Cyber Round-up
News

Cyber Round-up for 12th July

July 11, 2024

Cyber Round-up for 12th July

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Fujitsu Confirms March Cyberattack Exposed Customer Data

Fujitsu confirmed that a cyberattack in March resulted in the exposure of customer data. The attack involved sophisticated malware that spread from a single compromised computer to 49 others, evading detection and exfiltrating sensitive information. Fujitsu promptly isolated the affected systems and initiated an investigation with external experts. While no ransomware was involved, the malware managed to copy files containing personal and business-related information belonging to their customers. Fujitsu has since implemented enhanced security measures and monitoring to prevent future incidents.

For more details, you can read the full article here.

By bleepingcomputer.com

Massive Ticketmaster Data Breach Exposes Personal Information of 560 Million Customers

Ticketmaster recently notified its customers about a significant data breach that compromised the personal information of millions of users. The breach was executed by the hacker group ShinyHunters, which claims to have stolen data from 560 million customers. The compromised data includes names, addresses, phone numbers, emails, and partial credit card details. ShinyHunters is selling the stolen database on the dark web for $500,000.

The breach, which affected customers who bought tickets in North America, was discovered in late May 2024. Ticketmaster's notification to customers has been criticized for lacking detailed information. The company has advised impacted customers to monitor their bank accounts for suspicious activity and to be cautious of unsolicited messages. They are also offering a free 12-month identity monitoring service to those affected. Authorities, including the FBI and Australian National Office of Cyber Security, are investigating the incident.

For more details, you can read Ticketmaster’s full data security incident notice here.

By cybernews.com

ChatGPT macOS App Vulnerability Exposed Chat Histories in Plaintext

A flaw in the ChatGPT app for macOS left user chat histories exposed in plaintext, making them accessible to anyone with unauthorized access to the computer. Discovered by software engineer Pedro José Pereira Vieito, the issue stemmed from the app not being sandboxed and storing data in an unprotected location. OpenAI has since released a new version of the app that encrypts conversations properly. This incident underscores the importance of not rushing to adopt new software and the need for robust security measures in AI applications.

By bitdefender.com

GitLab Release Urgent Patch for Flaw Allowing Unauthorised Pipeline Jobs

GitLab has released updates to address a critical security vulnerability (CVE-2024-6385) that allows an unauthorised attacker to run pipeline jobs as an arbitrary user, affecting versions 15.8 to 17.1.1 of GitLab CE/EE. This flaw, with a CVSS score of 9.6, follows a similar issue patched last month. Additionally, GitLab fixed a medium-severity vulnerability (CVE-2024-5257) enabling developers with specific permissions to alter group namespace URLs. Users are advised to update to the latest versions: 17.1.2, 17.0.4, and 16.11.6 to mitigate these risks.

By thehackernews.com

Google Enhances Security for High-Risk Users with Passkey Support

Google is expanding its passkey support to high-risk users, including executives and members of civil society, through its Advanced Protection Program (APP). This initiative aims to enhance security by enabling passwordless authentication via passkeys, which use biometric data or PINs instead of traditional passwords. The rollout is part of a broader strategy to protect users against phishing and other cyberattacks by eliminating the vulnerabilities associated with passwords. Passkeys offer a more secure and convenient way to access accounts, as they are resistant to phishing and reduce the risk of data breaches.

This technology is already being used extensively, with over 400 million Google accounts leveraging passkeys for authentication. Google's move aligns with industry trends, as other tech giants like Apple and Microsoft also support passwordless authentication methods to enhance user security and convenience.

By darkreading.com

Microsoft Patch Tuesday: July 2024

Welcome to Ironshare’s Round-Up of Microsoft’s Patch Tuesday for July 2024! July’s instalment addresses 142 vulnerabilities, an increase from the 91 seen in June. This month brings updates for 5 critical vulnerabilities along with 2 publicly disclosed and 2 exploited in the wild.

Stay Safe, Secure and Healthy!

Edition #279 – 12th July 2024

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi