Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news. In a massive data breach, 2.9 billion people (37.5% of the World Population) have had their personal information stolen, including Social Security numbers, full names, and current and past addresses. This breach has led to a class-action lawsuit being filed against a South Florida-based company. In other news, Tencent's Instant Messenger QQ has refuted rumors of a massive data breach by a hacker. Meanwhile, T-Mobile has been fined $60 million over alleged data breach violations.

On the research front, new standards have been introduced to protect data from quantum hackers. A new study has also revealed a loophole in digital wallet security, even if the rightful cardholder doesn't authorize the transaction.

In the world of vulnerabilities, Microsoft has tackled 88 vulnerabilities in its latest Patch Tuesday update. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. 2.9 Billion People Impacted by Massive Data Breach: In one of the largest data breaches in history, approximately 2.9 billion people had their personal information stolen, including Social Security numbers, full names, and current and past addresses. The scale of this breach is unprecedented, and the full impact is yet to be determined. Source: ABC7 News and Weather and WCVB
2. Tencent's Instant Messenger QQ Denies Data Breach Rumor: Tencent's social networking platform QQ has refuted rumors of a massive data breach by a hacker. The security department of QQ stated that the rumors were false, but the incident highlights the constant threat of cyber attacks. Source: Yicai Global
3. New Details Released in Jefferson County Clerk's Office Data Breach: The Jefferson County Clerk's Office has released new details about a data breach. While the specifics of the breach are still under investigation, it's clear that sensitive information was compromised, potentially impacting numerous individuals. Source: Wave
4. T-Mobile Fined $60 Million Over Alleged Data Breach Violations: T-Mobile has agreed to pay a $60 million settlement over allegations it failed to disclose and take action against data leaks that occurred after its merger. This incident underscores the importance of robust cybersecurity measures during corporate transitions. Source: Forbes
5. Data Breach at Change Healthcare Involves Billions of Medical Claims: A data breach at Change Healthcare has exposed billions of medical claims, including policy numbers, medical records, test results, and images. The breach also compromised billing insurance claims and payment data, highlighting the vulnerability of healthcare data. Source: WGAL

Security Research

1. RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks: Security researcher Andreas Klopsch has identified a new tool used by the RansomHub group that can deliver a variety of driver payloads depending on the threat actor's requirements. This tool is particularly concerning due to its ability to kill Endpoint Detection and Response (EDR) systems. Source: The Hacker News.
2. Gemini AI Privacy, AI Risk Repository, Russian Phishing: Troy Hunt, a renowned security researcher, has published a blog post analyzing a recent leak of 2.9 billion records. Hunt expressed skepticism about the size of the leak and discussed the implications of such a massive data breach. Source: CISO Series.
3. Microsoft Tackles 88 Vulnerabilities in Latest Patch Tuesday Update: Security researchers have highlighted seven critical and ten zero-day vulnerabilities among the 88 Common Vulnerabilities and Exposures (CVEs) addressed in Microsoft's latest Patch Tuesday update. These vulnerabilities pose significant risks to users and require immediate attention. Source: IT Brief Australia.
4. New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining: Aqua Security researcher Assaf Morag has identified a new variant of the Gafgyt botnet that targets weak SSH passwords for GPU crypto mining. This botnet is particularly concerning as it targets robust servers running on cloud-native environments. Source: The Hacker News.
5. Bridewell Research Reveals 71% of Government Organizations Hit by Ransomware Attack: According to the latest research by Bridewell, 71% of government organizations have been hit by a ransomware attack. The research surveyed 519 staff responsible for cybersecurity at U.S. CNI organizations. Source: Telecom Reseller.

Top CVEs

1. CVE-2024-7347 - NGINX Open Source and NGINX Plus Vulnerability: A vulnerability in the ngx_http_mp4_module of NGINX Open Source and NGINX Plus might allow an attacker to over-read NGINX worker memory, resulting in its termination. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Source: vulners.com
2. CVE-2024-28799 - IBM QRadar Suite Software and IBM Cloud Pak for Security Vulnerability: IBM QRadar Suite Software and IBM Cloud Pak for Security versions 1.10.12.0 through 1.10.23.0 and 1.10.0.0 through 1.10.11.0 improperly display sensitive data during back-end commands, which may result in the unexpected disclosure of this information. Source: vulners.com
3. CVE-2024-39792 - NGINX Plus MQTT Pre-Read Module Vulnerability: When NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Source: vulners.com
4. CVE-2024-5914 - Palo Alto Networks Cortex XSOAR CommonScripts Pack Vulnerability: A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration. Source: vulners.com
5. CVE-2024-27267 - IBM SDK, Java Technology Edition Vulnerability: The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. Source: vulners.com

API Security

1. CVE-2024-7628 - MStore API Vulnerability: The MStore API, a plugin for WordPress that creates native Android & iOS apps on the cloud, has an authentication bypass vulnerability in versions up to 4.15.2. This is due to loose comparison in the 'verify_id_token' function, allowing unauthenticated attackers to log in as any existing user on the site, including administrators, if they have access to an @flutter.io email address or phone number. Firebase must also be configured on the website for this vulnerability to be exploited. Source: vulners.com
2. Trix Editor XSS Vulnerability: The Trix editor, versions prior to 2.1.4, is vulnerable to cross-site scripting (XSS) when pasting malicious code. This vulnerability bypasses the fix put in place for a previous security issue. An attacker could trick a user into copying and pasting malicious code that would execute arbitrary JavaScript code within the user's session, potentially leading to unauthorized actions or sensitive information disclosure. Users are advised to upgrade to Trix editor version 2.1.4 or later, which incorporates proper sanitization of input from copied content. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from massive data breaches impacting billions of people to the latest cybersecurity research and vulnerabilities. Remember, in this digital age, staying informed is your first line of defense.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

They might appreciate the heads-up, and it's a great way to foster a culture of security awareness within your network. Stay safe, stay secure, and keep those systems locked down.

See you tomorrow in the next edition of Secret CISO!