Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the world of data breaches, AI security, and the latest vulnerabilities. We kick off with the INM data breach, where after 868 pages and €5.67 million, the reason 19 names were searched remains a mystery. Meanwhile, in the realm of AI, we explore how GenAI is being harnessed to strengthen data security against third-party risks. In the wake of a major data breach, we investigate which company is under the federal privacy commissioner's microscope. We also discuss the double-edged sword of GenAI in data security, and how third-party services can create potential openings for data breaches.

IBM's latest report highlights the rising costs of data breaches, with 70% of breached organizations reporting significant disruptions. In a proactive move, Malaysia has launched a data breach alert system to combat scammers and hackers. In the UK, data breach costs have soared to £3.58M, with malicious insider breaches being the most expensive.

On the other side of the globe, Jeonbuk National University in Korea has apologized for a personal data breach affecting over 320,000 alumni and students. In other news, we look into the case of a Colorado clerk accused of breaching election security, and the city of Columbus investigating a cybersecurity incident. Finally, we round up with the latest vulnerabilities, including a Microsoft Edge vulnerability that allows attackers to execute arbitrary code, and a new Windows backdoor that exploits BITS for stealthy communication. Stay tuned for more exclusive content and remember, knowledge is the best defense against cyber threats.

Data Breaches

1. INM Data Breach: A controversial search of 19 names in a data breach at Independent News & Media (INM) has raised questions after a €5.67 million investigation. The reason for the search remains unclear, sparking concerns about data security. Source: Irish Times
2. ADT Data Breach: A data breach at ADT, claimed by "netnsher," allegedly compromised over 30,000 records, including emails and personal details. The company has responded to the claims, but the extent of the breach is still under investigation. Source: The Cyber Express
3. Jeonbuk National University Data Breach: Jeonbuk National University (JBNU) has apologized for a personal data breach affecting more than 320,000 alumni and students. The university is taking steps to prevent future breaches and protect the personal data of its community. Source: Korea JoongAng Daily
4. Target Data Breach: Target has outlined a $10 million settlement in a data breach case. The preliminary agreement will set up a $10 million settlement fund, demonstrating the high costs of data breaches for companies. Source: Star Tribune
5. HealthEquity Data Breach: A data breach at HealthEquity Inc. may have affected up to 4.3 million customers. The breach could have been avoided with better security measures, highlighting the importance of robust data protection. Source: Westlaw Today

Security Research

1. Widespread Abuse of Free Popular VPN Alternative for Malware Delivery: Researchers have discovered a significant misuse of a popular free VPN alternative, which is being used to deliver malware. This highlights the potential risks associated with free VPN services and the need for users to be cautious. Source: TechRadar
2. New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication: Security researchers Seth Goodwin and Daniel Stepanic have discovered a new Windows backdoor, dubbed BITSLOTH, that exploits Background Intelligent Transfer Service (BITS) for stealthy communication. This highlights the need for robust security measures to prevent such exploits. Source: The Hacker News
3. Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code: A security researcher known as “gelatin dessert” reported a vulnerability in Microsoft Edge that allowed attackers to execute arbitrary code. This underscores the importance of regular software updates and patches to fix such vulnerabilities. Source: Cyber Security News
4. Showcasing the Power of ANSTO Research to Support Food Safety, Security, and Productivity: The International Joint Research Centre on Food Security (IJC-FOODSEC) organized an event showcasing the power of ANSTO research in supporting food safety, security, and productivity. This highlights the role of research in enhancing food security. Source: ANSTO
5. Project 2025's Plan for Cybersecurity Agency Threatens Election Security: The Project 2025's plan for a cybersecurity agency has raised concerns about election security. The agency has a valuable responsibility to boost accurate electoral process information, highlighting the importance of cybersecurity in ensuring fair elections. Source: Brennan Center

Top CVEs

1. CVE-2024-6990 (Google Chrome on Android): A remote attacker could potentially perform out of bounds memory access via a crafted HTML page due to uninitialized use in Dawn in Google Chrome on Android prior to 127.0.6533.88. Source: Vulners
2. CVE-2024-7255 (Google Chrome): Google Chrome prior to 127.0.6533.88 has an out of bounds read in WebTransport that allows a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Source: Vulners
3. CVE-2024-7256 (Google Chrome on Android): Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allows a remote attacker to execute arbitrary code via a crafted HTML page. Source: Vulners
4. CVE-2024-41961 (Elektra): A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an eval sink which executes the code. Source: Vulners
5. CVE-2024-7358 (Getscreen Agent): A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. The manipulation leads to the creation of a temporary file with insecure permissions. Local access is required to approach this attack. Source: Vulners

API Security

1. TCBServiSign API Vulnerability (CVE-2024-40722): A flaw in the TCBServiSign API from CHANGING Information Technology allows unauthenticated remote attackers to cause a stack-based buffer overflow, disrupting its functionality. This occurs when server-side input length is not properly validated. Source: vulners.com
2. TCBServiSign DLL Loading Vulnerability (CVE-2024-40721): The TCBServiSign API from CHANGING Information Technology has a vulnerability that allows remote attackers to cause the API to load a DLL from an arbitrary location due to improper server-side input validation. Source: vulners.com
3. HWATAIServiSign API Vulnerability (CVE-2024-40723): The HWATAIServiSign API from CHANGING Information Technology has a flaw that allows unauthenticated remote attackers to cause a stack-based buffer overflow, disrupting its functionality. This happens when server-side input length is not properly validated. Source: vulners.com
4. TCBServiSign Registry Modification Vulnerability (CVE-2024-40720): The TCBServiSign API from CHANGING Information Technology has a vulnerability that allows unauthenticated remote attackers to modify the HKEY_CURRENT_USER registry to execute arbitrary code due to improper server-side input validation. Source: vulners.com
5. Omnivise T3000 Application Server Vulnerability (CVE-2024-38878): A vulnerability in the Omnivise T3000 Application Server allows authenticated users to export diagnostic data. The corresponding API endpoint is susceptible to path traversal, allowing an attacker to download arbitrary files from the file system. Source: vulners.com

Sponsored by Wallarm API Security Solution, meet us as #3122

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the INM data breach to the rise of GenAI in data security. We've also touched on the latest investigations into major data breaches and the ongoing challenges for cybersecurity and eDiscovery professionals.

Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay safe. If you found this newsletter helpful, please consider sharing it with your friends and colleagues.

Let's work together to create a safer digital world.