Secret CISO 9/13: Fortinet's 440GB data breach, Transport for London's customer data theft, AI security insights from Darktrace, and the latest cybersecurity research
Welcome to today's issue of Secret CISO, where we bring you the latest and most impactful cybersecurity news. Today, we're focusing on a series of data breaches that have rocked the security world. First up, Fortinet, one of the world's largest security companies, has confirmed a data breach.
The hacker claims to have stolen a whopping 440GB of files. This breach has serious implications, not only for Fortinet but also for its customers whose data may have been compromised. In other news, Transport for London has also confirmed a data breach, with affected customers receiving personalized notifications about the incident. This breach highlights the growing threat to public infrastructure and the need for robust cybersecurity measures.
Meanwhile, the Government Service Insurance System (GSIS) in the Philippines is investigating a data breach, demonstrating that even government agencies are not immune to these attacks. On a different note, we'll also delve into an interview with Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, exploring her career path in AI security. Finally, we'll touch on a report that companies leveraging security AI and automation reported average savings of $2.22M in data breach costs. This underlines the importance of investing in advanced security technologies. Stay tuned for more details on these stories and other important cybersecurity updates.
Data Breaches
- Winter Data Breach at Iowa State University: A potential security breach at Iowa State University could have impacted some employees. The university's systems were not directly affected, but there is uncertainty regarding the impact on vendors. Source: Iowa State University News
- Lehigh Valley Health Network Data Breach: A lawsuit against Lehigh Valley Health Network over a Blackcat ransomware attack has been settled for $65 million. The attack led to the publication of nude images of patients. Source: Lehigh Valley Live
- Fortinet Data Breach: Cybersecurity giant Fortinet disclosed a data breach affecting its Asia-Pacific customers. The breach was caused by a third-party security incident. Source: Techzine
- ICBC London Ransom: Hackers claim to have ransomed ICBC London and stolen 6.6TB of data. If true, this could have severe implications for customers and their financial data. Source: Reuters
- Turkish Personal Data Breach: Turkish Transport and Infrastructure Minister Abdulkadir Uraloğlu denied allegations of a new data breach affecting millions but confirmed an earlier leak. The breach reportedly originated from the health system during the pandemic. Source: Daily Sabah
Security Research
- New Android Warning As Hackers Install Backdoor On 1.3 Million TV Boxes: Russian antivirus vendor Dr Web has discovered a malware campaign, named Vo1d, that is installing backdoors on Android TV boxes. The scale of the attack is significant, with an estimated 1.3 million devices affected. Source: Forbes
- Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw: A critical flaw in Progress WhatsUp Gold was exploited within hours of the Proof of Concept (PoC) release. The rapid exploitation of the flaw highlights the importance of timely patch management. Source: The Hacker News
- This New Android Threat Can Grab Your 2FA Codes: A new Android malware threat targeting banking application users has been confirmed. The malware is capable of intercepting two-factor authentication (2FA) codes, posing a significant threat to financial security. Source: Forbes
- UN-backed cyber security report highlights global shortfalls in preparedness: A UN-backed report has highlighted significant global shortfalls in cyber security preparedness. The report particularly flags Africa as a region with significant vulnerabilities. Source: Computer Weekly
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency: A new Linux malware campaign is exploiting Oracle Weblogic to mine cryptocurrency. The malware, named Hadooken, drops a Tsunami malware and deploys a crypto miner upon execution. Source: The Hacker News
Top CVEs
- CVE-2024-20430 - Cisco Meraki Systems Manager (SM) Agent for Windows Vulnerability: A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. Source: CVE-2024-20430
- CVE-2024-6678 - GitLab CE/EE Vulnerability: An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain conditions. Source: CVE-2024-6678
- CVE-2024-5435 - GitLab EE/CE User Password Disclosure: An issue has been discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 that discloses user password from repository mirror. Source: CVE-2024-5435
- CVE-2024-8522 - LearnPress – WordPress LMS Plugin SQL Injection: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Source: CVE-2024-8522
- CVE-2024-8529 - LearnPress – WordPress LMS Plugin SQL Injection: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Source: CVE-2024-8529
API Security
- Incorrect Access Control in whatsapp-api-js: A vulnerability in whatsapp-api-js could allow anyone using the post or verifyRequestSignature methods to handle messages improperly. This issue has been patched in version 4.0.3. Source: vulners.com
- GitLab CE/EE Dependency Proxy Credentials Retention: An issue in GitLab CE/EE from versions 16.5 to 17.3.2 allows dependency proxy credentials to be retained in graphql. Source: vulners.com
- Improper Input Validation in GitLab EE/CE: A vulnerability in GitLab EE/CE from versions 16.9.7 to 17.3.2 allows an attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is used. Source: vulners.com
- Improper Authorization in Ansible Automation Controller: An improper authorization flaw in the Ansible Automation Controller allows an attacker using the k8S API server to escalate privileges to a service. Source: vulners.com
- Open Redirect Vulnerability in GitLab EE: An issue in GitLab EE from versions 12.9 to 17.3.2 allows for an account takeover by breaking the OAuth under certain conditions. Source: vulners.com
Sponsored by Wallarm API Security Solution
Final Words
And that's a wrap for today's edition of Secret CISO. We've seen how even the largest security companies like Fortinet aren't immune to data breaches, and how crucial it is to stay vigilant and proactive in our cybersecurity efforts. Remember, the digital world is a battlefield, and we are the soldiers guarding the fort.
If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Let's spread the word and create a safer digital space for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO.