

We'll discuss the implications and what steps are being taken to address the issue. We'll also look at how to find out if your data was stolen in AT&T's massive hack and what Arizonans need to know about the breach. In addition, we'll touch on the future of Biden's campaign in light of the AT&T data breach, and the arrest made in connection to the breach of more than 110 million customers. Lastly, we'll delve into the broader security concerns raised by the AT&T data hack, and how customers can protect themselves in the wake of this latest breach. Stay tuned for all this and more in today's issue of Secret CISO. Don't miss out on these exclusive insights into the world of cybersecurity.

Data Breaches

1. AT&T Data Breach: Hackers have stolen data from nearly every AT&T customer in a recent breach, obtaining six months of call and text message records. The breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other sensitive data. AT&T is currently investigating the incident. Source: NBC Los Angeles
2. Philadelphia Data Breach: The city of Philadelphia's email system suffered a data breach that impacted 35,881 people. The city is currently working to address the issue and mitigate any potential harm to those affected. Source: 6ABC
3. Rite Aid Data Breach: Pharmacy giant Rite Aid confirmed a data breach following a cyberattack in June. The breach was claimed by the RansomHub ransomware operation. The company is currently investigating the incident and working to mitigate any potential harm to those affected. Source: Bleeping Computer
4. Snowflake Data Breach: Snowflake is facing a growing problem after AT&T disclosed that data from nearly all wireless customers was connected to a breach. The incident is currently under investigation. Source: CNBC

Security Research

1. OSTP Issues Guidelines to Improve Federal Research Security: The Office of Science and Technology Policy (OSTP) has issued guidelines to enhance research security programs. The aim is to increase awareness of research security threats and enable researchers to respond effectively. Source: MeriTalk.
2. Squarespace crypto domains under DNS attack, lack of MFA to blame: Security researcher Dominic Alvieri reported a DNS attack on Squarespace's crypto domains. The attack was attributed to the lack of multi-factor authentication (MFA). Source: Cybernews.
3. Halcyon Provides Intel on Volcano Demon Ransomware: Security research firm Halcyon has reported encounters with a new ransomware organization named Volcano Demon. The firm has provided intelligence on the ransomware's operations. Source: JD Supra.
4. Millions of email servers could be at risk from Exim security flaw: Security researchers from Censys have discovered a vulnerability in Exim that could put millions of email servers at risk. The flaw allows hackers to bypass protections that usually prevent email messages from being intercepted. Source: TechRadar.
5. Ongoing NuGet supply chain attack involves dozens new malicious packages: A new campaign involving dozens of malicious packages has been reported in an ongoing NuGet supply chain attack, according to security researcher Karlo Zanki. This highlights new methods used by malicious actors to deceive developers. Source: SC Media.

Top CVEs

1. CVE-2024-40690 - IBM InfoSphere Server 11.7 Cross-Site Scripting Vulnerability: IBM InfoSphere Server 11.7 is susceptible to cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. Source: CVE-2024-40690
2. CVE-2024-40960 - Linux Kernel IPv6 NULL Dereference Vulnerability: A vulnerability in the Linux kernel has been resolved that could lead to a NULL dereference in rt6_probe(). This could potentially lead to a general protection fault. Source: CVE-2024-40960
3. CVE-2024-6328 - MStore API Authentication Bypass Vulnerability: The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to and including 4.14.7. This is due to insufficient verification on the 'phone' parameter, allowing unauthenticated attackers to log in as any existing user on the site. Source: CVE-2024-6328
4. CVE-2024-40539 - my-springsecurity-plus SQL Injection Vulnerability: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter. Source: CVE-2024-40539
5. CVE-2024-40998 - Linux Kernel ext4 Uninitialized Ratelimit_state->lock Access Vulnerability: A vulnerability in the Linux kernel has been resolved that could lead to uninitialized ratelimit_state->lock access in __ext4_fill_super(). This could potentially lead to a system crash. Source: CVE-2024-40998

API Security

1. SQL Injection Vulnerability in my-springsecurity-plus (CVE-2024-40539): A SQL injection vulnerability has been discovered in my-springsecurity-plus versions before v2024.07.03. The vulnerability is found in the dataScope parameter and could allow attackers to manipulate SQL queries. Source: CVE-2024-40539
2. SQL Injection Vulnerability in my-springsecurity-plus (CVE-2024-40540): Another SQL injection vulnerability has been identified in my-springsecurity-plus versions before v2024.07.03. This vulnerability also affects the dataScope parameter and could lead to unauthorized data access. Source: CVE-2024-40540
3. SQL Injection Vulnerability in my-springsecurity-plus (CVE-2024-40541): This is the third SQL injection vulnerability found in my-springsecurity-plus versions before v2024.07.03. The vulnerability is present in the dataScope parameter and could lead to data breaches. Source: CVE-2024-40541
4. SQL Injection Vulnerability in KubeClarity (CVE-2024-39909): KubeClarity, a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems, has a time/boolean SQL Injection vulnerability in its /api/applicationResources resource via the packageID parameter. This vulnerability is fixed in the latest version. Source: CVE-2024-39909
5. Authentication Bypass Vulnerability in MStore API (CVE-2024-6328): The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress has an authentication bypass vulnerability in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site. Source: CVE-2024-6328

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We hope you found this information valuable. Remember, staying informed is the first step in ensuring the security of your systems. Don't forget to share this newsletter with your friends and colleagues to help them stay secure too. In today's digital world, data breaches are becoming more common and more damaging. From the AT&T data breach affecting nearly all its customers to the Philadelphia data breach impacting over 35,000 people, it's clear that no one is immune. As security professionals, it's our job to stay ahead of these threats and protect our systems and data. But we can't do it alone. We need to work together, share information, and learn from each other.

That's why we created Secret CISO - to provide you with the latest news and insights in the world of cybersecurity. So, if you found this newsletter helpful, please consider sharing it with your colleagues. Together, we can make the digital world a safer place. Stay safe and see you in the next edition of Secret CISO.