Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into the world of data breaches and their costly aftermath. Cash App is set to award $15M to users affected by a security breach, with claims open until November 2024.

Meanwhile, a historic data breach has exposed nearly 3 billion people's data, including social security numbers, rivaling the 2013 Yahoo! hack. In Canada, data breaches have cost financial services millions in 2024, with a reduction in costs attributed to 61% of companies deploying security AI and automation. Acadian Ambulance is facing multiple class action lawsuits over a data breach, while patients advance a lawsuit against Prospect Medical over a 2023 data breach.

The global average cost of a data breach reached $4.88M in 2023, with 70% of breached organizations reporting significant disruption. On the technical side, security researchers have found vulnerabilities in 5G baseband chips in phones made by Google, OPPO, OnePlus, Motorola, and Samsung. A design flaw could also allow hackers to roll back Microsoft Windows updates.

Stay tuned for more updates on data breaches, security research, and the latest vulnerabilities. Stay safe and secure!

Data Breaches

1. National Public Data Breach: A massive data breach at National Public Data allegedly exposed personal data of billions of individuals on the dark web. The breach was revealed as part of a class action lawsuit. Source: The Cyber Express
2. Acadian Ambulance Data Breach: Acadian Ambulance is facing multiple class action lawsuits following a data breach. The Daixan Team, a cyber threat group, is demanding a $7 million ransom in the aftermath of the breach. Source: 99.9 KTDY
3. Prospect Medical Data Breach: Prospect Medical is facing a lawsuit over a 2023 data breach that allegedly exposed the personal information of more than 190,000 people. The company is accused of negligently failing to protect this information. Source: Bloomberg Law News
4. Blue Ridge Rural Water Company Data Breach: Blue Ridge Rural Water Company is under investigation following a data breach. The company became aware of an unauthorized cybersecurity incident on July 23, 2024, and immediately launched an investigation. Source: Business Wire
5. South Suburban College Data Breach: South Suburban College is being investigated for a data breach that potentially exposed sensitive information, including full names, Social Security numbers, mailing addresses, and dates of birth. Source: Morningstar

Security Research

1. Hackers could spy on cell phone users by abusing 5G baseband flaws: Security researchers have discovered a dozen vulnerabilities in 5G baseband chips used in phones by Google, OPPO, OnePlus, Motorola, and Samsung. These flaws could potentially allow hackers to spy on cell phone users. Source: TechCrunch
2. Design flaw could allow hackers to roll back Microsoft Windows updates: Cybersecurity researcher Alon Leviev has identified a design flaw that could allow hackers to roll back Microsoft Windows updates. This research was presented at the annual Black Hat security conference. Source: Washington Post
3. Aqua Security Discovers Critical Vulnerabilities in Six AWS Cloud Services: Aqua Security has unveiled new research that discovered critical vulnerabilities in six AWS cloud services. These vulnerabilities could potentially be exploited by attackers. Source: Morningstar
4. Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy: Security researcher Michael Bargury has revealed that creating insecure AI assistants with Microsoft Copilot Studio is surprisingly easy, highlighting potential security concerns. Source: Dark Reading
5. Alibaba's T-Head C910 RISC-V chips blow away all security: Security researchers at the CISPA Helmholtz Center for Information Security in Germany have found serious security flaws in Alibaba's T-Head C910 RISC-V chips. Source: The Register

Top CVEs

1. CVE-2024-32927: A new security problem has been reserved by an organization or individual, details will be publicized soon. Source: vulners.com
2. CVE-2024-43044: Jenkins 2.470 and earlier versions allow agent processes to read arbitrary files from the Jenkins controller file system, posing a security threat. Source: vulners.com
3. CVE-2024-5290: A vulnerability in Ubuntu wpa_supplicant allows a local unprivileged attacker to escalate privileges by loading arbitrary shared objects. Source: vulners.com
4. CVE-2024-36130: An insufficient authorization vulnerability in the web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker to execute arbitrary commands on the underlying operating system. Source: vulners.com
5. CVE-2024-7550: A type confusion vulnerability in V8 in Google Chrome prior to 127.0.6533.99 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Source: vulners.com

API Security

1. Jenkins Remoting library arbitrary file read vulnerability: Jenkins' Remoting library, used for communication between controller and agents, has a vulnerability that allows agents to read arbitrary files from the Jenkins controller file system. This could potentially allow attackers with Agent/Connect permission to access sensitive data. The issue has been addressed in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1. Source: vulners.com
2. Apache CloudStack 4.19.1.0 network listing API vulnerability: A regression in the network listing API of Apache CloudStack 4.19.1.0 allows unauthorized list access of network details for domain admin and normal user accounts, compromising tenant isolation. Users are advised to upgrade to version 4.19.1.1 to address this issue. Source: vulners.com
3. Apache CloudStack API and secret keys vulnerability: Due to an access permission validation issue in Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts can query all registered account-users API and secret keys in an environment, including that of a root admin. This could lead to a compromise of resources integrity and confidentiality, data loss, and denial of service. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later. Source: vulners.com
4. WordPress PayPlus Payment Gateway SQL Injection: The PayPlus Payment Gateway plugin for WordPress is vulnerable to SQL injection, potentially allowing attackers to manipulate the website's database and gain unauthorized access to sensitive data. Users are advised to update the plugin to the latest version to mitigate this vulnerability. Source: vulners.com

Sponsored by Wallarm API Security Solution

Black Hat Sticker Booth #3122

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the face of ever-evolving security threats. From the massive security breach settlement by Cash App to the historic data breach affecting nearly 3 billion people, it's clear that no organization is immune.

In Canada, we see how the implementation of AI and automation in security measures has led to a reduction in breach costs. Meanwhile, multiple lawsuits are being filed against Acadian Ambulance and Prospect Medical over data breaches, highlighting the legal repercussions of inadequate data protection. On the tech front, researchers have discovered vulnerabilities in 5G baseband chips and Microsoft Windows, underscoring the need for continuous research and development in cybersecurity.

Remember, the cost of a data breach is not just financial - it can also lead to a loss of trust and reputation. So, stay informed, stay vigilant, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world.