Hello Secret CISO readers, In today's issue, we're diving into a wave of data breaches that have hit major companies, including AT&T and Verizon's TracFone, and the subsequent fallout. We'll also be looking at the need for more reliable data management and the impact of AT&T's massive data breach affecting 110 million customers. We'll also be discussing the aftermath of a malware detection in Ada County's Emergency Communications environment, and the exposure of personal information in data breaches at First Choice Dental and MarineMax.

In other news, we'll be examining the lawsuit investigation following the Freudenberg Medical data breach, and the top data breaches of 2024 so far. We'll also be exploring how Zero Trust supports cyber resilience for businesses, and the notification of patients following a health information breach at Michigan Medicine. Lastly, we'll be looking at the class-action lawsuit against Change, UnitedHealth, and Optum for a massive data breach, and the exposure of sensitive data and location information through dating apps. Stay tuned for these stories and more in today's issue of Secret CISO.

Data Breaches

1. AT&T FirstNet Users Data Breach: AT&T has confirmed that call information for most of its 2022 FirstNet users was illegally downloaded in a data breach. The company has emphasized that network security is a top priority for the FirstNet Authority. Source: Urgent Comm
2. Verizon's TracFone Data Breach Penalty: TracFone, a subsidiary of Verizon Communications Inc., has been hit with a $16M FCC penalty following three data breaches that occurred between January 2021 and 2022. Source: Law360
3. Massive AT&T Data Breach Impact: A massive data breach at AT&T has affected 110 million customers. The breach is larger than initially reported, raising concerns about the potential risks for those affected. Source: Security Boulevard
4. First Choice Dental Data Breach: Personal information of individuals was exposed in a data breach at First Choice Health. Murphy Law Firm is investigating legal claims on behalf of those affected. Source: GlobeNewswire
5. MarineMax Data Breach: Personal information of individuals was exposed in a data breach at MarineMax. Murphy Law Firm is investigating legal claims on behalf of those affected. Source: GlobeNewswire

Security Research

1. Security Bite: North Korean hackers impersonate job recruiters to target Mac users: State-sponsored hackers from North Korea have been identified attempting to target Mac users with infostealer malware, impersonating job recruiters in the process. This highlights the increasing sophistication of cyber threats and the need for constant vigilance. Source: 9to5mac
2. Security researchers claim new Windows security weakness: Computer security researchers have discovered a new variation of an old weakness in Microsoft Corp's Windows operating system. This discovery underscores the importance of regular system updates and the use of robust security measures. Source: Yahoo News
3. 5 ways threat actors are taking advantage of the CrowdStrike outage: Following the CrowdStrike outage, numerous malicious domains have been identified by security researchers and organizations. This highlights the opportunistic nature of cyber threats and the need for robust cybersecurity measures. Source: SC Media
4. LLMs: New alignment research for AI safety and technical regulation: Conversations around AI safety and security alignment to human values are increasingly including discussions on biological and existential threats. This research underscores the importance of aligning AI systems with human values to ensure safety and security. Source: Data Science Central
5. Los Alamos charts a new path on AI research with Venado launch: The National Nuclear Security Administration is characterizing research within any discipline as having the potential to be deemed “classified”. This move highlights the growing importance of AI in national security considerations. Source: Nextgov/FCW

Top CVEs

1. CVE-2024-6970 - itsourcecode Tailoring Management System 1.0 SQL Injection Vulnerability: A critical vulnerability has been found in itsourcecode Tailoring Management System 1.0, affecting an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to SQL injection, which can be launched remotely. Source: vulners.com
2. CVE-2024-24507 - Act-On 2023 XSS Vulnerability: A Cross-Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp. Source: vulners.com
3. CVE-2024-40502 - Hospital Management System Project in ASP.Net MVC 1 SQL Injection Vulnerability: A SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows a remote attacker to execute arbitrary code via the btn_login_b_Click function. Source: vulners.com
4. CVE-2024-29073 - Ankitects Anki 24.04 Latex Handling Vulnerability: A vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. Source: vulners.com
5. CVE-2024-38788 - Admin 2020 UiPress lite SQL Injection Vulnerability: An Improper Neutralization of Special Elements used in an SQL Command vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection. Source: vulners.com

API Security

1. Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint: A security vulnerability in Argo CD allows an unauthenticated attacker to send a large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. This issue poses a high risk to the availability of Argo CD deployments. The vulnerability is fixed in versions 2.11.6, 2.10.15. Source: CVE-2024-40634
2. Exploit for Code Injection in Rockoa: A debugging environment for CVE-2023-1773 in Rockoa v2.3.2 has been reported. More details are yet to be released. Source: Rockoa Exploit
3. JetBrains TeamCity OAuth Code Theft: In JetBrains TeamCity before 2024.07, an OAuth code for JetBrains Space could be stolen via Space Application. Users are advised to update to the latest version to avoid this vulnerability. Source: CVE-2024-41829
4. ImageSharp Excessive Memory Usage: A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5. Source: CVE-2024-41132
5. Remote Code Execution in Kafka UI: Three different Remote Code Execution (RCE) vulnerabilities were found in Kafka UI. These vulnerabilities are fixed in version 0.7.2, so if you use Kafka UI, please make sure to upgrade. Source: Kafka UI RCE

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that data breaches continue to be a major concern across various sectors. From AT&T's call information breach to Verizon's TracFone's hefty penalty, it's evident that no company is immune to these threats. The need for more reliable data and effective security measures has never been more critical. Remember, security isn't just about having the right tools in place. It's also about staying informed and being proactive.

So, don't keep this valuable information to yourself. Share Secret CISO with your colleagues and friends, and let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.