Subject: Secret CISO Daily - Is Your SSN Exposed in the National Public Data Breach? Hello there, In today's edition of Secret CISO, we're diving deep into the alarming National Public Data (NPD) breach that has potentially exposed 2.9 billion records, including Social Security numbers. Two cybersecurity firms have launched websites to help you determine if your personal information was compromised in this massive breach. We'll guide you on how to use these resources and what steps to take if you find your data has been exposed.

We're also shedding light on the seven crucial actions you should take after a data breach, as recommended by Forbes. From credit freezes to monitoring, these steps can help safeguard your identity and protect your data. In other news, the DNC faced a security breach that prompted a quick police response. We'll discuss the details of this incident and its implications.

We'll also touch upon the latest cybersecurity research, including a critical security flaw in Azure Kubernetes Services and how a hacker's slip led to an intelligence treasure trove. Stay tuned for expert advice on data security, updates on the latest lawsuits following massive data breaches, and insights into the compliance burden of customer identification program rules. Remember, in the world of cybersecurity, knowledge is power.

Data Breaches

1. National Public Data Breach: Two cybersecurity firms have launched websites to help individuals determine if their personal information, including Social Security numbers, was exposed in the National Public Data breach. The breach reportedly exposed 2.9 billion records. Source: PCMag and eSecurity Planet
2. DNC Security Breach: A security fence was knocked down during protests outside the Democratic National Convention, prompting a quick response from police. The incident has raised concerns about the security measures in place at the convention. Source: YouTube
3. Carespring Healthcare Management Data Breach: Carespring Healthcare Management filed a notice of data breach with the Attorney General of Maine on August 15, 2024. The details of the breach and the number of individuals affected have not been disclosed. Source: JDSupra
4. Columbus Cyberattack: The city of Columbus confirmed that names, addresses, and some social security numbers are on the dark web following a cyberattack. The extent of the breach and the number of individuals affected are still under investigation. Source: 10tv.com
5. Florida Firm Data Breach: A Florida-based data firm is facing multiple class-action lawsuits following disclosures that a breach might have compromised personal data. The details of the breach and the number of individuals affected have not been disclosed. Source: Government Technology

Security Research

1. Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters: Researchers have discovered a critical security flaw in Azure Kubernetes Services that could potentially compromise cluster credentials. Microsoft has been alerted and is taking steps to address the issue. Source: The Hacker News.
2. Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove: A significant operational security lapse by the Styx Stealer developer during debugging led to the leak of sensitive information, providing a wealth of intelligence for CPR. Source: Global Security Mag.
3. RansomHub observed using malware tool to switch off endpoint protection: Security researchers have discovered that RansomHub is using a malware tool to disable endpoint protection, shedding light on a portion of the cybercriminal's tactics. Source: Cyber Daily.
4. Background Check Firm National Public Data Confirms Breach: National Public Data, a background check firm, has confirmed a data breach that exposed sensitive information such as Social Security numbers and mailing addresses. Source: BankInfoSecurity.
5. The PSTI Act: Countdown to the UK's new product security legislation begins: The new PSTI Act in the UK requires manufacturers to establish a contact point for reporting vulnerability information from external researchers, enhancing product security. Source: PwC.

Top CVEs

1. "RadioExt.cpp Use After Free Vulnerability (CVE-2024-32927)": A potential use after free vulnerability due to improper locking has been identified in sendDeviceState_1_6 of RadioExt.cpp. This could lead to local privilege escalation without any additional execution privileges or user interaction. Source: CVE-2024-32927
2. "GiveWP – Donation Plugin PHP Object Injection (CVE-2024-5932)": The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection via the 'give_title' parameter. This vulnerability could allow unauthenticated attackers to inject a PHP Object and execute code remotely. Source: CVE-2024-5932
3. "Autodesk AutoCAD Out-of-Bounds Write Vulnerability (CVE-2024-7305)": A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. This vulnerability could allow a malicious actor to cause a crash, read sensitive data, or execute arbitrary code. Source: CVE-2024-7305
4. "FastAdmin Path Traversal Vulnerability (CVE-2024-7928)": A problematic vulnerability has been found in FastAdmin up to 1.3.3.20220121. The manipulation of the 'lang' argument leads to path traversal. The attack may be launched remotely. Upgrading to version 1.3.4.20220530 can address this issue. Source: CVE-2024-7928
5. "Scott Paterson Easy PayPal Buy Now Button Open Redirect (CVE-2024-43236)": An 'Open Redirect' vulnerability has been identified in Scott Paterson Easy PayPal Buy Now Button. This issue affects Easy PayPal Buy Now Button versions up to and including n/a. Source: CVE-2024-43236

API Security

1. Umbraco CMS Vulnerability (CVE-2024-43376): Umbraco, an ASP.NET CMS, has been found to have a vulnerability in its Management API. Certain endpoints can return stack trace information even when not in debug mode, potentially exposing sensitive information. This issue has been addressed in recent updates. Source: vulners.com.
2. demozx gf_cms Vulnerability (CVE-2024-8005): A critical vulnerability has been discovered in demozx gf_cms versions 1.0/1.0.1. The issue lies in the JWT Authentication component, specifically the function init of the file internal/logic/auth/auth.go. This vulnerability allows for the manipulation of hard-coded credentials and can be exploited remotely. Upgrading to version 1.0.2 addresses this issue. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the alarming data breaches exposing billions of records to the latest cybersecurity research. Remember, knowledge is power, and staying informed is the first step in protecting your digital assets.

If you've found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO!