Good morning Secret CISO readers, In today's issue, we're diving into a series of data breaches and security threats that have recently made headlines. First, we'll look at the Pandemonium Rocks music festival, which has been hit by a major data breach following the withdrawal of several headline acts. This incident has affected over 400 ticket holders, adding another layer of chaos to the already troubled event.

Next, we'll discuss two ransomware attacks that were first disclosed in April 2023, targeting Kisco Senior Living and Blackstone Valley Community Health Care. We'll explore what happened to the stolen data and the potential implications for the affected parties. In legislative news, the Bipartisan American Privacy Records Act has been introduced, marking a departure from most state privacy laws. We'll delve into what this means for data security breaches in California and beyond.

On the tech front, Tecala is strengthening its customer email security defenses with Check Point Software. We'll examine how this next-generation solution uses AI and ML to analyze potential threats. We'll also cover how companies bounce back from cybersecurity breaches, using the case of Equifax as an example. The company incurred $87.5 million in direct costs as a result of a security breach and data leak. In international news, we'll discuss the FBI's warning about Chinese hackers preparing to attack US infrastructure, and the DuneQuixote campaign targeting Middle East government entities with a complex backdoor.

Finally, we'll touch on a variety of other security incidents, including a data breach at Manchester Hospital, a class action lawsuit against AT&T over a massive data breach, and a phishing scam targeting Sterling Holidays members. Stay tuned for these stories and more in today's issue of Secret CISO.

Data Breaches

1. Pandemonium 2024 Data Breach: The Pandemonium Rocks music festival, already facing issues due to the withdrawal of several headline acts, has suffered a significant data breach. This is a second blow to the festival, with over 400 ticket holders affected. Source: 2EC and 7News
2. Kisco Senior Living Data Breach: Kisco Senior Living was listed on BlackByte's leak site with proof of claims. The stolen data affected 26,683 individuals. The breach was first disclosed in April 2023. Source: DataBreaches.net
3. AT&T Data Breach: AT&T is facing a class action lawsuit after a major data breach exposed personal information of over 70 million customers. The extent of the breach makes it one of the most significant in recent times. Source: Click2Houston
4. Manchester Hospital Data Breach: Federal officials are investigating a data breach at Manchester's Catholic Medical Center. The breach was reported last week, and the extent of the data compromised is still under investigation. Source: The Pulse of NH
5. Scots NHS Patients' Data Leak: Medical files of Scottish NHS patients have been leaked on the dark web after a data breach. The value of health records makes them a prime target for hackers. Source: Yahoo News UK

Security Research

1. Crypto-Stealing Open Source AI Bot Exposed: A security researcher identified an open-source AI bot with a hidden encrypted script that steals users' cryptocurrency. The bot's code was exposed, raising concerns about the potential misuse of AI technology. Source: CryptoTimes.
2. FBI says Chinese hackers preparing to attack US infrastructure: The FBI has warned that Chinese hackers, known as Volt Typhoon, are preparing to attack US infrastructure. This follows previous attributions of Volt Typhoon to China by private sector American technology and cybersecurity companies. Source: iTnews.
3. Global military spending surges amid war, rising tensions and insecurity: Research by SIPRI's Military Expenditure and Arms Production Programme indicates a surge in global military spending due to increasing war, tensions, and insecurity. The research highlights the changing security landscape and the impact on military aid. Source: SIPRI.
4. Security Bite: Cybercriminals take advantage of Apple Store Online's third-party pickup: At the Black Hat Asia hacking conference, researchers revealed how cybercriminals are exploiting Apple Store Online's third-party pickup feature. The criminals use stolen information to make purchases and then pick them up in-store. Source: 9to5Mac.
5. AI worm that infects computers and reads emails created by researchers: Security researchers have created an AI worm that can infect computers and read emails. The creation of this worm highlights the potential for hackers and cybercriminals to misuse AI technology. Source: MSN.

Top CVEs

1. CVE-2023-7252: The Tickera WordPress plugin, versions prior to 3.5.2.5, has a vulnerability that allows users to leak other users' information. Users are advised to update to the latest version to mitigate this risk. Source: vulners.com
2. CVE-2024-4022: A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 up to version 4.1.2.15. This issue affects an unknown functionality of the file /version.js of the component Version Data Handler, leading to information disclosure. The vendor has been contacted but has not responded. Source: vulners.com
3. CVE-2024-29733: Apache Airflow FTP Provider has an Improper Certificate Validation vulnerability. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be exploited. Users are recommended to upgrade to version 3.7.0, which fixes the issue. Source: vulners.com

Final Words

And that's a wrap for today's edition of Secret CISO. From the Pandemonium Rocks music festival's data breach to the introduction of the American Privacy Records Act, we've covered a lot of ground. We've also delved into the world of ransomware attacks, email security defenses, and the ever-evolving landscape of cybersecurity breaches. Remember, in this digital age, staying informed is your first line of defense. So, keep an eye out for our next newsletter where we'll bring you more updates from the world of cybersecurity.

If you found this information helpful, please consider sharing Secret CISO with your friends and colleagues. After all, cybersecurity is a shared responsibility. Let's work together to create a safer digital world. Stay safe and see you in the next edition!