Secret CISO 8/8: ADT, Coforge, Dunn Bros. Data Breaches; McLaren Cyberattack; Belfast Trust, National Public Data Breaches; Critical Security Flaw in Safari and Google Chrome; Windows Downgrade Attack
Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're diving into a series of data breaches that have rocked the security world.
First up, ADT, the American building security giant, has confirmed a data breach after customer information was leaked on a hacking forum. In another incident, IT company Coforge received an $11-million notice from a North American client for an alleged data breach. Meanwhile, a data breach in early January may have exposed debit and credit card information for customers at more than 65 Dunn Bros. restaurants in Minnesota and seven other states.
In healthcare, McLaren confirmed a cyberattack across its 13 Michigan hospitals and physician network, while the Belfast Trust is investigating a data breach at a mental health unit. In one of the largest data breaches in history, nearly 3 billion individuals' personal information has been stolen from National Public Data. In other news, a critical security flaw in Safari and Google Chrome has been uncovered after 18 years, and researchers have discovered a new attack that downgrades Windows devices permanently. Stay tuned for more updates and remember, knowledge is the key to staying one step ahead in the cybersecurity game.
Data Breaches
- ADT confirms data breach after customer info leaked on hacking forum: American building security giant ADT confirmed a data breach after threat actors leaked allegedly stolen customer data on a hacking forum. The extent of the breach and the number of affected customers are yet to be determined. Source: Bleeping Computer
- Coforge gets $11-million notice for 'data breach' from a North American client: IT company Coforge received a $11-million notice from a North American client for an alleged data breach. The client claims indemnity related to the breach, but details about the nature of the breach are still unclear. Source: Moneycontrol
- Dunn Bros. in eight states, several Twin Cities restaurants hit by data breach: A data breach in early January may have exposed debit and credit card information for customers at more than 65 Dunn Bros. locations in Minnesota and seven other states. The company is currently investigating the incident. Source: Star Tribune
- McLaren confirms cyberattack across its 13 Michigan hospitals, physician network: McLaren Health Care confirmed a cyberattack across its 13 Michigan hospitals and physician network. The nature of the attack and its impacts are still being analyzed by the IT team and external cybersecurity experts. Source: Freep
- National Public Data Hacked: 2.9 Billion Users Personal Data Stolen: In one of the largest data breaches in history, the personal information of nearly 3 billion individuals has been stolen from National Public Data. The stolen data includes sensitive information like social security numbers. Source: Cyber Security News
Security Research
- "Critical Security Flaw in Safari and Google Chrome Uncovered After 18 Years": Security researcher Avi Lumelsky from Oligo AI has discovered a critical security flaw in Safari and Google Chrome that has reportedly been present for 18 years. The exploit, known as the "0.0.0.0-day attack", involves malicious websites potentially sending harmful content to users. Source: Mint
- "Web-Connected Industrial Control Systems Vulnerable to Attack": Researchers at Censys have revealed the current exposure of Industrial Control Systems (ICS) devices in the U.S., focusing on automation protocols and HMIs. Their findings show that nearly half of the HMIs are vulnerable to attack. Source: Security Boulevard
- "New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links": Security researcher Ashwin Vamshi has uncovered a new phishing scam that uses Google Drawings and WhatsApp shortened links. This attack is a prime example of a Living Off Trusted Sites (LoTS) threat. Source: The Hacker News
- "Critical AWS Vulnerabilities Allow S3 Attack Bonanza": Researchers at Aqua Security have discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem in AWS, where threat actors can guess the names of S3 buckets and exploit them. Source: Dark Reading
- "runZero Research Uncovers Surprising Exposures in SSH Affecting Critical Network": runZero Research has developed SSHamble, an open-source project to help security professionals identify SSH exposures and misconfigurations and enable vendors to improve their products. Source: Yahoo Finance
Top CVEs
- CVE-2024-21302: Microsoft Windows systems supporting Virtualization Based Security (VBS) are vulnerable to an elevation of privilege attack. Attackers with administrator privileges can replace current versions of Windows system files with outdated versions, reintroducing previously mitigated vulnerabilities and potentially exfiltrating data protected by VBS. Microsoft is developing a security update to mitigate this vulnerability. Source: CVE-2024-21302
- CVE-2024-38202: An elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). Microsoft is developing a security update to mitigate this threat. Source: CVE-2024-38202
- CVE-2024-43044: Jenkins 2.470 and earlier, LTS 2.452.3 and earlier versions allow agent processes to read arbitrary files from the Jenkins controller file system. Source: CVE-2024-43044
- CVE-2024-20452: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. Details will be publicized once the candidate has been publicized. Source: CVE-2024-20452
- CVE-2024-7589: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. Details will be publicized once the candidate has been publicized. Source: CVE-2024-7589
API Security
- Shopware Vulnerable to Improper Access Control: Shopware, an open commerce platform, had a vulnerability in its store-API that didn't properly consider ManyToMany associations, potentially allowing unauthorized access. This issue, which could be triggered with extensions, was present prior to versions 6.6.5.1 and 6.5.8.13. Updates have been released to patch this vulnerability. Source: CVE-2024-42354
- GitLab CE/EE Access Tokens Logged: A vulnerability has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made. Source: CVE-2024-7554
- SOAP API Handler Vulnerability: The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server. Source: CVE-2024-6893
- Jenkins Remoting Library Arbitrary File Read Vulnerability: Jenkins uses the Remoting library for communication between controller and agents. A vulnerability in this library allows agents to load classes and classloader resources from the controller, potentially enabling unauthorized access to arbitrary files from the Jenkins controller file system. This issue affects Jenkins 2.470 and earlier, LTS 2.452.3 and earlier. Source: GHSA-H856-FFVV-XVR4
Sponsored by Wallarm API Security Solution
Final Words
That's it for today's edition of Secret CISO. We've covered a lot of ground, from the data breach at ADT to the cyberattack on McLaren's Michigan hospitals. It's clear that no sector is immune to these threats, and the importance of robust data security and due diligence cannot be overstated.
Remember, staying informed is the first step in staying secure. So, don't forget to share this newsletter with your friends and colleagues to help them stay in the loop too.
Until tomorrow, stay safe and secure!