Secret CISO 4/2: AT&T, MarineMax, PandaBuy Data Breaches, OWASP Wiki Misconfiguration, Enhancing Security Research, XZ Utils Backdoor

Secret CISO 4/2: AT&T, MarineMax, PandaBuy Data Breaches, OWASP Wiki Misconfiguration, Enhancing Security Research, XZ Utils Backdoor

Welcome to today's issue of Secret CISO. We're diving into the deep end of data breaches, starting with the massive AT&T data breach that has compromised the personal information of 73 million customers. From full names to social security numbers, the breach has left a trail of exposed data that cybercriminals are eager to exploit. But AT&T isn't alone. MarineMax, a leading yacht retailer, and PandaBuy, a popular global shopping platform, have also fallen victim to data breaches, with customer and employee data stolen and exposed. We'll also be discussing the steps you should take if you're caught up in these breaches, and how to protect yourself in the future. Plus, we'll be looking at the latest research in cybersecurity, including a backdoor implanted in the XZ Utils in a multiyear supply chain attack, and the potential use of large language model (LLM) tools to spread non-existent software packages. Stay tuned for all this and more in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

  1. AT&T Data Breach: AT&T confirmed a massive data breach affecting 73 million customers. The breach exposed customers' full names, birthdays, social security numbers, physical and email addresses, and AT&T account details. The company is investigating the incident and offering credit monitoring for affected customers. Source: KOAA, FOX 26 Houston, Dark Reading.
  2. MarineMax Data Breach: MarineMax, one of the world's largest recreational boat and yacht retailers, disclosed a data breach following a cyberattack. The attackers stole employee and customer data, but the extent of the breach is still under investigation. Source: Bleeping Computer.
  3. PandaBuy Data Breach: Global shopping platform PandaBuy suffered a data breach, exposing the personal information of 1.3 million users. The breach was claimed by malicious threat actors. Source: Cybernews.
  4. ABC News Data Breach: ABC News reported a significant data breach that put many Americans at risk. The specifics of the breach, including the number of affected individuals and the type of compromised data, are not yet disclosed. Source: YouTube.
  5. OWASP Data Breach: The OWASP Foundation disclosed a data breach caused by a misconfiguration of its old Wiki web. The breach exposed some members' resumes online, but the full extent of the breach is still under investigation. Source: Bleeping Computer.

Security Research

  1. "Call to strengthen national security narratives - The Express Tribune": Dr Mukhtar emphasizes the need for improving the quality of research in Pakistan, highlighting the importance of data-driven, meticulously crafted research. Source: The Express Tribune
  2. "XZ Utils Backdoor Implanted in Multiyear Supply Chain Attack - Dark Reading": A researcher discovered a malware implanted in a multi-year supply chain attack, highlighting the ongoing security threats such as the Log4Shell vulnerability and the attack on SolarWinds. Source: Dark Reading
  3. "Cybercriminals Weigh Options for Using LLMs: Build It or Break? - Dark Reading": Researchers at AI security firm HiddenLayer noted that cybercriminals are weighing their options on whether to build or break LLMs, indicating a shift in cybercrime tactics. Source: Dark Reading
  4. "AT&T confirms theft of 73M records, 7.6M current customers affected | SC Media": AT&T confirmed a data leak after TechCrunch reported the findings of security researcher Sam “Chick3nman” Croley, affecting 73M records and 7.6M current customers. Source: SC Media
  5. "Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor": Security researchers released a script that allows users to scan their systems for a malicious library, following a major supply chain attack impacting Linux distributions. Source: Security Week

Top CVEs

  1. CVE-2024-1274: The My Calendar WordPress plugin before 3.4.24 has a vulnerability that allows users with a role as low as Subscriber to perform Cross-Site Scripting attacks. It's recommended to update to the latest version to mitigate this risk. Source: vulners.com
  2. CVE-2023-33111: An information disclosure vulnerability has been identified when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration. The details of the vulnerability are not fully disclosed yet. Source: vulners.com
  3. CVE-2024-26653: A vulnerability in the Linux kernel has been resolved that involved a double free error in the usb: misc: ljca component. The issue has been fixed by cleaning up the redundant kfree() in all callers and adding kfree() the passed in platform_data on errors which happen before auxiliary_device_init() succeeds. Source: vulners.com
  4. CVE-2024-20799: Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com
  5. CVE-2024-28232: The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue has been patched in version 0.4.8 but that version has not yet been uploaded to Go's package. Source: vulners.com

Final Words

And that's a wrap for today's edition of Secret CISO. We've navigated through the choppy waters of data breaches, from AT&T's massive leak to the cyberattack on MarineMax. We've also delved into the dark web, where stolen data often ends up, and explored how to protect yourself in the aftermath of a breach. Remember, knowledge is power. By staying informed, you're already one step ahead in the cybersecurity game. If you found today's newsletter helpful, why not share it with your friends and colleagues? Let's spread the word and create a safer digital world together. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist,

By Secret CISO
Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Good morning, Secret CISO readers! Today's newsletter is packed with some serious security breaches and data leaks that have been making headlines. Starting off with a major security breach linked to China, U.S. wiretap systems have been targeted, compromising the networks of U.S. broadband providers. This

By Secret CISO