Secret CISO 7/14: Disney's Slack Leak, Google's Dark Web Monitoring, and New Security Research on Chinese Espionage
Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're focusing on the recent wave of data breaches and how they're affecting individuals and corporations alike. First up, we delve into the aftermath of a massive data breach at AT&T, where nearly all customer data was downloaded from a third-party platform. This breach has raised serious concerns about customer privacy and security, and we'll be discussing what steps AT&T and its customers should take next. Next, we'll look at the Rite Aid data breach, where 45M records were exposed by the RansomHub ransomware group. We'll also touch on the Ticketmaster data breach and the importance of monitoring credit following such incidents. In other news, Disney's internal Slack was reportedly breached by the hacktivist group NullBulge, leading to the leak of 1.1 TiB of internal data.
We'll explore the potential implications of this breach and how it could affect the company and its employees. Finally, we'll discuss the recent security breaches in the city of Philadelphia, where the personal data of over 35,000 residents was made vulnerable after a hacker breached the city's email system. Stay tuned for expert advice on how to protect your data in the event of a breach, updates on ongoing investigations, and the latest cybersecurity research. Remember, knowledge is power when it comes to securing your data. Stay safe and stay informed with Secret CISO.
Data Breaches
- Data Breach at Rite Aid Exposes 45M Records: Rite Aid, a prominent American drugstore chain, has suffered a data breach following a cyberattack by the RansomHub ransomware group. The breach has compromised approximately 45 million records, highlighting the increasing vulnerability of healthcare-related entities to cyber threats. Source: The Cyber Express
- AT&T Massive Data Breach: Telecommunications giant AT&T has disclosed a significant data breach that compromised the data of nearly all its customers. The breach, which took place in April but mostly involved data from 2022, exposed call and text message records of tens of millions of customers. Source: WKDZ Radio
- Disney's Internal Slack Breached by NullBulge: Hacktivist group NullBulge claims to have breached Disney, leaking 1.1 TiB of internal Slack data. The leak allegedly includes messages and files, demonstrating the potential risks associated with internal communication platforms. Source: Hackread
- Philadelphia City Email System Breached: The personal data of over 35,000 residents was made vulnerable after a hacker breached the Philadelphia email system. The incident underscores the need for robust cybersecurity measures at the municipal level. Source: NBC10 Philadelphia
- Ticketmaster Data Breach: Following a data breach at Ticketmaster, experts advise consumers to stay vigilant about monitoring their personal accounts and financial information. The breach highlights the ongoing risk of data breaches in the entertainment industry. Source: CBC News
Security Research
- Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach: A critical vulnerability in the RADIUS protocol, a Microsoft 0-day that was exploited for a year, and a massive data breach at AT&T were among the top security news last week. The AT&T breach, in particular, raised serious concerns about customer privacy. Source: Help Net Security
- White House revamps security guidelines for universities: The White House has issued a policy memo revamping security guidelines for US universities. The memo, which could have a sweeping impact on American research, was addressed to US funding agencies. Source: University World News
- CoinStats says $2.2 million worth of crypto was stolen in June hack by 'sophisticated attacker': CoinStats, a cryptocurrency portfolio tracker, reported that $2.2 million worth of crypto was stolen in a June hack. The tracing of the stolen funds is ongoing and the attack has been reported to authorities. Source: The Block
- AI tools will enhance food security, says expert: An expert has highlighted the need for farmers across the country to gain more access to the use of Artificial Intelligence tools to enhance food security. Source: Punch Newspapers
- Bitcoin Core devs adopt new security policy to curb outdated software use: Bitcoin Core developers have adopted a new security policy aimed at curbing the use of outdated software. The initiative sets clear expectations for security researchers and incentivizes responsible disclosure of vulnerabilities. Source: Crypto Briefing
Top CVEs
- CVE-2024-6465 - WP Links Page Plugin Vulnerability: The WP Links Page plugin for WordPress, versions up to and including 4.9.5, is susceptible to unauthorized data modification due to a missing capability check on the 'wplf_ajax_update_screenshots' function. This vulnerability allows authenticated attackers with Subscriber-level access or higher to regenerate the link's thumbnail. Source: Vulners.
- CVE-2024-6730 - Nanjing Xingyuantu Technology SparkShop Vulnerability: A critical vulnerability has been discovered in Nanjing Xingyuantu Technology SparkShop up to version 1.1.6. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The exploit has been publicly disclosed and may be used. Source: Vulners.
API Security
- CVE-2024-6730 - Critical Vulnerability in Nanjing Xingyuantu Technology SparkShop: A critical vulnerability has been discovered in Nanjing Xingyuantu Technology SparkShop up to version 1.1.6. This issue affects the processing of the file /api/Common/uploadFile, allowing unrestricted file uploads. The vulnerability can be exploited remotely and has been publicly disclosed. Source: vulners.com
- CosmicSting CVE-2024-34102 - XXE Vulnerability in Adobe Commerce: CosmicSting is a Python script designed to exploit an XML External Entity (XXE) vulnerability (CVE-2024-34102) in Adobe Commerce. The exploit allows an attacker to read sensitive files from a server using XML-based requests. The script also generates a callback URL for hosting a DTD file and uses multi-threading for faster exploitation. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the latest data breaches to expert advice on how to protect your personal data. It's clear that cybersecurity is not a one-time effort but a continuous process. Remember, the first step towards protection is awareness. If you found this newsletter helpful, don't keep it to yourself. Share it with your friends, colleagues, and anyone else who might benefit from staying in the know about the latest in cybersecurity. Stay safe, stay informed, and keep those digital doors locked. Until next time, this is your Secret CISO, signing off.