Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity challenges and breakthroughs shaping our digital landscape. On this November 28th, we dive into a series of alarming data breaches and vulnerabilities that underscore the ever-present threats to personal and organizational security.

In a decisive move, OpenAI has cut ties with Mixpanel following a data breach that exposed user data from its API platform, prompting a reevaluation of its security protocols. Meanwhile, Asahi, a leading Japanese beverage company, grapples with the fallout of a ransomware attack affecting 2 million individuals, raising questions about its data protection practices.

The aviation sector is not spared, as the notorious cybercriminal "ByteToBreach" is exposed for selling sensitive airline data on the dark web, highlighting the urgent need for enhanced cybersecurity measures. In a bid for restitution, Yale New Haven Health reaches an $18 million settlement after a data breach, offering compensation to affected patients.

Heritage Communities and Metrocare Services join the list of organizations announcing data breaches, while security researchers sound the alarm on vulnerabilities in Google's Antigravity tool, posing risks to app developers. The release of Wireshark Version 4.6.1 brings critical security fixes, essential for safeguarding network integrity.

Cloud security faces a new threat as vulnerabilities in Fluent Bit are uncovered, potentially impacting major cloud providers. Meanwhile, the Alan Turing Institute secures funding to develop AI tools for national security, and a flaw in Microsoft Teams' guest chat feature could allow malware delivery, bypassing existing protections.

In the realm of software vulnerabilities, Mattermost, Apache CloudStack, and Pretix face critical security issues, each posing unique risks that demand immediate attention and mitigation. As we navigate these challenges, today's newsletter serves as a reminder of the relentless vigilance required to protect our digital world.

Data Breaches

1. OpenAI Cuts Ties with Mixpanel Following API User Data Breach: OpenAI has severed its relationship with Mixpanel after a data breach at the analytics provider potentially exposed user data from OpenAI's API platform. The incident has prompted OpenAI to notify affected users and reassess its data security measures. Source: Trending Topics
2. Asahi Data Breach Impacts 2 Million Individuals: Japanese beverage company Asahi has confirmed a ransomware attack that compromised the personal information of approximately 2 million customers and employees. The breach has raised concerns about the company's data protection practices and its ability to safeguard sensitive information. Source: SecurityWeek
3. Cybercriminal 'ByteToBreach' Exposed for Selling Highly Sensitive Data from Airlines: The cybercriminal known as "ByteToBreach" has been identified as a key player in selling sensitive airline data on the dark web. This revelation highlights the ongoing threat of data breaches in the aviation sector and the need for enhanced cybersecurity measures. Source: CyberPress
4. Here's how to claim part of Yale New Haven $18M data breach settlement: Yale New Haven Health has reached an $18 million settlement following a data breach that affected its patients. Those impacted by the breach are eligible to claim part of the settlement, which aims to compensate for the unauthorized access to their personal information. Source: CT Insider
5. Data Breaches Announced by Heritage Communities & Metrocare Services: Heritage Communities and Metrocare Services have both reported data breaches that exposed sensitive information. In response, both organizations are implementing additional security measures and reviewing their data security policies to prevent future incidents. Source: HIPAA Journal

Security Research

1. Security researchers caution app developers about risks in using Google Antigravity: Security experts have identified vulnerabilities in Google's Antigravity tool, which is used for creating AI-driven agents. These vulnerabilities could pose significant risks to app developers. Google has acknowledged the issues and plans to address them publicly. Source: CSO Online.
2. Wireshark Version 4.6.1 Ready For Download & Includes Multiple Critical Security Fixes: The latest version of Wireshark, a crucial tool for network forensics and incident response, has been released with several critical security fixes. This update is essential for maintaining the security integrity of systems using Wireshark. Source: LinkedIn.
3. These worrying security flaws could put every major cloud provider at risk: Research from Oligo has uncovered vulnerabilities in Fluent Bit, a log processor used by major cloud providers. These flaws allow for log manipulation, authentication bypass, and remote code execution, posing a significant threat to cloud security. Source: TechRadar.
4. Alan Turing Institute awarded £1m to develop AI tools for national security analysts: The Alan Turing Institute has received £1 million in funding to lead a consortium focused on developing AI tools to support national security analysts. This initiative aims to enhance intelligence analysis capabilities through advanced AI research. Source: EdTech Innovation Hub.
5. Microsoft Teams Guest Chat Flaw Could Let Hackers Deliver Malware: A critical vulnerability in Microsoft Teams has been discovered, allowing attackers to bypass Defender for Office 365 protections. This flaw could enable the delivery of malware through guest chats, posing a risk to organizations using Teams. Source: GBHackers.

Top CVEs

1. Mattermost OAuth State Token Vulnerability: Mattermost versions 10.12.x to 11.0.x have a vulnerability in OAuth state token validation during OpenID Connect authentication. This flaw allows an attacker with team creation privileges to take over a user account by manipulating authentication data during the OAuth flow. The attack requires specific conditions, such as email verification being disabled and the attacker controlling two users in the SSO system. Source.
2. Apache CloudStack Code Injection Vulnerability: A code injection vulnerability exists in Apache CloudStack's admin-accessible APIs, affecting versions from 4.18.0 to 4.22.0. The vulnerability allows improper control of code generation, posing a risk of code injection. Users are advised to upgrade to versions 4.20.2 or 4.22.0, which include a fix and a new configuration flag to mitigate the risk. Source.
3. Pretix Email Placeholder Vulnerability: Pretix has a vulnerability where email placeholders can be filled with customer data, allowing HTML or Markdown formatting in attendee names to be rendered in emails. This can be exploited to inject links or formatted text, potentially leading to phishing attacks. Although strict HTML tag allow lists prevent XSS, the vulnerability can still manipulate emails to appear credible. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is as dynamic as ever. From OpenAI's decisive action against data breaches to the alarming vulnerabilities in major cloud services, the need for robust cybersecurity measures is more pressing than ever. Each story serves as a reminder of the importance of vigilance and proactive security strategies in safeguarding our digital world.

Whether it's the exposure of cybercriminals like "ByteToBreach" or the critical updates in tools like Wireshark, staying informed is your first line of defense. As we navigate these challenges, remember that knowledge is power, and sharing this knowledge can help fortify our collective defenses.

If you found today's insights valuable, consider sharing this newsletter with your friends and colleagues. Together, we can build a more secure digital future. Stay safe, stay informed, and see you in the next edition of Secret CISO!