Welcome to today's issue of Secret CISO, your daily dose of all things cybersecurity. Today, we're diving into the world of data breaches and their far-reaching implications. First up, we examine the aftermath of Snowflake's data security lapse, highlighting the urgent need for robust data security measures in the era of data lakes. Then, we turn our attention to the recent AT&T data breach, exploring its potential impact on users of other service providers. We also delve into the Heritage Foundation data breach, underscoring the importance of strong cybersecurity safeguards. In other news, Meta faces fines due to data breaches and other violations, a stark reminder of the legal and financial repercussions of inadequate data security.

Meanwhile, data breach victims have surged by a staggering 490% since the first half of 2023, a trend that security leaders attribute to several large-scale breaches. In a similar vein, MNGI Digestive Health faces a lawsuit over a breach affecting 766,000 people, while Maybank responds to allegations of a data leak on the dark web. In the city of Columbus, a massive data breach is causing serious tech issues, and Rite Aid discloses a data breach affecting 2.2 million individuals. We also touch on the Trello data breach affecting 15M users' email addresses and the link between data breaches and mass layoffs.

Finally, we discuss the latest research in cybersecurity, including a new project assigned to AI safety leader Madry by OpenAI, a critical Python vulnerability uncovered by JFrog researchers, and the launch of the SECURE Center for Research Security by NSF. Stay tuned for more updates and insights in tomorrow's issue of Secret CISO. Stay safe and secure!

Data Breaches

1. In Snowflake's wake, teams can no longer afford weak data security: Data lakes like Snowflake, which serve as data repositories with wide access for employees, are becoming prime targets for cybercriminals. The need for robust data security is more critical than ever. Source: SC Magazine
2. Sweeping AT&T data breach: AT&T has confirmed a data breach, however, the names associated with accounts, Social Security numbers and credit card numbers were not stolen. The impact on users of other service providers is yet to be determined. Source: silive.com
3. Heritage Foundation Data Breach: The Heritage Foundation suffered a data breach, highlighting the importance of strong cybersecurity safeguards to secure sensitive data. The details of the breach are still emerging. Source: CIO News
4. Meta fined due to data breaches: Meta Platforms and WhatsApp LLC have been fined due to data breaches among other violations, according to the outgoing chairman of the FCCPC. Source: TVC News
5. Data breach victims increased by 490% since the first half of 2023: The surge in breach victims is likely due to several large-scale breaches of major companies, according to Stephen Kowski, Field CTO at SlashNext. Source: Security Magazine

Security Research

1. NSF Launches SECURE Center for Research Security: The National Science Foundation (NSF) has launched the SECURE Center for Research Security, providing $50 million to the University of Washington and $17 million to Texas A&M University. The center aims to address concerns around research security. Source: Mirage News
2. Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers: Security researcher Cara Lin has reported that attackers are exploiting a flaw in Microsoft Defender to deliver ACR, Lumma, and Meduza stealers. The attackers lure victims into clicking a crafted link to a URL file designed to download an LNK file. Source: The Hacker News
3. OpenAI Assigns New Project to AI Safety Leader Madry: OpenAI has assigned a new research project to AI safety leader Madry. The project is part of the startup's revamp of its preparedness team. Source: Digital Nation
4. JFrog Uncovers Critical Python Vulnerability: Researchers at JFrog have uncovered a critical security vulnerability in the Python programming language. The vulnerability, which has since been patched, could have been exploited with dire consequences. Source: Technology Decisions
5. Connect with Microsoft Security at Black Hat USA 2024: Microsoft will share its deep expertise in AI-first end-to-end security and extensive threat intelligence research at the Black Hat USA 2024 conference in Las Vegas. Source: Foreign Affairs

Top CVEs

1. CVE-2024-7014: A vulnerability in Telegram for Android (versions 10.14.4 and earlier) allows malicious apps to be sent disguised as videos, potentially compromising user data. Source: CVE-2024-7014
2. CVE-2024-41836: InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Source: CVE-2024-41836
3. CVE-2024-38164: An improper access control vulnerability in GroupMe allows an unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. Source: CVE-2024-38164
4. CVE-2024-6992: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Source: CVE-2024-6992
5. CVE-2024-41178: Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (object_store crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Source: CVE-2024-41178

API Security

1. CVE-2024-6874 - libcurl's URL API Function Vulnerability: A flaw in libcurl's URL API function curl_url_get() can lead to stack contents accidentally getting returned as part of the converted when converting a name that is exactly 256 bytes. This vulnerability is particularly concerning when libcurl is built to use the macidn IDN backend. Source: vulners.com
2. Sentry Stored Cross-Site Scripting (XSS) Vulnerability: An unsanitized payload sent by an Integration platform integration can lead to the storage of arbitrary HTML tags on the Sentry side. This can create a Stored Cross-Site Scripting (XSS) vulnerability, potentially leading to the execution of arbitrary scripts in the context of a user’s browser. The patch has been released in Sentry 24.7.1. Source: vulners.com
3. CVE-2024-41661 - reNgine Command Injection Vulnerability: In reNgine versions 1.2.0 through 2.1.1, an authenticated command injection vulnerability in the WAF detection tool allows an authenticated attacker to remotely execute arbitrary commands as root user. The URL query parameter url is passed to subprocess.check_output without any sanitization, leading to a command injection vulnerability. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the rising threat to data lakes like Snowflake, to the alarming increase in data breach victims, and the ongoing legal battles over breaches affecting millions of individuals. Remember, in the wake of Snowflake, weak data security is no longer an option. With cybercriminals increasingly targeting data repositories with wide access, it's crucial to ensure your team is equipped with strong cybersecurity safeguards.

In other news, AT&T's recent data breach serves as a reminder that even if your credit card and social security numbers are safe, hackers can still cause significant damage. And let's not forget the hefty fines Meta faced due to data breaches and other violations.

The bottom line? Data security is not just about protecting your own assets, but also about maintaining the trust and confidence of your customers and stakeholders.

If you found today's newsletter helpful, please consider sharing it with your friends and colleagues.

Stay safe, stay informed, and see you in the next edition of Secret CISO.