Secret CISO 5/7: AI Amplifying Data Security Challenges, UK Military and Hong Kong Fire Department Data Breaches, China Accused of Hacking UK Ministry of Defence, New VPN Decloaking Attack Uncovered

Secret CISO 5/7: AI Amplifying Data Security Challenges, UK Military and Hong Kong Fire Department Data Breaches, China Accused of Hacking UK Ministry of Defence, New VPN Decloaking Attack Uncovered

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. In the spotlight today is the rising concern among data experts about the increasing data security challenges posed by artificial intelligence. A new report reveals that 80% of data experts believe AI is complicating data security, raising questions about the balance between innovation and security.

In a major data breach, the UK military personnel's payroll data has been exposed, revealing the names and bank details of thousands of serving soldiers, sailors, and air force members. The breach occurred at a third-party payroll system, and accusations are mounting against China for multiple hacking attempts targeting the Ministry of Defence staff. Meanwhile, Hong Kong's fire department reports a potential data leak, marking the third government data breach in less than a week.

Stay tuned for more updates on the latest cybersecurity trends, threats, and solutions. Stay safe and secure!

Data Breaches

  1. 80% of data experts believe AI increases data security challenges: A new report indicates that the majority of data experts believe that the rise of artificial intelligence is exacerbating data security challenges. This suggests that as AI becomes more prevalent, new strategies and measures will need to be implemented to ensure data security. Source: Security Magazine
  2. Details of UK military personnel exposed in huge payroll data breach: The personal and financial details of thousands of UK military personnel have been exposed in a significant data breach. The breach occurred at a third-party payroll system, and the UK Ministry of Defence is currently investigating the incident. Source: Stars and Stripes
  3. Hong Kong fire department reports potential data leak: The Hong Kong fire department has reported a system breach that has potentially exposed the data of over 5,000 department personnel and hundreds of residents. This marks the third government data breach in Hong Kong in less than a week. Source: Hong Kong Free Press
  4. China accused of hacking the UK Ministry of Defence in massive data breach: The Chinese state has been accused of hacking the UK Ministry of Defence, leading to a massive data breach. The breach has reportedly exposed the personal and financial details of UK military personnel. Source: ReadWrite
  5. Indian police adopt facial recognition despite risk of massive data breaches: Despite the risk of massive data breaches, Indian police have adopted facial recognition technology. A recent breach of the Tamil Nadu Police Facial Recognition Portal exposed 800,000 lines of data, including information of over 50,000 persons. Source: Biometric Update

Security Research

  1. Researchers uncover attack to 'decloak' VPN traffic: Security researchers at Leviathan Security have revealed a novel network technique that bypasses VPN encryption, potentially exposing users' internet traffic. The implications of this discovery could be significant for VPN users. Source: Telecoms Tech News
  2. New FBI Warning As Hackers Strike: Email Senders Must Do This 1 Thing: The FBI has issued a new warning following a series of attacks by APT43, a hacking group. The warning emphasizes the importance of implementing certain security measures for email senders to protect against these attacks. Source: Forbes
  3. Google Simplifies 2-Factor Authentication Setup: Google has simplified the setup process for 2-factor authentication, a move that is more important than ever in the face of increasing cybersecurity threats. The update aims to enhance user security and mitigate the risk of Man-in-the-Middle (MitM) attacks. Source: The Hacker News
  4. Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises: A new study highlights the ongoing issues of poor patching practices and the use of unencrypted protocols in businesses. These issues continue to present significant security threats and vulnerabilities. Source: IT Security Guru

Top CVEs

  1. CVE-2024-3661 - DHCP Protocol Vulnerability: The DHCP protocol, by design, does not authenticate messages, including the classless static route option (121). This allows an attacker to manipulate routes to redirect VPN traffic, potentially reading, disrupting, or modifying network traffic that was expected to be protected by the VPN. Source: CVE-2024-3661
  2. CVE-2024-34069 - Werkzeug Debugger Vulnerability: The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN. Source: CVE-2024-34069
  3. CVE-2024-3628 - EasyEvent WordPress Plugin Vulnerability: The EasyEvent WordPress plugin through 1.0.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disabled. Source: CVE-2024-3628
  4. CVE-2024-33599 - nscd Buffer Overflow Vulnerability: If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This vulnerability is only present in the nscd. Source: CVE-2024-33599
  5. CVE-2024-23706 - Reserved Vulnerability: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Source: CVE-2024-23706

API Security

  1. CVE-2024-28148 - Apache Superset Unauthorized Access: A security flaw in Apache Superset versions prior to 4.0.0 allows authenticated users to access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. Users are advised to upgrade to version 4.0.0 to mitigate this vulnerability. Source: vulners.com
  2. CVE-2023-6810 - ClickCease Click Fraud Protection Plugin Unauthorized Access: The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized data access due to an improper capability check on the get_settings function in all versions up to and including 3.2.4. This allows authenticated attackers, with author access and above, to retrieve the plugin's configured API. Source: vulners.com
  3. CVE-2024-34377 - A WP Life Video Gallery Missing Authorization: A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery has a Missing Authorization vulnerability. The details of the affected versions are not specified. Source: vulners.com
  4. CVE-2024-34378 - LeadConnector Missing Authorization: LeadConnector has a Missing Authorization vulnerability. The details of the affected versions are not specified. Source: vulners.com
  5. CVE-2024-33788 - Linksys E5600 Command Injection: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

That's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the increasing challenges of AI in data security to the alarming data breaches exposing military personnel details. It's clear that the cyber landscape is ever-evolving, and staying informed is our best defense. Remember, security is a shared responsibility. So, don't keep this valuable information to yourself.

Share this newsletter with your friends and colleagues to help them stay one step ahead of the cyber threats. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist,

By Secret CISO
Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Good morning, Secret CISO readers! Today's newsletter is packed with some serious security breaches and data leaks that have been making headlines. Starting off with a major security breach linked to China, U.S. wiretap systems have been targeted, compromising the networks of U.S. broadband providers. This

By Secret CISO