Welcome to today's issue of Secret CISO, where we bring you the latest news and insights on cybersecurity. Today, we're diving into the settlement dilemmas companies face in data breach actions, exploring the risks, strategies, and legal insights. We'll also look at how companies like Meta are paying hefty sums for data breaches, with the social media giant recently agreeing to a $1.4bn settlement in Texas.

In other news, we'll discuss the AT&T data breach and how advisors can protect their firms and clients, and question whether organizations have enough cash set aside to cover a data breach. We'll also delve into the role of AI in dealing with data breaches, and how it's both a cause for celebration and a growing fear for firms. We'll also touch on recent data breaches at Complex Legal Services Inc., Ticketmaster, and HealthEquity, and the implications of these incidents.

Plus, we'll look at the rising costs of data breaches, with a recent IBM study revealing that the average data breach costs Canadian organizations a staggering $6.32 million. Finally, we'll explore the latest security vulnerabilities, including those in Voice over WiFi and Google Workspace, and share insights from security researchers on these issues. Stay tuned for all this and more in today's Secret CISO.

Data Breaches

1. Settlement Dilemma in Data Breach Actions: Risk, Strategy, and Legal Insights: Companies are increasingly facing data breaches, making it a matter of when, not if, they will be targeted. The legal implications and strategies for settlement are becoming crucial aspects of corporate cybersecurity. Source: Law.com
2. Federman & Sherwood Investigates Complex Legal Services Inc. for Data Breach: Complex Legal Services Inc. is under investigation for a recent data breach. The unauthorized cybersecurity incident was detected around April 17, 2024. Source: BusinessWire
3. Meta to pay Texas $1.4bn for biometric data breach: Meta Platforms, the owner of Facebook, has agreed to pay $1.4bn to settle a lawsuit filed by the state of Texas over the illegal use of biometric data. Source: Punch Newspapers
4. The AT&T Data Breach: How Advisors Can Protect Their Firm and Their Clients: The article discusses the recent data breaches at AT&T and how the data can be used to perpetrate detailed deep fakes. It also provides advice on how firms and their clients can protect themselves. Source: Advisor Perspectives
5. HealthEquity data breach affects 4.3 million people: HealthEquity, a leading provider of health savings account (HSA) services, announced a data breach in March 2024 that affected 4.3 million people. The breach included personal information and protected health data. Source: TechCrunch

Security Research

1. OAuth Implementation Flaw Puts Millions of Websites at Risk of XSS Attacks: Security researchers have identified a flaw in OAuth implementation that could potentially expose millions of websites to cross-site scripting (XSS) attacks. This vulnerability could allow attackers to inject malicious scripts into webpages viewed by other users. Source: Spiceworks
2. Critical Security Vulnerabilities in Voice over WiFi: Researchers from CISPA, SBA Research, and the University of Vienna have discovered two major security vulnerabilities in Voice over WiFi. These vulnerabilities could potentially be exploited by attackers to intercept and manipulate voice calls. Source: Informationsdienst Wissenschaft
3. Sophisticated Phishing Campaign Targets Microsoft OneDrive Users: A sophisticated phishing campaign targeting Microsoft OneDrive users has been uncovered by security researchers. The campaign employs advanced social engineering techniques to trick users into revealing their login credentials. Source: Infosecurity Magazine
4. Mandrake Spyware Campaign Found on Google Play: The Mandrake spyware, first identified in 2020, has been found in a campaign on Google Play. The spyware is capable of taking over an infected device and stealing sensitive information. Source: IT-Online
5. Google Workspace Vulnerability Allowed Hackers to Access 3rd-Party Services: A vulnerability in Google Workspace has been discovered that could allow hackers to gain access to third-party services. This breach could potentially expose sensitive information and data. Source: Hackread

Top CVEs

1. CVE-2024-40836: A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user. Source: CVE-2024-40836
2. CVE-2024-40815: A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Code (PAC) protections. Source: CVE-2024-40815
3. CVE-2024-41818: fast-xml-parser, an open-source, pure JavaScript XML parser, has a ReDOS vulnerability. This vulnerability is fixed in the latest version. Source: CVE-2024-41818
4. CVE-2024-40795: This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location data without user consent. Source: CVE-2024-40795
5. CVE-2024-40813: A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user information from the lock screen. Source: CVE-2024-40813

API Security

1. Langflow Privilege Escalation Vulnerability (CVE-2024-7297): Langflow versions prior to 1.0.13 are vulnerable to a Privilege Escalation attack. A remote attacker with low privileges can gain super admin rights by performing a mass assignment request on the '/api/v1/users'. Users are advised to upgrade to the latest version. Source: vulners.com
2. Xibo SQL Injection Vulnerabilities (CVE-2024-41944, CVE-2024-41802, CVE-2024-41804, CVE-2024-41803): Xibo, a content management system (CMS), has multiple SQL injection vulnerabilities in its API routes. These vulnerabilities allow an authenticated user to obtain and modify arbitrary data from the Xibo database. Users should upgrade to version 3.3.12 or 4.0.14. Source: vulners.com
3. pREST JWT Bypass and SQL Injection Vulnerability: pREST, a lightweight RESTful API server, is vulnerable to JWT bypass and SQL injection. An attacker can exploit this vulnerability to bypass JWT authentication and perform SQL injection attacks. Source: vulners.com
4. Docker Engine AuthZ Bypass Vulnerability: Docker Engine has a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. An attacker could exploit this vulnerability to perform unauthorized actions, including privilege escalation. Source: vulners.com
5. Apache SeaTunnel Web Authentication Vulnerability: Apache SeaTunnel has a web authentication vulnerability. The JWT key is hardcoded in the application, allowing an attacker to forge any token to log in as any user. Users are recommended to upgrade to version 1.0.1. Source: vulners.com

Black Hat Sticker Booth #3122

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our insights on data breaches and cybersecurity strategies valuable. Remember, in the digital world, staying informed is your first line of defense. If you found this newsletter helpful, don't keep it to yourself.

Share it with your colleagues, friends, and fellow security enthusiasts. Let's spread the knowledge and make the digital space safer for everyone. Stay vigilant, stay secure. See you in the next edition of Secret CISO.