Secret CISO 7/19: MediSecure's massive data leak, WazirX's $235M security breach, and research into China's military AI experts
Welcome to today's issue of Secret CISO! We've got a lot to unpack today, starting with the recent Ticketmaster breach that underscores the growing threat of cybercrime-as-a-service marketplaces. We'll also delve into a monumental win in a data breach class action case that could set a precedent for future lawsuits. In other news, the MediSecure data breach has affected nearly 13 million Australians, highlighting the urgent need for enhanced security measures. Meanwhile, Pinterest has joined the list of social media platforms failing to protect user data, with over 200,000 British users affected by a recent data leak. We'll also discuss the implications of the "RockYou2024" password leak, which has set a new record with nearly 10 billion plaintext credentials exposed.
And in a concerning development, the FBI and CIA are investigating a data breach in the Pueblo County School District. On the research front, we'll explore the minds of China's military AI experts and share some tips for achieving financial security amid inflation. Plus, we'll look at a recent study that reveals weak links in MLOps and security usage within enterprise software supply chains.
Stay tuned for all this and more in today's issue of Secret CISO. Don't miss out on the latest insights and analysis on cybersecurity trends and threats.
Data Breaches
- Ticketmaster Data Breach: Ticketmaster's Snowflake accounts were compromised using stolen login credentials, highlighting the consequences of cybercrime-as-a-service marketplaces. The breach underscores the need for shared responsibility in cybersecurity. Source: Security Info Watch
- MediSecure Data Breach: Approximately 12.9 million Australians were affected by the data breach of electronic prescription provider MediSecure. The breach resulted in 6.5TB of personal data being compromised. Source: iTnews
- Pinterest Data Leak: A data leak at Pinterest affected 216k British users, highlighting the ongoing struggle of social media platforms to protect user data. The breach follows a similar incident at Duolingo. Source: Identity Week
- Fractal ID Data Breach: A data breach at decentralized digital identity verification provider Fractal ID exposed the ID documents and facial images of thousands of users, raising questions about the security of decentralized identity architecture. Source: Biometric Update
- AT&T Data Breach: A five-month data breach at AT&T exposed the information of all customers within that period, underscoring the urgent need for enhanced security and vigilance in the telecom sector. Source: SecurityBrief Asia
Security Research
- Judge in SolarWinds case rejects SEC oversight of cybersecurity controls: A judge has ruled against the SEC's attempt to oversee cybersecurity controls following the SolarWinds hack. The decision came after an external security researcher notified SolarWinds in 2019 that a server password had been exposed. Source: Washington Post
- Fin7 helps ransomware gangs with EDR bypass: Antonio Cocomazzi, a security researcher at SentinelOne, has detailed the evolving tactics of Fin7 in assisting ransomware gangs with Endpoint Detection and Response (EDR) bypass. This highlights the increasing sophistication of cybercriminals. Source: TechTarget
- 20 Million Trusted Domains Vulnerable to Email Hosting Exploits: Security researchers Hao Wang, Caleb Sargent, and Harrison Pomeroy have discovered that 20 million trusted domains are vulnerable to email hosting exploits. This vulnerability could potentially expose millions of users to cyber threats. Source: Dark Reading
- APT41 Attacks Steal Data 'Over an Extended Period': Mandiant researchers have reported that APT41, a Chinese threat actor, has been seen stealing data over an extended period using a malicious payload that leaves minimal forensic traces. This highlights the stealthy and persistent nature of advanced persistent threats (APTs). Source: Decipher - Duo Security
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager: Security researcher Mohammed Adel has discovered a critical flaw affecting Cisco's On-Prem Smart Software Manager. The vulnerability could potentially allow an attacker to execute arbitrary commands with root privileges. Source: The Hacker News
Top CVEs
- Microsoft Edge (Chromium-based) Spoofing (CVE-2024-38156): A vulnerability in Microsoft Edge allows for potential spoofing attacks. The issue lies in the Chromium-based version of the browser. Microsoft has yet to release a patch for this vulnerability. Source: CVE-2024-38156
- SonicOS IPSec VPN Buffer Overflow (CVE-2024-40764): A heap-based buffer overflow vulnerability in SonicOS IPSec VPN could allow an unauthenticated remote attacker to cause a Denial of Service. Users are advised to update their software to the latest version to mitigate this risk. Source: CVE-2024-40764
- Apache HTTP Server Content-Type Configuration Issue (CVE-2024-40725): A partial fix for CVE-2024-39884 in Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers, potentially leading to source code disclosure of local content. Users are recommended to upgrade to version 2.4.62. Source: CVE-2024-40725
- SSRF in Apache HTTP Server on Windows (CVE-2024-40898): A Server Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, could potentially leak NTML hashes to a malicious server. Users are recommended to upgrade to version 2.4.62. Source: CVE-2024-40898
- PCI MSI "Multiple Message" Feature Vulnerability (CVE-2024-31143): An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. A flaw in this handling could lead to potential vulnerabilities. No known workarounds exist, and users are advised to stay updated on patches. Source: CVE-2024-31143
API Security
- PayPlus Payment Gateway WordPress Plugin SQL Injection: The PayPlus Payment Gateway WordPress plugin (versions before 6.6.9) has a vulnerability that allows SQL injection via a WooCommerce API route accessible to unauthenticated users. This is due to improper sanitization and escaping of a parameter before it's used in a SQL statement. Source: CVE-2024-6205
- Cookie Tossing in Gitpod: Multiple versions of Gitpod packages are vulnerable to Cookie Tossing due to a missing __Host- prefix on the gitpod_io_jwt2 session cookie. This allows an attacker who controls a subdomain to set the value of the cookie on the Gitpod control plane, potentially leading to unauthorized actions. Source: CVE-2024-21583
- TorchServe gRPC Port Exposure: TorchServe, a tool for serving and scaling PyTorch models in production, has a vulnerability where its gRPC ports 7070 and 7071 are not bound to localhost by default. This means when TorchServe is launched, these two interfaces are bound to all interfaces, potentially leading to unauthorized access. Source: CVE-2024-35199
- Atlassian Confluence Server Vulnerability: A vulnerability in Atlassian Confluence Server allows an attacker to alter server configuration and create a new administrator account by sending a request to a vulnerable endpoint. This can lead to unauthorized access and potential data breaches. Source: CVE-2023-22515
- 1Panel SQL Injection: 1Panel has an SQL injection issue related to the orderBy clause. This vulnerability is not well filtered, leading to arbitrary file writes and potentially resulting in Remote Code Execution (RCE). Source: GHSA-5GRX-V727-QMQ6
Sponsored by Wallarm API Security Solution
Final Words
As we wrap up today's edition of Secret CISO, we're reminded of the ever-evolving landscape of cybersecurity. From the Ticketmaster breach highlighting the consequences of cybercrime-as-a-service marketplaces to the monumental win in a data breach class action, it's clear that the fight for digital security is a daily battle. We've also seen how breaches can have far-reaching effects, impacting millions of individuals and businesses across the globe. The MediSecure data breach, for instance, affected about 12.9 million Australians, underscoring the importance of robust security measures in the healthcare sector. In the world of social media, the Pinterest data leak served as a reminder that even the most popular platforms are not immune to security threats.
Meanwhile, the investigation into the Pueblo County School District data breach by the FBI and CIA highlighted the seriousness of protecting educational data. As we continue to navigate this complex digital landscape, let's remember that knowledge is power. By staying informed about the latest breaches and security research, we can all play a part in creating a safer digital world.
If you found today's newsletter helpful, please consider sharing it with your colleagues and friends.
Together, we can make a difference in the world of cybersecurity. Stay safe and see you in the next edition of Secret CISO!