Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we'll be diving into a series of data breaches that have affected various sectors, from genetic testing companies to car rental services.

We'll start with the discovery of over 1,000 ServiceNow instances leaking corporate data, a finding made by Aaron Costello, chief of SaaS security research at AppOmni. Next, we'll discuss the aftermath of the Columbus data breach, which left 21% of city systems down and compromised the personal information of hundreds of thousands of employees and residents.

In the genetic testing sector, 23andMe has agreed to a $30 million settlement following a major data breach that exposed personal and genetic data of millions of users. We'll also touch on the launch of an online portal in Pennsylvania designed to streamline the process of reporting data breaches, and a data breach at Sibanye-Stillwater that exposed the information of over 7,000 employees. In the car rental industry, Avis Rent A Car is under investigation for a data breach impacting nearly 300,000 customers.

Lastly, we'll look at the bizarre trend of fake data breaches and how they can be just as damaging as real breaches. Stay tuned for all this and more in today's issue of Secret CISO.

Data Breaches

1. ServiceNow Instances Leaking Corporate Data: Over a thousand ServiceNow online instances were found to be unintentionally exposing corporate data. The discovery was made by Aaron Costello, chief of SaaS security research at AppOmni. Source: Bleeping Computer
2. Columbus Data Breach: A cyber attack in July compromised the personal information of hundreds of thousands of Columbus employees and residents. As a result, 21% of the city's systems are still down. Source: Dispatch
3. 23andMe Data Breach Settlement: Victims of a data breach at genetic testing company 23andMe are set to benefit from a $30 million settlement. The breach exposed personal and genetic data on the dark web. Source: KJCT
4. Stillwater Data Breach: Sibanye-Stillwater, a mining company and the operator of the only platinum and palladium mines in the U.S., has confirmed a data breach that exposed the information of 7,258 employees. Source: The Cyber Express
5. Avis Rent A Car Data Breach: Avis Rent A Car is under investigation for a data breach impacting the private information of nearly 300,000 customers. The investigation is being conducted by Schubert Jonckheer & Kolbe LLP. Source: PR Newswire

Security Research

1. Misconfigured ServiceNow Knowledge Bases Expose Confidential Information: AppOmni's chief of SaaS security research, Aaron Costello, highlighted the risks of data exposure in ServiceNow's Knowledge Base. The issue, which has been reported before in 2020, continues to pose a threat to confidential information. Source: TechRepublic
2. Surfshark's Research on Cyber Incidents in France: According to Surfshark's research, most cyber incidents in France have unidentified origins. The study also revealed that compromised accounts are often used to send phishing messages. Source: GlobalSecurityMag
3. Keysight and Autotalks' V2X Security Testing: Keysight's device security research lab, Riscure Security Solutions, successfully collaborated with Autotalks to test the security of V2X (Vehicle to Everything) communications. This research is a significant step towards ensuring the security of future automotive technologies. Source: IoT Evolution World
4. Google Cloud Platform RCE Flaw: Security researchers revealed a critical remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to execute code on millions of Google servers. The discovery underscores the importance of continuous security testing and patching in cloud environments. Source: Cyber Security News
5. China's Use of Hacking Firms for Espionage: According to Eugenio Benincasa, a senior cyber defense researcher at the Center for Security, China is leveraging powerful hacking firms to conduct its espionage activities. This research highlights the growing threat of state-sponsored cyberattacks. Source: BankInfoSecurity

Top CVEs

1. CVE-2024-21743 - Privilege Escalation in favethemes Houzez Login Register: This vulnerability allows for privilege escalation in the Houzez Login Register from an unspecified version through to the latest. The issue arises from improper handling of user privileges. Source: CVE-2024-21743
2. CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder): This vulnerability allows logged in users of Mautic to exploit Relative Path Traversal/Arbitrary File Deletion, regardless of their access level. This can lead to deletion of system files or libraries. The issue exists in the implementation of the GrapesJS builder. Source: CVE-2021-27916
3. CVE-2024-22303 - Incorrect Privilege Assignment in favethemes Houzez: This vulnerability allows for privilege escalation in the Houzez from an unspecified version through to the latest. The issue arises from incorrect assignment of user privileges. Source: CVE-2024-22303
4. CVE-2024-24968 - Improper finite state machines (FSMs) in Intel(R) Processors: This vulnerability allows a privileged user to potentially enable a denial of service via local access. The issue arises from improper handling of finite state machines (FSMs) in hardware logic. Source: CVE-2024-24968
5. CVE-2024-45496 - Misuse of elevated privileges in OpenShift: This vulnerability allows for arbitrary command execution on the worker node due to misuse of elevated privileges in the OpenShift Container Platform's build process. The issue arises from the git-clone container running with a privileged security context. Source: CVE-2024-45496

API Security

1. GitLab EE Open Redirect Vulnerability (CVE-2024-4283): GitLab EE, from version 11.1 to 17.3.2, has an open redirect vulnerability that could potentially lead to an account takeover. This issue arises under specific conditions when exploiting OAuth. Source: CVE-2024-4283.
2. ZTE Routers Stack-Based Buffer Overflow (CVE-2024-45413): Several ZTE routers have a stack-based buffer overflow vulnerability in the HTTPD binary's rsa_decrypt function. This function, an API wrapper for LUA to decrypt RSA encrypted ciphertext, stores decrypted data on the stack without checking its length, allowing an authenticated attacker to gain root access via remote code execution. Source: CVE-2024-45413.
3. Ansible Sensitive Information Exposure: Ansible has a flaw where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This happens when tasks like include_vars are used to load vaulted variables without setting the no_log: true parameter, leading to the unintentional disclosure of secrets like passwords or API keys. Source: GHSA-JPXC-VMJF-9FCJ.
4. MFASOFT Secure Authentication Server IDOR Vulnerability (CVE-2024-46937): MFASOFT Secure Authentication Server (SAS) versions 1.8.x through 1.9.x have an improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint. This allows remote attackers to gain access to user tokens without authentication via a brute-force attack on the serial parameter by number identifier. Source: CVE-2024-46937.

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from ServiceNow instances leaking corporate data to the latest data breaches impacting cities, companies, and even genetic testing services. We've also touched on the launch of new portals for reporting data breaches and the worrying trend of fake data breaches. Remember, staying informed is the first step in maintaining a robust security posture. Share this newsletter with your colleagues and friends to help them stay in the loop too.

Tomorrow, we'll dive into more security research, from the latest vulnerabilities to the most innovative solutions. Stay safe, stay secure, and see you then!