Secret CISO 9/23: Harvey Nichols, Wells Fargo, Johnson & Wales University data breaches; Security issues at Harrods; Government Cyber Defense strategies

Secret CISO 9/23: Harvey Nichols, Wells Fargo, Johnson & Wales University data breaches; Security issues at Harrods; Government Cyber Defense strategies

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches and cyberattacks that have hit major companies and institutions. Harvey Nichols, a renowned luxury retailer, has confirmed a cyberattack that resulted in customer data leakage. The company has started notifying affected customers about the breach.

In another incident, Wells Fargo Clearing Services has also suffered a data breach, exposing sensitive information. Meanwhile, Johnson & Wales University reported a data security incident in July that compromised the sensitive data of more than 20,000 individuals. The issue of third-party breaches is also under the spotlight, highlighting the dilemma of data protection.

On the government front, the Indonesian government is blaming weak passwords for a taxpayer data breach. Meanwhile, the UK, US, and Canadian defense agencies are teaming up to drive cybersecurity research, emphasizing the need for international cooperation in the face of evolving cyber threats. In the education sector, a lesson in cyber threats underlines the importance of building resilient networks. The rising number of high-profile data breaches and cyberattacks is compelling organizations to prioritize data security. Lastly, we'll look at some research and expert insights. A study finds that exposure on the dark web increases the risk of a cyberattack.

Meanwhile, OpenAI's data hunger is raising privacy concerns. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe and secure!

Data Breaches

  1. Harvey Nichols confirms cyberattack, says customer data leaked: Luxury retailer Harvey Nichols has confirmed a cyberattack that resulted in the leakage of customer data. The company has started mailing data breach notification letters to affected customers. No financial or password data was reportedly accessed. Source: TechRadar and Computing UK.
  2. Wells Fargo Clearing Services suffers data breach; Sensitive information exposed: Wells Fargo Clearing Services, operating as "First Clearing," has suffered a data breach, exposing sensitive information. The company has filed a notice of data breach with the Attorney General of Massachusetts. Source: teiss.
  3. Johnson & Wales University says data breach impacted more than 20000 individuals: Johnson & Wales University has reported a data security incident that occurred in July, compromising the sensitive data of more than 20,000 individuals. Source: teiss.
  4. Government Blames Weak Passwords for Taxpayer Data Breach: The government has blamed weak passwords and negligence in accessing the data center for a recent breach of the taxpayer identification number database. Source: Jakarta Globe.
  5. OAIC notified of highest number of data breaches in 3.5 years: The Office of the Australian Information Commissioner (OAIC) has reported the highest number of data breaches in the last three and a half years, according to the latest Notifiable data breaches report. Source: FST Media.

Security Research

  1. UK, US, and Canadian defense agencies team up to drive cybersecurity research: The UK, US, and Canadian defense agencies have joined forces to drive cybersecurity research. One joint project already underway is the Cyber Agents for Security Testing. Source: ITPro
  2. Transforming Vulnerability Data Into Actionable Security: Recent reports have shown that vulnerability exploits have significantly increased over the past few years. Research conducted by Verizon has been instrumental in transforming this data into actionable security measures. Source: Infosecurity Magazine
  3. Leak in Arc browser fixed after one day: A security researcher, known as 'xyz3va,' discovered a leak in the Arc browser and received a reward of $2,000 for the find. The issue was promptly fixed within a day. Source: Techzine Global
  4. Lookout Threat Research Tracks Mobile Attacks: Lookout threat research is helping the vendor's partners stay on top of the latest mobile security threats, providing valuable insights and strategies to combat these threats. Source: Channel Futures
  5. Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware: Chinese hackers have exploited a flaw in GeoServer to target APAC nations with EAGLEDOOR malware. This highlights the need for ongoing research and prevention strategies to combat such threats. Source: The Hacker News

Top CVEs

  1. CVE-2024-9083 SourceCodester Employee Management System XSS Vulnerability: A problematic vulnerability has been found in SourceCodester Employee Management System 1.0. This vulnerability affects an unknown part of the file /Admin/add-admin.php, leading to cross-site scripting through the manipulation of the argument txtfullname. The exploit has been publicly disclosed. Source: CVE-2024-9083
  2. CVE-2024-9093 SourceCodester Profile Registration SQL Injection: A critical vulnerability has been discovered in SourceCodester Profile Registration without Reload Refresh 1.0. This vulnerability affects an unknown part of the file del.php of the component GET Parameter Handler, leading to SQL injection through the manipulation of the argument list. The exploit has been publicly disclosed. Source: CVE-2024-9093
  3. CVE-2024-9088 SourceCodester Telecom Billing Management System Buffer Overflow: A critical vulnerability has been found in SourceCodester Telecom Billing Management System 1.0. This vulnerability affects the function login, leading to buffer overflow through the manipulation of the argument uname. The exploit has been publicly disclosed. Source: CVE-2024-9088
  4. CVE-2024-43989 Firsh Justified Image Grid SSRF Vulnerability: A Server-Side Request Forgery (SSRF) vulnerability has been found in Firsh Justified Image Grid. This issue affects Justified Image Grid versions from n/a through... Source: CVE-2024-43989
  5. CVE-2024-43996 ElementsKit Pro Path Traversal Vulnerability: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability has been found in ElementsKit ElementsKit Pro, allowing PHP Local File Inclusion. This issue affects ElementsKit Pro versions from n/a through... Source: CVE-2024-43996

API Security

  1. API Security Vulnerability in IBM Cognos Analytics: A local attacker could potentially exploit a vulnerability in IBM Cognos Analytics versions 11.2.0 to 12.0.3 and IBM Cognos Analytics Reports for iOS 11.0.0.7 to obtain sensitive information in the form of an API key. This could be used to launch further attacks. Source: Vulners.

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From Harvey Nichols' data breach to the call for stronger security measures in the face of malware, we've covered a lot of ground. It's clear that the cyber landscape is constantly evolving, and staying informed is our best defense. Remember, security isn't just about systems and software. It's about people too. The Harrods human trafficking case is a stark reminder of the human element in security. Let's not forget to look out for each other as we navigate this digital world.

Before we sign off, we'd like to leave you with a thought. In an age where data breaches are becoming increasingly common, how secure do you feel? Are you doing everything you can to protect your data and your organization? If you found today's newsletter informative, please consider sharing it with your friends and colleagues.

Let's spread the word and create a safer cyber world together. Stay safe and see you tomorrow for more updates from the world of cybersecurity.

Read more

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist,

By Secret CISO
Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Good morning, Secret CISO readers! Today's newsletter is packed with some serious security breaches and data leaks that have been making headlines. Starting off with a major security breach linked to China, U.S. wiretap systems have been targeted, compromising the networks of U.S. broadband providers. This

By Secret CISO