Secret CISO 1/26: CSG Systems and UK Provider Tackle Data Breach, US Justice Drops Case Against Texas Doctor, Crypto Platform NoOnes Confirms $8M Hack, Bank of America Customers Exposed, Research on Hardware Security and Cybersecurity Cooperation

Secret CISO 1/26: CSG Systems and UK Provider Tackle Data Breach, US Justice Drops Case Against Texas Doctor, Crypto Platform NoOnes Confirms $8M Hack, Bank of America Customers Exposed, Research on Hardware Security and Cybersecurity Cooperation

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into a series of data breaches and security incidents that have recently come to light. First up, CSG Systems International Inc. is actively addressing a data breach incident, reaffirming its commitment to data security and customer support. The company is also assisting with an investigation into a UK Connectivity Customer's data breach, underlining the importance of robust security measures in the face of such incidents.

In other news, the US Justice Department has dropped a case against a Texas doctor charged with leaking transgender care data. Meanwhile, a proposed Turkish law could mean prison for reporting data leaks, highlighting the global implications of data security. In the crypto world, NoOnes CEO confirms an $8M hack, several weeks after a security breach. This incident underscores the vulnerability of cryptocurrency platforms and the need for enhanced security measures.

Bank of America customers have also been exposed due to an 'unauthorized party' accessing sensitive data. This breach, which occurred in October, has put the data of at least 414 customers at risk. In the legal realm, UnitedHealth's class action settlement gets preliminary approval following allegations that a data breach impacted client info. This case serves as a reminder of the legal consequences that can follow a data breach.

Lastly, we delve into the world of security research, where experts are uncovering hidden features and vulnerabilities, and proposing solutions to boost agricultural productivity and food security. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity.

Data Breaches

  1. CSG Systems International Inc Data Breach: CSG Systems International Inc is actively supporting its customer in resolving a data breach incident. The company reaffirmed its commitment to data security and customer support. Source: GuruFocus
  2. NoOnes Crypto Platform $8M Hack: The peer-to-peer cryptocurrency trading platform NoOnes has revealed it was the victim of a significant security breach earlier this month, resulting in an $8M hack. The CEO confirmed the breach several weeks after the incident. Source: Crowdfund Insider
  3. Bank of America Customer Data Exposure: A security breach in October exposed the sensitive data of at least 414 Bank of America customers. The breach occurred when an 'unauthorized party' accessed social security numbers, names, locations, and financial data. Source: The Daily Hodl
  4. Gas Express LLC Data Breach: Gas Express LLC recently disclosed that it suffered a data breach that compromised the sensitive personal data of a number of individuals. The breach is currently under investigation by Levi & Korsinsky, LLP. Source: Business Insider
  5. UnitedHealth Group Data Breach: UnitedHealth Group reported a massive data breach impacting 190 million Americans. The breach was a result of a ransomware attack targeted at its subsidiary, Change Healthcare, in February 2024. Source: Hackread

Security Research

  1. Security Breach at D-Trust: A significant security breach at D-Trust has been exposed, highlighting the lack of legal protection for security researchers. The breach was accessed via a cyber window-dressing, raising concerns about the company's security measures. Source: Heise
  2. OpenAI Browser Takeover: OpenAI has found a way to remotely unlock, start, and track millions of devices, according to a report from TechCrunch. This discovery has raised concerns about the potential misuse of AI technology. Source: TechCrunch
  3. Hidden Waymo Feature Uncovered: Security researcher Jane Manchun Wong has discovered an unreleased feature in Waymo's technology. The implications of this hidden feature are yet to be fully understood. Source: MSN
  4. New Research Group for Hardware Security at BFH: The Institute for Cybersecurity and Engineering ICE of the Berner Fachhochschule BFH has established a new research group for hardware security. This group aims to improve the security of hardware systems. Source: All-About-Industries
  5. AMD Microcode Vulnerability: A vulnerability in AMD's microcode was revealed in a beta BIOS update. The flaw was first noticed by Tavis Ormandy, a security researcher at Google's Project Zero. Source: TechSpot

Top CVEs

  1. CVE-2024-10552 Flexmls® IDX Plugin Vulnerability: The Flexmls® IDX Plugin for WordPress is vulnerable to Stored Cross-Site Scripting, allowing authenticated attackers to inject arbitrary web scripts in pages. The vulnerability was partially patched in version 3.14.26. Source: CVE-2024-10552
  2. CVE-2024-35114 IBM Control Center Vulnerability: IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login responses. Source: CVE-2024-35114
  3. CVE-2023-38713 IBM Cloud Pak System Vulnerability: IBM Cloud Pak System could disclose sensitive information about the system that could aid in further attacks against the system. Source: CVE-2023-38713
  4. CVE-2025-0542 G DATA Management Server Vulnerability: Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations. Source: CVE-2025-0542
  5. CVE-2024-35145 IBM Maximo Application Suite Vulnerability: IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure. Source: CVE-2024-35145

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We hope you found these updates insightful and useful in your ongoing efforts to safeguard your organization's data and systems. Remember, the security landscape is constantly evolving, and staying informed is a crucial part of staying secure.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

They might find it just as valuable as you do. Let's work together to create a safer digital world for everyone.

Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Welcome to today's edition of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have left hundreds of Americans eligible for a chunk of a multi-million dollar payout. We'll also explore allegations against the Department

By Secret CISO
Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know. Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised

By Secret CISO
Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Welcome to today's issue of Secret CISO, where we bring you the latest news on data breaches and security vulnerabilities. Today, we're looking at a series of data breaches impacting PowerSchool, DOGE, Mercer University, and more. Attorney General Jeff Jackson is investigating a recent data breach

By Secret CISO