Welcome to today's issue of Secret CISO. We're diving into a wave of data breaches and security threats that have been making headlines. First up, we have a warning from CISA about potential data theft at high-risk chemical facilities. A threat actor has breached the agency's Chemical Security Assessment Tool, raising serious concerns about the safety of sensitive data. In the telecom sector, Bharti Airtel is vehemently denying claims of a data breach on its servers. Despite allegations of a massive data leak affecting 375 million users, the company insists that its security system remains intact. Meanwhile, nearly 10 billion passwords have reportedly been stolen by hackers.

We'll explore how you can protect yourself in the wake of this massive security breach. In the education sector, the Alabama Education Department has reported a data breach during a hacking attempt. Some data was compromised, highlighting the need for robust security measures in our educational institutions.

Lastly, we'll touch on the rise of cybercrime in Odisha and the worrying security flaw in AWS that could have led to account hijacking. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. CISA Warns Chemical Facilities of Data Theft After Hacker Breached CSAT Security Tool via Ivanti: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to high-risk chemical facilities about potential data theft following a breach of the agency's Chemical Security Assessment Tool. The breach was carried out by a threat actor via Ivanti. Source: cpomagazine.com
2. Airtel Refutes Alleged Data Breach Claims, Says 'Desperate Attempt to Tarnish' Reputation: Telecom operator Bharti Airtel has denied claims of a data breach on its servers, describing the allegations as a desperate attempt to tarnish its reputation. The company has not found any evidence to support the claims. Source: gadgets360.com
3. Nearly 10 billion passwords stolen by hackers — how to protect yourself: A massive data breach, dubbed RockYou2024, has resulted in nearly 10 billion passwords being stolen by hackers. The article provides advice on how to protect yourself from such breaches. Source: tomsguide.com
4. Some Data Is 'Breached' During a Hacking Attack on the Alabama Education Department: The Alabama Education Department has experienced a hacking attempt, resulting in some data being breached. The state's education superintendent confirmed the incident. Source: securityweek.com
5. OpenAI Data Breach: Hackers Stole Important Details About The Company In 2023: OpenAI, a leading artificial intelligence research lab, suffered a data breach in 2023, during which hackers stole important company details and plans. Source: news18.com

Security Research

1. "Cybercrime on the Rise in Odisha": Cybercrime is increasing in Odisha, with security researcher Binayak highlighting the need for more awareness and education on cybersecurity. Cyber raths are being used to sensitize people on cybersecurity. Source: Times of India
2. "AWS patches worrying security flaw": AWS has patched a security flaw that could have led to account hijacking. The flaw was found in Managed Workflows for Apache Airflow, which were susceptible to XSS attacks, according to researchers. Source: MSN
3. "Microsoft: 'Skeleton Key' Attacks Consistently Jailbreak AI Models": Microsoft has reported that 'Skeleton Key' attacks can consistently jailbreak AI models, allowing users to ask forbidden questions. This poses a significant security risk and highlights the need for researchers trained in ethics and safety. Source: CPO Magazine
4. "Post-Quantum Cryptography Industry Research": A study on the Post-Quantum Cryptography Industry has been conducted, featuring companies such as AMD evolutionQ, ARM, Blackberry OnBoard Security, Cisco, Isara, Microsoft Research, Infineon, and PQ Solution lmt. Source: Portsmouth Daily Times
5. "Passkey implementations by Google, Amazon, Microsoft vulnerable to AitM attacks": Principal security researcher Joe Stewart at eSentire's Threat Response Unit has reviewed the implementation of passkey technology by Google, Amazon, and Microsoft, finding them vulnerable to AitM attacks. Source: Computing

Top CVEs

1. CVE-2024-39884 - Apache HTTP Server 2.4.60 Source Code Disclosure: A regression in Apache HTTP Server 2.4.60 can lead to source code disclosure of local content due to the server ignoring some use of the legacy content-type based configuration of handlers. Users are advised to upgrade to version 2.4.61. Source: CVE-2024-39884
2. CVE-2023-52340 - Linux Kernel IPv6 DoS: The IPv6 implementation in the Linux kernel before 6.3 has a vulnerability that can lead to a denial of service when IPv6 packets are sent in a loop via a raw connection. Source: CVE-2023-52340
3. CVE-2024-36041 - KDE Plasma Workspace Session Hijack: KSmserver in KDE Plasma Workspace allows connections based purely on the host, enabling another user on the same machine to gain access to the session manager and potentially execute arbitrary code. Source: CVE-2024-36041
4. CVE-2024-32498 - OpenStack Cinder, Glance, and Nova Arbitrary File Access: OpenStack Cinder, Glance, and Nova have a vulnerability that allows arbitrary file access via custom QCOW2 external data. This could lead to unauthorized access to potentially sensitive data. Source: CVE-2024-32498
5. CVE-2024-22277 - VMware Cloud Director Availability HTML Injection: VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication. Source: CVE-2024-22277

API Security

1. CVE-2024-39937: supOS 5.0 has a vulnerability that allows directory traversal for reading via the api/image/download?fileName=../ endpoint. This could potentially allow an attacker to access sensitive information. Source: vulners.com
2. CVE-2024-6507: This vulnerability is due to a lack of input sanitization in the ingest_kaggle() function when ingesting a remote Kaggle dataset. This could potentially allow an attacker to inject malicious commands. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found the information valuable and actionable. Remember, the digital world is a battlefield and every click counts. Stay vigilant and informed to keep your data safe. If you found this newsletter helpful, don't keep it to yourself. Share it with your colleagues and friends to help them stay one step ahead of the hackers.

In the next edition, we'll continue to bring you the latest news and insights from the world of cybersecurity. Until then, stay safe and secure. Remember, in the world of cybersecurity, the only constant is change.

So, keep learning, stay vigilant, and most importantly, share knowledge. See you in the next edition of Secret CISO. Stay safe out there.