Welcome to today's edition of Secret CISO, where we unravel the latest in cybersecurity breaches and vulnerabilities, weaving them into a compelling narrative of digital defense.

In a world where data is the new gold, Google finds itself under scrutiny after a known hacker group breached its defenses, raising alarms about the tech giant's security priorities. Meanwhile, Kokomo24/7's breach highlights the fragility of sensitive health data, and a cyberattack in Georgia leaves SNAP recipients in a lurch, underscoring the real-world impact of digital threats.

Across the globe, a data leak from a Gurugram call center spirals into a massive credit card fraud, while a security researcher unveils a potential exploit in FortiWeb, threatening the sanctity of web applications. As AI systems like ChatGPT face novel threats from the "Man-in-the-Prompt" attack, Microsoft IIS Web Deploy's vulnerability reminds us of the ever-present risk of remote code execution.

In a silver lining, Google awards a record-breaking bounty for a Chrome vulnerability discovery, emphasizing the power of collective vigilance. Yet, the shadow of a critical WordPress plugin flaw looms over 70,000 sites, and concerns mount over the security of OpenAI's GPT-5.

Finally, we delve into the Linux kernel's ksmbd vulnerabilities, where recent patches aim to fortify defenses against a series of critical flaws, showcasing the relentless pursuit of security in the open-source realm.

Stay informed, stay secure, and join us as we navigate the intricate web of cybersecurity challenges and triumphs.

Data Breaches

1. Google confirms data stolen in breach by known hacker group: Google's recent data breach, orchestrated by a known hacker group, has raised significant concerns about the company's data security priorities. The breach has led to questions about whether data security is slipping down Google's list of priorities, highlighting the need for robust cybersecurity measures in tech giants. Source: WCCS AM1160 & 101.1FM
2. Kokomo24/7, provider of telehealth services for LAUSD students, reports data breach: Kokomo24/7, a telehealth service provider for LAUSD students, reported a data breach after noticing unusual activity on their network in December 2024. The breach raises concerns about the security of sensitive health information and the timeliness of breach notifications. Source: DataBreaches.net
3. Cyberattack leaves Central Georgia SNAP recipients locked out of aid: A cyberattack on the Georgia Department of Human Services has left SNAP recipients unable to access their benefits. The breach prompted the department to instruct cardholders to lock their EBT cards, causing significant disruption for beneficiaries reliant on this aid. Source: 13WMAZ
4. Data leak from Gurugram call centre leads to Rs 2.60 cr credit card fraud, 18 nabbed: A data leak from a Gurugram call centre has resulted in a significant credit card fraud amounting to Rs 2.60 crore. The breach has exposed the company's failure to protect confidential data, leading to the arrest of 18 individuals involved in the fraud. Source: The Tribune India
5. Researcher to release exploit for full auth bypass on FortiWeb: A security researcher has developed a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall. This exploit allows for full authentication bypass, raising concerns about the security of web applications using FortiWeb. Source: Bleeping Computer

Security Research

1. Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems: This research by Aviad Gispan of LayerX highlights a novel attack vector targeting AI systems like ChatGPT. The attack, termed "Man-in-the-Prompt," occurs before the AI processes the input, bypassing security controls and potentially manipulating AI outputs. Source: Security Affairs.
2. Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code: Security researcher Batuhan Er from HawkTrace discovered a critical vulnerability in Microsoft IIS Web Deploy. This flaw allows attackers to execute remote code, prompting experts to recommend immediate patching to prevent exploitation. Source: Cybersecurity News.
3. Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery: Google awarded a record-breaking $250,000 bounty to a security researcher known as "Micky" for identifying a critical remote code execution vulnerability in Chrome. This discovery underscores the importance of bug bounty programs in enhancing software security. Source: Cybersecurity News.
4. Critical WordPress Plugin Flaw Threatens 70,000 Sites: Security researcher Mikemyers identified a critical flaw in a popular WordPress plugin, potentially affecting over 70,000 websites. The vulnerability allows unauthenticated remote code execution, emphasizing the need for timely updates and security patches. Source: RS Web Solutions.
5. Cybersecurity Experts Raise Concerns Over GPT-5 Security: Researchers quickly jailbroke GPT-5, raising concerns about the security of OpenAI's latest model. Despite its advanced capabilities, experts warn that GPT-5's safety mechanisms may not be robust enough to prevent misuse. Source: vpnMentor.

Top CVEs

1. CVE-2023-3865: In the Linux kernel, a vulnerability involving ksmbd has been resolved. The issue was an out-of-bound read in smb2_write due to improper validation of hdr->NextCommand. This flaw allowed oversized smb2 write lengths, leading to potential security risks. Source: Vulners.
2. CVE-2023-3866: Another Linux kernel vulnerability in ksmbd has been addressed. This flaw involved improper validation of session id and tree id in compound requests. If the first operation was an SMB2 ECHO request, it bypassed validation, potentially causing NULL pointer dereferencing. Source: Vulners.
3. CVE-2023-3867: A vulnerability in the Linux kernel's ksmbd was fixed, which involved an out-of-bounds read in smb2_sess_setup. The issue arose when smb2 session setup was part of a compound request, leading to potential security breaches. Source: Vulners.
4. CVE-2023-32249: This Linux kernel vulnerability in ksmbd was resolved by disallowing guest users on multichannel setups. The patch returns STATUS_NOT_SUPPORTED if a binding session is attempted, enhancing security. Source: Vulners.
5. CVE-2023-32246: A racy issue in the Linux kernel's ksmbd was fixed, which involved a bug triggered by racing between closing a connection and rmmod. The lack of rcu_barrier() at module unload time led to potential unintended execution of kernel code, posing security risks. Source: Vulners.

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic as ever. From Google's data breach to the vulnerabilities in the Linux kernel, each story underscores the critical importance of staying vigilant and informed. Whether it's a tech giant or a telehealth provider, no organization is immune to the threats that loom in the digital world.

These incidents remind us of the ever-evolving tactics of cybercriminals and the need for robust security measures. As we navigate these challenges, sharing knowledge and insights becomes crucial. By staying informed and proactive, we can better protect our digital assets and personal information.

If you found today's newsletter insightful, consider sharing it with your friends and colleagues. Together, we can build a more secure digital future by spreading awareness and fostering a community of informed individuals. Stay safe, stay secure, and see you in the next edition of Secret CISO!