Secret CISO 7/18: Data Breaches at MarineMax, and Pueblo School District; Lax Security Fuels ID Fraud; Research on Data Protection Laws and AI-Powered Cybersecurity

Secret CISO 7/18: Data Breaches at MarineMax, and Pueblo School District; Lax Security Fuels ID Fraud; Research on Data Protection Laws and AI-Powered Cybersecurity

Welcome to today's issue of Secret CISO. We're diving into the world of data breaches, exploring how lax security practices are fueling a rise in ID fraud. From face biometrics to ID forgeries, organizations are exposing sensitive personal information, leading to a wave of breaches over the last year. We'll also look at how data protection laws have impacted security breaches and company value since their introduction in 2018. Despite reducing breaches, these laws have had a negative effect on the market value of affected firms.

In legal news, 23andMe is set to settle a class-action suit related to a 2023 data breach, while law firm Federman & Sherwood investigates MarineMax, Inc. for a recent breach. We'll also discuss the revival of data breach class actions in Canada, the FBI and CIA's investigation into a Pueblo County School District data breach, and what the Snowflake data breaches reveal about cloud security. In the retail sector, Rite Aid has had to address a cyberattack that breached the data of 2.2 million customers, and Disney's data leak raises questions about Slack's security. Finally, we'll share tips on how to protect yourself from data breaches and look at how hackers and insiders are shaping cybersecurity. Stay tuned for all this and more in today's Secret CISO.

Data Breaches

  1. Data Breach at 23andMe (new story): The genetic testing company, 23andMe, is expected to settle a class-action lawsuit related to a data breach that occurred in 2023. The details of the settlement are yet to be disclosed. Source: San Francisco Business Times
  2. Data Breach Investigation at MarineMax, Inc.: The law firm of Federman & Sherwood has initiated an investigation into MarineMax, Inc. regarding a recent data breach. The extent of the breach and the type of data compromised are currently unknown. Source: Business Wire
  3. Data Breach at Pueblo County School District: The FBI and CIA are investigating a data breach at Pueblo County School District. The district is working with cybersecurity experts to determine the scope of the breach. Source: FOX21 News Colorado
  4. Data Breach at Rite Aid: Retail pharmacy chain Rite Aid has alerted its customers to a data breach by a third party. The breach may have compromised purchasing data from 2017 to 2018, affecting 2.2 million customers. Source: Drug Topics
  5. Data Breach at Disney via Slack: A massive data breach at Disney has been linked to security failures at Slack. The extent of the breach and the type of data compromised are currently unknown. Source: TheStreet

Security Research

  1. How Hackers And Insiders Are Shaping Cybersecurity: This research highlights the evolving tactics of hackers and insiders in the cybersecurity landscape. Security researcher Patrick Wardle explains how sophisticated malware can bypass security measures to install itself on unsuspecting users' computers. Source: The Pinnacle Gazette
  2. Connect with Microsoft Security at Black Hat USA 2024: During Black Hat USA 2024, Microsoft will share its expertise in AI-powered cybersecurity operations and extensive threat intelligence research. This event will provide valuable insights into the latest cybersecurity trends and strategies. Source: Microsoft
  3. MxD Research Reveals Major Disconnect Between Perceived and Actual Cybersecurity Capabilities in US Manufacturing: This research reveals a significant gap between perceived and actual cybersecurity capabilities in the US manufacturing sector. The findings underscore the need for improved cybersecurity measures in this critical industry. Source: Dark Reading
  4. OpenAI Touts New AI Safety Research: OpenAI has showcased new research that could help researchers scrutinize AI systems for potential risks. While the company's efforts to prioritize AI safety are commendable, critics argue that more needs to be done to ensure the responsible use of AI. Source: Wired
  5. Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet: Researchers have discovered that the Russia-linked FIN7 hacker group is selling its security evasion tool, AvNeutralizer, on the darknet. The tool is used to bypass threat detection systems on victims' devices, highlighting the need for robust cybersecurity defenses. Source: The Record

Top CVEs

  1. CVE-2024-20419 - Cisco Smart Software Manager On-Prem Vulnerability: A flaw in Cisco Smart Software Manager On-Prem's authentication system could allow an unauthenticated, remote attacker to change any user's password, including administrative users. This is due to improper implementation of the password-change process. Source: CVE-2024-20419
  2. CVE-2024-20401 - Cisco Secure Email Gateway Vulnerability: A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. Source: CVE-2024-20401
  3. CVE-2024-6834 - APIML Spring Cloud Gateway Vulnerability: A vulnerability in APIML Spring Cloud Gateway leverages user privileges by unexpectedly signing proxied requests by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. Source: CVE-2024-6834
  4. CVE-2024-6535 - Skupper Console Vulnerability: A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console. Source: CVE-2024-6535
  5. CVE-2024-20435 - Cisco AsyncOS for Secure Web Appliance Vulnerability: A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. Source: CVE-2024-20435

API Security

  1. Meks Video Importer Plugin for WordPress Vulnerability (CVE-2024-6599): The Meks Video Importer plugin for WordPress, up to version 1.0.11, is susceptible to unauthorized API key modification due to a missing capability check. This allows attackers with Subscriber-level access to modify the plugin's API settings. Source: CVE-2024-6599
  2. Silverstripe/Reports API Vulnerability (CVE-2024-29885): The Silverstripe/Reports API allows any user with access to view the reports admin section to access reports via their direct URL, even if the canView() method for that report returns false. This issue has been addressed in version 5.2.3. Source: CVE-2024-29885
  3. Sylius API Vulnerability (CVE-2024-40633): A security vulnerability was discovered in the /api/v2/shop/adjustments/{id} endpoint of Sylius, an Open Source eCommerce Framework. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens, potentially accessing sensitive guest customer information. The issue is fixed in versions 1.12.19, 1.13.4 and above. Source: CVE-2024-40633
  4. Cisco Smart Software Manager On-Prem Vulnerability (CVE-2024-20419): A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. Source: CVE-2024-20419
  5. APIML Spring Cloud Gateway Vulnerability (CVE-2024-6834): A vulnerability in APIML Spring Cloud Gateway allows user privileges to be leveraged by unexpectedly signing proxied requests with Zowe's client certificate. This could allow an attacker to manage components and handle all communication, including user interactions. Source: CVE-2024-6834

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the face of ever-evolving security threats. From lax data security fueling ID fraud to the ongoing wave of data breaches, it's clear that the need for robust cybersecurity measures is more critical than ever. Remember, the first step in protecting your organization is staying informed.

So, if you found today's newsletter helpful, why not share it with your colleagues and friends? Let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO