Secret CISO 4/11: Unprecedented Surge in Data Breaches, Microsoft, Home Depot, OWASP, and AT&T Under Attack, Security Measures in Question, Latest Research on Spectre Threats and AI-Powered Security

Secret CISO 4/11: Unprecedented Surge in Data Breaches, Microsoft, Home Depot, OWASP, and AT&T Under Attack, Security Measures in Question, Latest Research on Spectre Threats and AI-Powered Security

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and updates. Today, we're diving into a series of data breaches that have hit major companies like Home Depot, Microsoft, and AT&T, affecting millions of customers and employees. We'll explore how these breaches occurred, the impact they've had, and what steps are being taken to prevent future incidents. We'll also look at the surge in US data breach reports, which have grown by a staggering 90% in the first quarter of this year. In addition, we'll discuss the importance of upgrading data breach prevention and response strategies, with insights from experts on how to enhance data security and reduce losses caused by breaches. On the research front, we'll delve into the latest findings from security researchers, including vulnerabilities in Intel CPUs and new AI-powered security capabilities from Google Cloud. We'll also highlight the work of the National Security Agency in maturing data security practices used in zero trust. Stay tuned for all this and more in today's issue of Secret CISO. Don't miss out on the latest cybersecurity news and insights!

Data Breaches

  1. Home Depot Data Breach: Home Depot suffered a data breach affecting its staff due to a mistake by a third-party SaaS vendor. The extent of the breach and the data compromised remains undisclosed. Source: Hardlines.
  2. Microsoft Data Breach: Microsoft was hit with another data breach when cybersecurity firm SOCRadar discovered that employees' credentials were stored on a server without a password. The breach's impact is still under investigation. Source: Firstpost.
  3. OWASP Data Breach: The Open Worldwide Application Security Project (OWASP) experienced a data breach due to server misconfiguration, leaking members' personal information. The organization is currently working on mitigating the impact. Source: CPO Magazine.
  4. HTW Data Breach: National valuation firm Herron Todd White was suspended from new work by the country's largest banks following a data breach. The breach's extent and the type of data compromised are yet to be revealed. Source: AFR.
  5. AT&T Data Breach: AT&T has begun the process of informing state authorities and regulators about a security breach exposing millions of customer records. The exact number of affected customers and the type of data exposed are still under investigation. Source: BBN Times.

Security Research

  1. "Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool": A cloud security researcher warns that a stolen Microsoft signing key was more powerful than initially thought, not limited to Outlook.com and Exchange Online. This raises concerns about the potential misuse of the key. Source: SecurityWeek
  2. "German defence industry welcomes paper on military research": A position paper from the German Federal Ministry of Education and Research aims to balance academic freedom and national security. This could potentially lead to new advancements in security technology. Source: Science|Business
  3. "Intel CPUs are still vulnerable to Spectre threats": Despite hardware and software updates, Intel's CPUs remain vulnerable to Spectre attacks, according to security researchers from VU Amsterdam. This highlights the ongoing challenge of securing hardware against sophisticated threats. Source: TechRadar
  4. "European Managed Security Services Industry Research, 2023 and 2024-2026": The "European Managed Security Services Growth Opportunities" report has been added to the market research offerings, indicating a growing demand for managed security services in Europe. Source: Yahoo Finance
  5. "New Homeland Security research center marks opening at University of Alaska Anchorage": The new research center aims to confront emerging threats, strengthen security infrastructure, and enhance safety through research, innovation, and collaboration. This marks a significant investment in security research in the region. Source: Anchorage Press

Top CVEs

  1. CVE-2024-31309: A DoS attack can cause Apache Traffic Server to consume excessive resources. Versions from 8.0.0 to 8.1.9 and 9.0.0 to 9.2.3 are affected. Users are recommended to upgrade to versions 8.1.10 or 9.2.4. Source: CVE-2024-31309
  2. CVE-2023-51672: A Missing Authorization vulnerability exists in FunnelKit Checkout. The specific affected versions are not mentioned. Source: CVE-2023-51672
  3. CVE-2024-27991: A Cross-site Scripting vulnerability in SupportCandy allows Stored XSS. The specific affected versions are not mentioned. Source: CVE-2024-27991
  4. CVE-2024-27988: A Cross-site Scripting vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS. The specific affected versions are not mentioned. Source: CVE-2024-27988
  5. CVE-2024-29019: ESPHome's API endpoints in the dashboard component are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to perform operations on configuration files. This vulnerability affects version 2023.12.9. Source: CVE-2024-29019

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found our coverage of the latest data breaches and cybersecurity updates insightful. Remember, in the digital world, staying informed is the first step towards staying secure. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's spread the knowledge and create a safer digital environment for everyone. Stay safe and see you tomorrow with more updates from the world of cybersecurity. Until then, keep those firewalls up! [Share Secret CISO](http://www.secretciso.com)

Read more

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Welcome to today's edition of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have left hundreds of Americans eligible for a chunk of a multi-million dollar payout. We'll also explore allegations against the Department

By Secret CISO
Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know. Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised

By Secret CISO
Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Welcome to today's issue of Secret CISO, where we bring you the latest news on data breaches and security vulnerabilities. Today, we're looking at a series of data breaches impacting PowerSchool, DOGE, Mercer University, and more. Attorney General Jeff Jackson is investigating a recent data breach

By Secret CISO