Secret CISO 8/24: TD Bank and Summit National Bank Data Breaches, USDoD Cybercriminal Group Strikes, National Public Data Leak, Cloud Migration Security Challenges
Good morning, Secret CISO readers. Today's newsletter is packed with crucial updates on the latest data breaches and security challenges. Two US banks, TD Bank and Summit National Bank, have alerted over 10,000 customers about potential data breaches. A massive data breach, believed to be orchestrated by a cybercriminal group named USDoD, has affected billions of users.
National Public Data, a background check company, is under investigation for a data breach that may have leaked a significant number of records. Meanwhile, around 1 million customers of Park n' Fly, an airport parking service, have been warned about a data breach last month. In cloud security news, TechNative discusses the challenges of responsible cloud migration and data security. On the legal front, Everest Re Unit has managed to escape a data breach class action due to lack of evidence showing the company's duty to protect information.
In a proactive move, Paris Olympic authorities have successfully battled cyberattacks, ensuring the security of the event. However, a South Florida-based data firm is facing lawsuits after a massive data breach. In research news, a strange iOS quirk has been discovered where typing four letters into your iPhone can cause it to crash. Also, Android malware has been found to use a smartphone's NFC reader to steal payment card details. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe!
Data Breaches
- 10953 Customers at Two US Banks Receive Data Breach Alerts: TD Bank and Summit National Bank have reported data breaches, according to filings with the Office of the Maine Attorney General. The banks have warned that extremely sensitive information may be at risk. Source: The Daily Hodl
- Massive Data Breach Affected Billions: A cybercriminal group named USDoD is believed to be responsible for a massive data breach affecting billions of individuals. The extent of the stolen data is still under investigation. Source: YouTube
- National Public Data Breach Probe: Representatives Nancy Mace and James Comer have launched a probe into a data breach at National Public Data, a background check company. The number of records leaked in the breach is still unknown. Source: WCIV
- Horne Data Breach Impacts Unknown Number of Consumers: On August 20, 2024, nationwide accounting firm Horne, LLP filed a notice of data breach with the Attorney General of Massachusetts. The number of consumers impacted by the breach is currently unknown. Source: JD Supra
- Park n' Fly Customers' Data Compromised: Approximately 1 million customers of airport parking service Park n' Fly have been warned that their data could have been compromised in a data breach last month. Source: Toronto Sun
Security Research
- Android Malware Steals Payment Card Details Using NFC Reader: Security researcher Lukas Stefanko has demonstrated a new Android malware that uses the smartphone's NFC reader to steal payment card details. The malware's operation was showcased in a video uploaded on YouTube. Source: Times of India
- Strange iOS Quirk Causes Crash When Typing Four Letters: An unidentified security researcher has discovered a rare bug that causes iPhones and iPads to crash when typing just four letters. The specific letters causing the crash have not been disclosed. Source: MSN
- Identity Management and Information Security News: A round-up of the latest news in identity management and information security, featuring announcements and updates from Entrust, Constellation Research, Critical Start, and more. Source: Solutions Review
- US Accuses Georgia Tech of Fraud Over Cybersecurity Protocols: The US government has filed a lawsuit against Georgia Tech, alleging that the university's cybersecurity lab committed fraud by refusing to use antivirus software. The researchers reportedly found the security protocols to be insufficient. Source: Ars Technica
- Security Experts Prioritize AI Safety Amid Evolving Risks: Security experts are focusing on assessing AI risks and applying security measures effectively. The article provides practical steps for managing these risks, led by the fundamental and applied research team. Source: GovInfoSecurity
Top CVEs
- Microsoft Edge (HTML-based) Memory Corruption (CVE-2024-38207): A memory corruption vulnerability has been identified in Microsoft Edge, potentially allowing attackers to execute arbitrary code. Microsoft is yet to release a patch. Source: vulners.com
- Stored Cross-Site Scripting in SMSEagle software (CVE-2024-37392): A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises from improper sanitization of user input in SMS messages, potentially allowing an attacker to inject malicious JavaScript code. Source: vulners.com
- Piotnet Addons For Elementor plugin for WordPress XSS (CVE-2024-5502): The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages. Source: vulners.com
- Spring-boot-loader Signature Forgery (CVE-2024-38807): Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery. Source: vulners.com
- Automad Persistent Cross-Site Scripting (CVE-2024-40111): A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the site. Source: vulners.com
API Security
- Incognito SAC Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-42834): A stored Cross-site scripting (XSS) vulnerability was identified in the customerManager API and ManageAccount_retrieve modules of the Incognito Service Activation Center User Interface (SAC UI). Version 14.11 allows remotely authenticated attackers to inject arbitrary JavaScript or HTML via the 'lastName' parameter, potentially triggering malicious JavaScript on users' browsers when viewed. Remediation lies with the vendor, who needs to sanitise the API input and the SAC UI. Source: vulners.com
- Homepage DNS Rebinding Vulnerability (CVE-2024-42364): Homepage, a highly customizable homepage with Docker and service API integrations, is vulnerable to DNS rebinding in its default setup (version 0.9.1). The lack of certificate and authentication leaves it open to attacks where an attacker can change the DNS records of their domain to the internal IP address of the homepage instance, potentially extracting a user's private information such as API keys and other private data. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We hope you found our insights and updates on the latest data breaches and cybersecurity news valuable. Remember, in the digital world, staying informed is the first step towards staying secure.
If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Together, we can create a safer digital environment for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO!