Secret CISO 11/25: Tesla and Banque de France Data Leaks, NOQ Group Dark Web Threat, AI in Cybersecurity Market Growth, UK's New AI Security Research Lab

Secret CISO 11/25: Tesla and Banque de France Data Leaks, NOQ Group Dark Web Threat, AI in Cybersecurity Market Growth, UK's New AI Security Research Lab

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we're diving into the dark web, where Tesla charging stations, Banque de France, and the NOQ Group have been targeted. We'll explore how these cyber attacks raise concerns about national security and the safety of sensitive data. We'll also look at the overlooked danger within organizations - insider threats. With data loss prevention solutions, security teams can monitor for unusual file transfers or downloads.

In the AI sector, we're seeing a projected growth in the cybersecurity market from $19.2B to a whopping $154.8B. As AI continues to evolve, so does its application in security measures, capturing even the most elusive cyber threats using machine learning and behavioral analysis. But it's not all smooth sailing. More than 2,000 Palo Alto Networks PAN-OS firewalls have been exploited following the disclosure and patching of two security vulnerabilities.

We'll also discuss the importance of data encryption and two-factor authentication in safeguarding online gamers, and how geopolitical strife is driving increased ransomware activity. Stay tuned for more on these stories and other top cybersecurity news. Stay safe, stay informed with Secret CISO.

Data Breaches

  1. Tesla Charging Stations, Banque de France, and NOQ Group Targeted on Dark Web: A significant data leak was discovered involving user data from Tesla EV charging stations. Unauthorized access to Banque de France systems was also reported, along with a large data leak from the NOQ Group. Source: SOCRadar
  2. Geopolitical strife drives increased ransomware activity: As different threat actors leverage each other's resources, it is crucial for organizations to ensure that they're on top of fundamental security practices to protect against increased ransomware activity driven by geopolitical strife. Source: Computer Weekly
  3. The Overlooked Danger Within: Managing Insider Threats: Data loss prevention (DLP) solutions are proving to be useful tools for security teams to monitor for unusual file transfers or downloads, helping manage the often-overlooked danger of insider threats. Source: Tripwire
  4. AI in Cybersecurity Market to Grow from $19.2B to $154.8B: The AI in cybersecurity market is projected to grow from $19.2 billion to $154.8 billion, with the cloud security segment expected to experience the highest growth. Source: The Cyber Express
  5. Finastra Confirms Breach Amid Hacker's 400GB Data Theft Claim: Finastra, a major financial software provider that serves many of the world's leading banks, is grappling with a data breach, with a hacker claiming to have stolen 400GB of data. Source: Fintech News Singapore

Security Research

  1. New Laboratory for AI Security Research: The UK has announced a new Laboratory for AI Security Research at the NATO Cyber Defence Conference. The lab aims to counter the growing threat of hostile states using AI in cyberattacks. Source: Counter Terror Business, TechCrunch
  2. Malware Exploits Avast Anti-Rootkit Driver to Bypass Security Software: Cybersecurity researchers at Trellix have identified a malicious campaign that exploits Avast driver to bypass antivirus, terminate 142 processes, and disable security protections. Source: Hackread, The Hacker News
  3. TLU Security Experts Call for Change in Security and Peace Thinking: Researchers stress the urgency of democratizing security dialogues to reflect the experiences of grassroots actors and marginalized regions. Source: ERR News
  4. Cybersecurity Flaws in IaC and PaC Tools Expose Cloud Platforms to New Attacks: Security researcher Shelly Raban highlighted cybersecurity flaws in Infrastructure as Code (IaC) and Policy as Code (PaC) tools that expose cloud platforms to new attacks. Source: The Hacker News
  5. How Hezbollah Diversified Its Funding: Security researchers Clara Broekaert and Colin P. Clarke have published a report on Hezbollah's diversified funding methods, focusing on disinformation and violent extremism. Source: Foreign Policy

Top CVEs

  1. CVE-2024-53901: A heap-based buffer overflow vulnerability has been identified in the Imager package before 1.025 for Perl. This could lead to denial of service or potentially other unspecified impacts when the trim() method is called on a crafted input. Source: CVE-2024-53901
  2. CVE-2024-53899: A command injection vulnerability has been found in virtualenv before 20.26.6. Magic template strings are not quoted correctly when replacing. This vulnerability is distinct from others previously reported. Source: CVE-2024-53899
  3. CVE-2024-11664: A critical vulnerability has been discovered in eNMS up to 4.2. The function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler is affected, leading to path traversal. The attack can be launched remotely and the exploit has been publicly disclosed. Source: CVE-2024-11664
  4. CVE-2024-53915: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is not properly validated. Source: CVE-2024-53915
  5. CVE-2024-53916: In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. This vulnerability is still under review. Source: CVE-2024-53916

API Security

  1. CVE-2024-11662 - Critical Vulnerability in OpsManage: A critical vulnerability has been discovered in welliamcao OpsManage versions 3.0.1 to 3.0.5. The flaw lies in the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the API Endpoint, leading to deserialization. The attack can be initiated remotely and the exploit is publicly disclosed. The vendor has been contacted but has not responded. Source: CVE-2024-11662
  2. CVE-2024-6538 - SSRF Vulnerability in OpenShift Console: An SSRF (Server Side Request Forgery) vulnerability has been found in OpenShift Console. This flaw allows an attacker to supply all or part of a URL to the server to query, potentially disclosing information or having other nefarious effects on the system. The /api/dev-console/proxy/internet endpoint on the OpenShift Console allows authenticated users to perform arbitrary HTTP requests. Source: CVE-2024-6538
  3. CVE-2024-11483 - Privilege Escalation in Ansible Automation Platform: A vulnerability has been discovered in the Ansible Automation Platform (AAP) that allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user’s assigned permissions, it undermines scoped access controls. Source: CVE-2024-11483

Sponsored by Wallarm API Security Solution

Final Words

That's it for today's edition of Secret CISO. We've covered a lot of ground, from the alleged data leak at Tesla EV charging stations to the unauthorized access to Banque de France systems, and the targeting of NOQ Group on the Dark Web. We've also delved into the increasing role of AI in cybersecurity and the importance of managing insider threats. Remember, in this rapidly evolving digital landscape, staying informed is your first line of defense.

So, don't forget to share this newsletter with your friends and colleagues to help them stay one step ahead of the cyber threats.

Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Welcome to today's edition of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have left hundreds of Americans eligible for a chunk of a multi-million dollar payout. We'll also explore allegations against the Department

By Secret CISO
Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know. Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised

By Secret CISO
Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Welcome to today's issue of Secret CISO, where we bring you the latest news on data breaches and security vulnerabilities. Today, we're looking at a series of data breaches impacting PowerSchool, DOGE, Mercer University, and more. Attorney General Jeff Jackson is investigating a recent data breach

By Secret CISO