Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity breaches and vulnerabilities that have shaken the digital world. In a day marked by significant data breaches, we delve into the investigations surrounding Figure Lending Corp and Telus Digital, both grappling with the aftermath of unauthorized access to sensitive information. As these incidents unfold, the spotlight turns to the vulnerabilities exposed in major corporations like Loblaw, underscoring the critical need for robust cybersecurity measures.

Meanwhile, the global stage is not spared, with a North Korea-linked supply chain attack impacting 100,000 sites, revealing the far-reaching consequences of cyber threats. In parallel, the "Handala Hack" research sheds light on the tactics of a notorious cyber group, offering a glimpse into the evolving landscape of cyber warfare.

On the defense front, Google Chrome's latest security update addresses 29 vulnerabilities, including critical remote code execution flaws, reminding us of the importance of timely patching. As Phishing-as-a-Service (PhaaS) gains traction, businesses are urged to bolster their defenses against these sophisticated attacks. Additionally, HackerOne warns of a widening gap in AI security testing, a concern as AI technologies become more integral to our systems.

In the realm of WordPress, a new plugin security flaw threatens 250,000 websites, highlighting the ongoing battle against vulnerabilities. From wpDiscuz's email notification flood to Libsoup's authentication flaw and Simple Ajax Chat's XSS vulnerability, today's newsletter serves as a stark reminder of the relentless pursuit of cyber resilience.

Stay informed and vigilant as we navigate these turbulent waters together, ensuring that your defenses remain as robust as ever.

Data Breaches

1. Figure Lending Corp Under Investigation for Data Breach of Nearly 1 Million User Records: Schubert Jonckheer & Kolbe LLP is investigating a data breach that led to unauthorized access to the sensitive information of at least 967,000 users. This breach has raised significant concerns about data security and privacy for the affected individuals. Source: classactionlawyers.com
2. Telus Digital hit with massive data breach: Telus Digital suffered a strategic and disciplined cyberattack, resulting in a massive data breach. The attack was optimized for maximum leverage, compromising a significant amount of personal information. Source: CSO Online
3. Canadian retail giant Loblaw notifies customers of data breach: Loblaw Companies Limited, Canada's largest food and pharmacy retailer, announced a breach of its IT network. This incident has affected numerous customers, highlighting vulnerabilities in the company's cybersecurity measures. Source: BleepingComputer
4. Hackers reportedly stole nearly 1,000TB of data from Telus Digital: Telus confirms a security incident where hackers stole nearly a petabyte of data over several months. This breach underscores the need for robust cybersecurity defenses to protect sensitive information. Source: MobileSyrup
5. Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea: A supply chain attack linked to North Korea has impacted 100,000 sites, according to Hudson Rock. The data collected by the malware has provided evidence of the attack's origins, emphasizing the global reach and impact of cyber threats. Source: SecurityWeek

Security Research

1. “Handala Hack” - Unveiling Group's Modus Operandi: This research by Check Point delves into the operations of the "Handala Hack," an online persona linked to the MOIS-affiliated group Void Manticore. The study provides insights into the group's tactics and strategies, highlighting their role in cyber operations. Source: Check Point Research.
2. Google Chrome Security Update Fixes 29 Vulnerabilities, Including Remote Code Execution Flaws: Google has released a security update for Chrome, addressing 29 vulnerabilities, including critical remote code execution flaws. This update underscores the importance of timely patching to protect users from potential exploits. Source: Cyberpress.
3. The rise of PhaaS: what businesses should know: Phishing-as-a-Service (PhaaS) is becoming increasingly prevalent, posing significant threats to businesses. This research highlights the need for organizations to enhance their defenses against these sophisticated phishing attacks. Source: IT Pro.
4. HackerOne warns of widening AI security & testing gap: HackerOne's research points to a growing gap between the deployment of AI systems and the necessary security testing. This gap poses risks as AI technologies become more integrated into critical systems. Source: IT Brief.
5. Another worrying WordPress plugin security flaw could put 250,000 websites at risk: A new security flaw in a WordPress plugin has been discovered, potentially affecting 250,000 websites. The vulnerability allows for SQL injection attacks, emphasizing the need for regular updates and security audits. Source: TechRadar.

Top CVEs

1. wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType: wpDiscuz versions prior to 7.6.47 have a vulnerability that allows unauthenticated users to trigger mass notification emails. By exploiting the checkNotificationType function, attackers can repeatedly call the wpdiscuz-ajax.php endpoint, flooding subscribers with notifications due to the absence of nonce verification, authentication checks, and rate limiting. Source.
2. Libsoup Server-Side Digest Authentication Flaw: A vulnerability in Libsoup's server-side digest authentication implementation allows remote attackers to capture and replay a single valid authentication header. This flaw in the SoupAuthDomainDigest class, which fails to properly track issued nonces or enforce the incrementing nonce-count nc attribute, enables attackers to bypass authentication and impersonate legitimate users. Source.
3. Simple Ajax Chat Plugin for WordPress - Stored Cross-Site Scripting: The Simple Ajax Chat plugin for WordPress, up to version 20260217, is vulnerable to Stored Cross-Site Scripting (XSS) via the 'c' parameter. Due to insufficient input sanitization and output escaping, unauthenticated attackers can inject arbitrary web scripts into pages, which execute whenever a user accesses an injected page. Source.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the massive data breaches at Figure Lending Corp and Telus Digital to the strategic cyber operations of the "Handala Hack," the need for robust cybersecurity measures has never been more pressing. These incidents remind us of the importance of vigilance and proactive defense strategies in safeguarding sensitive information.

In the ever-evolving world of cybersecurity, staying informed is your first line of defense. Whether it's the rise of Phishing-as-a-Service or the critical updates from Google Chrome, being aware of the latest threats and solutions is crucial. The vulnerabilities in WordPress plugins and the widening AI security gap further highlight the need for continuous learning and adaptation.

We hope you found today's insights valuable and encourage you to share this newsletter with your friends and colleagues. By spreading awareness, we can collectively strengthen our defenses against cyber threats. Stay safe, stay informed, and see you in the next edition of Secret CISO!