Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Ticketmaster has begun issuing notifications about a recent data breach, alerting affected customers about the potential risks. The breach, which saw over 1.3 TB of data stolen, has raised concerns about how many North American customers may have been compromised. Meanwhile, Australian organizations are topping global data breach charts, with research by Rubrik Zero Labs revealing that they experience some of the highest data breach rates in the world. In other news, insurance giant Prudential has reported a data breach affecting over 2.5 million individuals, nearly 70 times the initial estimate.

Geisinger Health System is also under investigation for a data breach impacting more than a million patients. In legal news, multiple class actions have been filed against Panera Bread, alleging the company failed to protect information during a data breach. Levi & Korsinsky, LLP is also investigating a data breach at Lurie Children's Hospital. In the realm of research security, a significant data breach involving Thailand's Internal Security Operations Command (ISOC) has been reported. Meanwhile, over 300 researchers are urging a committee to reject a controversial border security act in Finland. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. Ticketmaster Data Breach: Ticketmaster has begun issuing notifications to customers affected by a recent data breach. The exact number of North American customers compromised is yet to be confirmed, but reports suggest that over 1.3 TB of data was stolen. Source: iZOOlogic, USA Today
2. Prudential Data Breach: A data breach at insurance giant Prudential has affected over 2.5 million individuals, nearly 70 times more than initial estimates. Further details about the threat actors behind the breach are yet to be disclosed. Source: The Cyber Express, Bleeping Computer
3. Geisinger Health System Data Breach: Geisinger Health System is under investigation following a data breach that affected the personal information of over one million patients. Legal action has been initiated against Geisinger and a Microsoft-owned IT provider. Source: MarketWatch, State College
4. Panera Bread Data Breach: Panera Bread is facing multiple class-action lawsuits following a data breach. The exact number of customers affected and the extent of the damage caused by the breach are yet to be disclosed. Source: St. Louis Record
5. Patelco Credit Union Security Breach: Patelco Credit Union experienced a serious security breach, leading to half a million members being locked out of their accounts. The breach led to limited debit and credit card functions. Source: Mercury News, Xinhua

Security Research

1. Research Security in Australia and Defence Export Controls Update: The Australian Academy of Science, in collaboration with the Department of Defence, held a discussion on research security in Australia. The event aimed to address the challenges and opportunities in the field of research security and defence export controls. Source: Science.org.au
2. OpenSSH Vulnerability 'Extremely Dangerous': Security firm Qualys has warned of a significant security risk in OpenSSH. The vulnerability allows remote code execution as root on glibc-based Linux systems. The issue has been deemed 'extremely dangerous' by researchers. Source: SiliconAngle
3. WordPress Plugins Compromised; Rogue Admin Accounts: Security researchers have discovered malware that attempts to create new admin accounts on WordPress sites. The compromised plugins have been used to inject malicious code, highlighting the need for regular updates and security checks. Source: Atlas News
4. Hackers Targeting Company File Transfer Tools: Security researchers have identified a new wave of mass-hacks targeting popular file transfer tools. The hackers exploit a newly discovered vulnerability, emphasizing the need for companies to stay updated on the latest security threats. Source: Yahoo News
5. CapraRAT Spyware Disguised as Popular Apps Threatens Android Users: Security researchers have discovered a new spyware campaign, dubbed CapraTube, that disguises itself as popular apps to target Android users. The spyware collects sensitive information from the infected devices, highlighting the need for users to download apps from trusted sources only. Source: The Hacker News

Top CVEs

1. OpenSSH Server Signal Handler Race Condition (CVE-2024-6387): A race condition in OpenSSH's server could allow a client to exploit various functions that are not async-signal-safe if they do not authenticate within LoginGraceTime seconds. This could lead to further attacks against the system. Source: vulners.com
2. CoacoaPods Authentication Server Vulnerability (CVE-2024-38366): The authentication server for the CoacoaPods dependency manager had a vulnerability that could be manipulated to execute a command on the trunk server, giving root access to the server and the infrastructure. This issue was patched in September 2023. Source: vulners.com
3. Cisco NX-OS Software CLI Vulnerability (CVE-2024-20399): A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device due to insufficient validation of arguments passed to specific configuration CLI commands. Source: vulners.com
4. CoacoaPods Authentication Server Vulnerability (CVE-2024-38368): A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. This was patched server-side in September. Source: vulners.com
5. Apache HTTP Server Null Pointer Dereference (CVE-2024-38477): A null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Source: vulners.com

API Security

1. Remote Code Execution vulnerability in GeoServer: Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users due to unsafely evaluating property names as XPath expressions. This vulnerability can lead to executing arbitrary code. A workaround exists by removing the gt-complex-x.y.jar file from the GeoServer. Source: vulners.com
2. Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat: If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation and read arbitrary classpath resources with specific file name extensions. Patches are available. Source: vulners.com
3. GeoServer's Server Status shows sensitive environmental variables and Java properties: GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights. These variables/properties can contain sensitive information, such as database passwords or API keys/tokens. Source: vulners.com
4. Reflected Cross-Site Scripting vulnerability in Flowise: In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. An attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. Source: vulners.com
5. Null Pointer dereference in WebSocket protocol: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading the service. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of staying vigilant in the face of ever-evolving security threats. From Ticketmaster's recent data breach notifications to the alarming rise in data breaches among Australian organizations, it's clear that no sector is immune. In other news, Prudential's data breach has grown nearly 70 times its initial estimate, affecting over 2.5 million individuals. Meanwhile, Geisinger Health System is under investigation for a data breach impacting over a million patients. On a more technical note, we've seen vulnerabilities in OpenSSH that researchers are calling 'extremely dangerous', and a security incident at Timonium-based Bloom Health Centers that may have compromised patient information. In the world of research, over 300 researchers are urging a committee to reject a controversial border security act.

And finally, the Patelco Credit Union security breach has left half a million members locked out of their accounts. As always, we encourage you to share this newsletter with your friends and colleagues to help them stay informed about the latest in cybersecurity. Remember, knowledge is power, and in the world of cybersecurity, it's also protection. Stay safe, stay informed, and see you in the next edition of Secret CISO.