Secret CISO 5/7: AI Amplifying Data Security Challenges, UK Military and Hong Kong Fire Department Data Breaches, China Accused of Hacking UK Ministry of Defence, New VPN Decloaking Attack Uncovered

Secret CISO 5/7: AI Amplifying Data Security Challenges, UK Military and Hong Kong Fire Department Data Breaches, China Accused of Hacking UK Ministry of Defence, New VPN Decloaking Attack Uncovered

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. In the spotlight today is the rising concern among data experts about the increasing data security challenges posed by artificial intelligence. A new report reveals that 80% of data experts believe AI is complicating data security, raising questions about the balance between innovation and security.

In a major data breach, the UK military personnel's payroll data has been exposed, revealing the names and bank details of thousands of serving soldiers, sailors, and air force members. The breach occurred at a third-party payroll system, and accusations are mounting against China for multiple hacking attempts targeting the Ministry of Defence staff. Meanwhile, Hong Kong's fire department reports a potential data leak, marking the third government data breach in less than a week.

Stay tuned for more updates on the latest cybersecurity trends, threats, and solutions. Stay safe and secure!

Data Breaches

  1. 80% of data experts believe AI increases data security challenges: A new report indicates that the majority of data experts believe that the rise of artificial intelligence is exacerbating data security challenges. This suggests that as AI becomes more prevalent, new strategies and measures will need to be implemented to ensure data security. Source: Security Magazine
  2. Details of UK military personnel exposed in huge payroll data breach: The personal and financial details of thousands of UK military personnel have been exposed in a significant data breach. The breach occurred at a third-party payroll system, and the UK Ministry of Defence is currently investigating the incident. Source: Stars and Stripes
  3. Hong Kong fire department reports potential data leak: The Hong Kong fire department has reported a system breach that has potentially exposed the data of over 5,000 department personnel and hundreds of residents. This marks the third government data breach in Hong Kong in less than a week. Source: Hong Kong Free Press
  4. China accused of hacking the UK Ministry of Defence in massive data breach: The Chinese state has been accused of hacking the UK Ministry of Defence, leading to a massive data breach. The breach has reportedly exposed the personal and financial details of UK military personnel. Source: ReadWrite
  5. Indian police adopt facial recognition despite risk of massive data breaches: Despite the risk of massive data breaches, Indian police have adopted facial recognition technology. A recent breach of the Tamil Nadu Police Facial Recognition Portal exposed 800,000 lines of data, including information of over 50,000 persons. Source: Biometric Update

Security Research

  1. Researchers uncover attack to 'decloak' VPN traffic: Security researchers at Leviathan Security have revealed a novel network technique that bypasses VPN encryption, potentially exposing users' internet traffic. The implications of this discovery could be significant for VPN users. Source: Telecoms Tech News
  2. New FBI Warning As Hackers Strike: Email Senders Must Do This 1 Thing: The FBI has issued a new warning following a series of attacks by APT43, a hacking group. The warning emphasizes the importance of implementing certain security measures for email senders to protect against these attacks. Source: Forbes
  3. Google Simplifies 2-Factor Authentication Setup: Google has simplified the setup process for 2-factor authentication, a move that is more important than ever in the face of increasing cybersecurity threats. The update aims to enhance user security and mitigate the risk of Man-in-the-Middle (MitM) attacks. Source: The Hacker News
  4. Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises: A new study highlights the ongoing issues of poor patching practices and the use of unencrypted protocols in businesses. These issues continue to present significant security threats and vulnerabilities. Source: IT Security Guru

Top CVEs

  1. CVE-2024-3661 - DHCP Protocol Vulnerability: The DHCP protocol, by design, does not authenticate messages, including the classless static route option (121). This allows an attacker to manipulate routes to redirect VPN traffic, potentially reading, disrupting, or modifying network traffic that was expected to be protected by the VPN. Source: CVE-2024-3661
  2. CVE-2024-34069 - Werkzeug Debugger Vulnerability: The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN. Source: CVE-2024-34069
  3. CVE-2024-3628 - EasyEvent WordPress Plugin Vulnerability: The EasyEvent WordPress plugin through 1.0.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disabled. Source: CVE-2024-3628
  4. CVE-2024-33599 - nscd Buffer Overflow Vulnerability: If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This vulnerability is only present in the nscd. Source: CVE-2024-33599
  5. CVE-2024-23706 - Reserved Vulnerability: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Source: CVE-2024-23706

API Security

  1. CVE-2024-28148 - Apache Superset Unauthorized Access: A security flaw in Apache Superset versions prior to 4.0.0 allows authenticated users to access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Users are advised to upgrade to version 4.0.0 to mitigate this vulnerability. Source: vulners.com
  2. CVE-2023-6810 - ClickCease Click Fraud Protection Plugin Unauthorized Access: The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized data access due to an improper capability check on the get_settings function in all versions up to and including 3.2.4. This allows authenticated attackers, with author access and above, to retrieve the plugin's configured API. Source: vulners.com
  3. CVE-2024-34377 - A WP Life Video Gallery Missing Authorization: A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery has a Missing Authorization vulnerability. The details of the affected versions are not specified. Source: vulners.com
  4. CVE-2024-34378 - LeadConnector Missing Authorization: LeadConnector has a Missing Authorization vulnerability. The details of the affected versions are not specified. Source: vulners.com
  5. CVE-2024-33788 - Linksys E5600 Command Injection: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the increasing challenges of AI in data security to the alarming data breaches exposing military personnel details. It's clear that the cyber landscape is ever-evolving, and staying informed is our best defense. Remember, security is a shared responsibility. So, don't keep this valuable information to yourself.

Share this newsletter with your friends and colleagues to help them stay one step ahead of the cyber threats. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Good day, Secret CISO readers! Today's newsletter is packed with critical updates on the latest cyber threats and breaches. First up, we delve into a concerning cyber breach at a university in NSW, Australia, where students' data was compromised. The incident has sparked a broader conversation about

By Secret CISO
Secret CISO 5/21: Massive Data Breaches at PNP, Oregon, MediSecure, and NJ High School; SEC Tightens Data Breach Regulations; Research on Financial Security Risks for Parents and AI Safety Prioritization

Secret CISO 5/21: Massive Data Breaches at PNP, Oregon, MediSecure, and NJ High School; SEC Tightens Data Breach Regulations; Research on Financial Security Risks for Parents and AI Safety Prioritization

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the world of data breaches, from the massive PNP data breach in the Philippines to the rising concerns over data privacy in Oregon. We also explore why health

By Secret CISO