Secret CISO 8/20: National Public Data (finally) confirms massive SSN breach, Columbus city data on dark web, Researchers expose Azure Kubernetes flaw, Unmask Styx Stealer's fatal error

Secret CISO 8/20: National Public Data (finally) confirms massive SSN breach, Columbus city data on dark web, Researchers expose Azure Kubernetes flaw, Unmask Styx Stealer's fatal error

Subject: Secret CISO Daily - Is Your SSN Exposed in the National Public Data Breach? Hello there, In today's edition of Secret CISO, we're diving deep into the alarming National Public Data (NPD) breach that has potentially exposed 2.9 billion records, including Social Security numbers. Two cybersecurity firms have launched websites to help you determine if your personal information was compromised in this massive breach. We'll guide you on how to use these resources and what steps to take if you find your data has been exposed.

We're also shedding light on the seven crucial actions you should take after a data breach, as recommended by Forbes. From credit freezes to monitoring, these steps can help safeguard your identity and protect your data. In other news, the DNC faced a security breach that prompted a quick police response. We'll discuss the details of this incident and its implications.

We'll also touch upon the latest cybersecurity research, including a critical security flaw in Azure Kubernetes Services and how a hacker's slip led to an intelligence treasure trove. Stay tuned for expert advice on data security, updates on the latest lawsuits following massive data breaches, and insights into the compliance burden of customer identification program rules. Remember, in the world of cybersecurity, knowledge is power.

Data Breaches

  1. National Public Data Breach: Two cybersecurity firms have launched websites to help individuals determine if their personal information, including Social Security numbers, was exposed in the National Public Data breach. The breach reportedly exposed 2.9 billion records. Source: PCMag and eSecurity Planet
  2. DNC Security Breach: A security fence was knocked down during protests outside the Democratic National Convention, prompting a quick response from police. The incident has raised concerns about the security measures in place at the convention. Source: YouTube
  3. Carespring Healthcare Management Data Breach: Carespring Healthcare Management filed a notice of data breach with the Attorney General of Maine on August 15, 2024. The details of the breach and the number of individuals affected have not been disclosed. Source: JDSupra
  4. Columbus Cyberattack: The city of Columbus confirmed that names, addresses, and some social security numbers are on the dark web following a cyberattack. The extent of the breach and the number of individuals affected are still under investigation. Source: 10tv.com
  5. Florida Firm Data Breach: A Florida-based data firm is facing multiple class-action lawsuits following disclosures that a breach might have compromised personal data. The details of the breach and the number of individuals affected have not been disclosed. Source: Government Technology

Security Research

  1. Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters: Researchers have discovered a critical security flaw in Azure Kubernetes Services that could potentially compromise cluster credentials. Microsoft has been alerted and is taking steps to address the issue. Source: The Hacker News.
  2. Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove: A significant operational security lapse by the Styx Stealer developer during debugging led to the leak of sensitive information, providing a wealth of intelligence for CPR. Source: Global Security Mag.
  3. RansomHub observed using malware tool to switch off endpoint protection: Security researchers have discovered that RansomHub is using a malware tool to disable endpoint protection, shedding light on a portion of the cybercriminal's tactics. Source: Cyber Daily.
  4. Background Check Firm National Public Data Confirms Breach: National Public Data, a background check firm, has confirmed a data breach that exposed sensitive information such as Social Security numbers and mailing addresses. Source: BankInfoSecurity.
  5. The PSTI Act: Countdown to the UK's new product security legislation begins: The new PSTI Act in the UK requires manufacturers to establish a contact point for reporting vulnerability information from external researchers, enhancing product security. Source: PwC.

Top CVEs

  1. "RadioExt.cpp Use After Free Vulnerability (CVE-2024-32927)": A potential use after free vulnerability due to improper locking has been identified in sendDeviceState_1_6 of RadioExt.cpp. This could lead to local privilege escalation without any additional execution privileges or user interaction. Source: CVE-2024-32927
  2. "GiveWP – Donation Plugin PHP Object Injection (CVE-2024-5932)": The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection via the 'give_title' parameter. This vulnerability could allow unauthenticated attackers to inject a PHP Object and execute code remotely. Source: CVE-2024-5932
  3. "Autodesk AutoCAD Out-of-Bounds Write Vulnerability (CVE-2024-7305)": A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. This vulnerability could allow a malicious actor to cause a crash, read sensitive data, or execute arbitrary code. Source: CVE-2024-7305
  4. "FastAdmin Path Traversal Vulnerability (CVE-2024-7928)": A problematic vulnerability has been found in FastAdmin up to 1.3.3.20220121. The manipulation of the 'lang' argument leads to path traversal. The attack may be launched remotely. Upgrading to version 1.3.4.20220530 can address this issue. Source: CVE-2024-7928
  5. "Scott Paterson Easy PayPal Buy Now Button Open Redirect (CVE-2024-43236)": An 'Open Redirect' vulnerability has been identified in Scott Paterson Easy PayPal Buy Now Button. This issue affects Easy PayPal Buy Now Button versions up to and including n/a. Source: CVE-2024-43236

API Security

  1. Umbraco CMS Vulnerability (CVE-2024-43376): Umbraco, an ASP.NET CMS, has been found to have a vulnerability in its Management API. Certain endpoints can return stack trace information even when not in debug mode, potentially exposing sensitive information. This issue has been addressed in recent updates. Source: vulners.com.
  2. demozx gf_cms Vulnerability (CVE-2024-8005): A critical vulnerability has been discovered in demozx gf_cms versions 1.0/1.0.1. The issue lies in the JWT Authentication component, specifically the function init of the file internal/logic/auth/auth.go. This vulnerability allows for the manipulation of hard-coded credentials and can be exploited remotely. Upgrading to version 1.0.2 addresses this issue. Source: vulners.com.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the alarming data breaches exposing billions of records to the latest cybersecurity research. Remember, knowledge is power, and staying informed is the first step in protecting your digital assets.

If you've found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO!

Read more

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Secret CISO 4/2: Lucid PhaaS Targets 88 Countries, Data Breaches at AOD Federal Credit Union and Lee University, Oracle Denies Massive Breach, Twitter Faces Historic Data Leak, Researchers Warn of North Korea's Cyber Tactics

Hello there, In today's issue of Secret CISO, we're diving into the world of data breaches and cyber security incidents that have been making headlines. First off, we're looking at the Lucid PhaaS that has hit 169 targets in 88 countries using iMessage and

By Secret CISO
Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Secret CISO 4/1: Oracle's Patient Data Breach, APIsec's Security Lapse, Cherokee School District and PowerSchool Data Breaches, Hi-School Pharmacy's Settlement, Security Research on WordPress and Oracle Cloud

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and security lapses that have left companies and institutions scrambling to secure their systems. First on our list is API testing

By Secret CISO
Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Secret CISO 3/31: Signal Chat Leak Exposes US Military Info, Nine Entertainment and Sam's Club Face Data Breaches, 23andMe Bankruptcy Leaves Genetic Data in Limbo, Oracle Health Warns of Info Leak

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the recent Signal chat leak that exposed sensitive US military information. A RUSI expert weighs in on the implications of this breach and raises questions about

By Secret CISO