Secret CISO 11/13: AT&T, Ticketmaster, Amazon, Hot Topic hit by massive data breaches; China's new data security proposal; Researchers uncover GitHub phishing tool

Secret CISO 11/13: AT&T, Ticketmaster, Amazon, Hot Topic hit by massive data breaches; China's new data security proposal; Researchers uncover GitHub phishing tool

Welcome to today's issue of Secret CISO, your daily source for the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have rocked major companies like AT&T, Ticketmaster, and Amazon, exposing billions of records and causing significant disruptions. In a shocking revelation, two hackers have been indicted for their role in the AT&T and Ticketmaster data breaches, which resulted in the theft of 50 billion records.

Meanwhile, Amazon has confirmed a security breach where employee data of millions was leaked, highlighting the growing risks in data security. The fallout from these breaches is far-reaching. For instance, Stop & Shop locations in Connecticut are grappling with food shortages following a data breach of its parent company. In other news, Hot Topic has suffered a data breach exposing 57 million records, marking its second data breach in the last year. Investigations are also underway into data breaches impacting over 1.5 million consumers' records at Forth and Centrex, and over 1.8 million patient records at Summit Pathology.

On the regulatory front, China is proposing a Network Identity System to enhance data security and real-name registration online. In the research sphere, we're looking at the potential data security risks for 2025, the tool creating recent GitHub phishing attacks, and how to enhance quantum security for the financial sector. Stay tuned for more updates and remember, knowledge is the first line of defense. Stay informed, stay secure.

Data Breaches

  1. AT&T and Ticketmaster Data Breach: Two hackers have been indicted for their involvement in the data breaches at AT&T and Ticketmaster, leading to the theft of 50 billion records. The indictment highlights the ongoing threat of cybercrime to large corporations. Source: Mashable
  2. Stop & Shop Data Breach: A recent cyber attack on Stop & Shop, Connecticut's largest grocery chain, has resulted in product shortages across its stores. The breach underscores the potential real-world impacts of cyber attacks on supply chains. Source: CT Insider
  3. Amazon Data Leak: Amazon has confirmed a security breach that leaked work-related details of millions of employees, including email addresses, desk phone numbers, and building locations. The incident highlights the vulnerability of even tech giants to data breaches. Source: Firstpost
  4. Hot Topic Data Breach: Fashion retailer Hot Topic has suffered a data breach exposing 57 million customer records. This is the second data breach for the company within a year, raising concerns about its data security practices. Source: Total Retail
  5. Summit Pathology Data Breach: Summit Pathology is under investigation for a data breach impacting the private personal and health information of over 1.8 million patients. The breach underscores the sensitivity of healthcare data and the need for robust security measures. Source: PR Newswire

Security Research

  1. "Immunefi suspends TrustSec amid bug bounty dispute": Immunefi, a bug bounty platform, has suspended TrustSec over a payment dispute. The critical bug, identified by security researcher jayjonah.eth, could have potentially disrupted the Evmos blockchain and all decentralized applications running on it. Source: Cointelegraph
  2. "Enhancing quantum security for the financial sector": Experts and government advisories are urging the financial sector to adopt robust encryption and global regulatory measures to enhance quantum security. The move is seen as a proactive approach to counter potential threats. Source: World Economic Forum
  3. "Research uncovers the tool creating recent GitHub phishing attacks": Security researchers have linked the recent GitHub phishing attacks to a tool called GoIssue, which they believe may be connected to the GitLoker extortion campaign. The research suggests that GoIssue is more than just a phishing tool. Source: Security Magazine
  4. "The AI lab waging a guerrilla war over exploitative AI": A security researcher at the University of Chicago has developed tools to protect images from facial recognition systems. The move is part of a broader effort to combat exploitative AI practices. Source: MIT Technology Review
  5. "China's Volt Typhoon Rebuilding Botnet": Security researchers have reported that China's Volt Typhoon botnet has re-emerged, using the same core infrastructure and techniques. The botnet is seen as a significant threat to global cybersecurity. Source: SecurityWeek

Top CVEs

  1. CVE-2024-4741 - OpenSSL API function SSL_free_buffers vulnerability: This issue arises when the OpenSSL API function SSL_free_buffers is called, potentially leading to memory corruption, crashes, or arbitrary code execution. However, only applications that directly call this function are affected. The issue is considered rare as this function is not commonly used by applications. Source: CVE-2024-4741
  2. CVE-2024-52301 - Laravel web application framework vulnerability: A vulnerability in Laravel allows users to change the environment used by the framework when handling requests if the register_argc_argv PHP directive is set to 'on'. This issue has been fixed in several versions of Laravel. Source: CVE-2024-52301
  3. CVE-2024-10684 - Kognetiks Chatbot for WordPress plugin vulnerability: This plugin is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter due to insufficient input sanitization and output escaping. This vulnerability can be exploited by unauthenticated attackers if they can trick a user into performing an action such as clicking a link. Source: CVE-2024-10684
  4. CVE-2024-11150 - WordPress User Extra Fields plugin vulnerability: This plugin is vulnerable to arbitrary file deletion due to insufficient file path validation. Unauthenticated attackers can delete arbitrary files on the server, potentially leading to remote code execution. Source: CVE-2024-11150
  5. CVE-2024-10575 - Missing Authorization vulnerability: This vulnerability can lead to unauthorized access when enabled on the network, potentially impacting connected systems. Source: CVE-2024-10575

API Security

  1. OpenSSL API Memory Access Issue (CVE-2024-4741): A potential use-after-free vulnerability has been identified in the OpenSSL API function SSL_free_buffers. This issue could lead to data corruption, crashes, or arbitrary code execution. However, only applications that directly call the SSL_free_buffers function are affected. The issue arises in two scenarios: when a record header has been processed but the full record body hasn't arrived, and when a full record has been processed but the application has only read part of the data. Source: vulners.com
  2. Matrix-js-sdk Client-side Path Traversal (CVE-2024-50336): Matrix-js-sdk versions before 34.11.0 are vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the client's homeserver. This issue has been fixed in matrix-js-sdk 34.11.1. Source: vulners.com
  3. Matrix-js-sdk Insufficient MXC URI Validation (GHSA-XVG8-M4X3-W6XR): Matrix-js-sdk before 34.11.0 has insufficient MXC URI validation, which allows for client-side path traversal. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the client's homeserver. This issue has been fixed in matrix-js-sdk 34.11.1. Source: vulners.com
  4. Icinga TLS Certificate Validation Flaw (CVE-2024-49369): Icinga, a network monitoring system, has a flaw in its TLS certificate validation that allows an attacker to impersonate both trusted cluster nodes and API users that use TLS client certificates for authentication. This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance in the face of ever-evolving cybersecurity threats. From the indictment of hackers involved in the AT&T and Ticketmaster data breaches to the ongoing investigation of data breaches impacting millions of consumers and employees, it's clear that data security should remain a top priority for all organizations. In the face of these challenges, we're also seeing proactive measures being taken to enhance data security, such as China's proposal for a Network Identity System and SentinelOne's identification of key data security risks for 2025. Remember, knowledge is power.

By staying informed about the latest developments in cybersecurity, we can better protect our organizations and ourselves from potential threats. If you found today's newsletter informative, consider sharing it with your colleagues and friends.

Together, we can create a more secure digital world. Stay safe and see you in the next edition of Secret CISO!

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO