CISO Talk by James Azar
CyberHub Podcast
Snowflake Data Breach impacts Ticketmaster & Others, The Rise of ShinyHunters, Hugging Face Hack
0:00
Current time: 0:00 / Total time: -18:12
-18:12

Snowflake Data Breach impacts Ticketmaster & Others, The Rise of ShinyHunters, Hugging Face Hack

Today’s top cybersecurity news and the latest threats from Practicing CISO James Azar, tune in to hear how practitioners breakdown the latest to bolster their cybersecurity programs

1. Snowflake Data Breach: Massive Impact

Over the weekend, Snowflake, a cloud-based data storage platform, confirmed a significant data breach affecting over 2,000 companies. The breach is compared to the Moveit data breach in terms of size and impact, potentially becoming the largest data breach of Personally Identifiable Information (PII) in history.

Details:

  • Breach involves 2,000+ companies including major names like Anheuser Busch, Allstate, and Progressive Insurance.

  • Attackers accessed data through demo accounts not protected by Okta or MFA.

  • Compromised employee accounts and bypassed Okta protections allowed extensive data exfiltration.

  • Australian companies also affected, raising global cybersecurity concerns.

Action Points:

1. Immediate Audit: Companies using Snowflake should conduct an immediate security audit and review access controls.

2. Implement MFA: Ensure Multi-Factor Authentication (MFA) is in place for all accounts, especially demo and test environments.

2. Ticketmaster Breach: Data on the Dark Web

Ticketmaster's parent company, Live Nation Entertainment, confirmed unauthorized access to a third-party cloud database. Hackers claimed to have exfiltrated data from 560 million users, demanding $500,000 for the information.

Action Points:

1. User Notification: Inform affected users and advise them to change passwords and monitor accounts for suspicious activity.

2. Data Monitoring: Implement robust monitoring to detect and respond to data being sold or misused on the dark web.

3. Santander Bank Data Breach

Santander Bank disclosed unauthorized access to one of its databases, impacting employees and customers in Chile, Spain, and Uruguay. Hackers are selling the data for $2 million, which includes 28 million credit card numbers and other sensitive information.

Details:

  • Data breach impacts 30 million customer information and employee bank account data.

  • Hacker group Shiny Hunters is behind the breach, known for other high-profile data thefts.

Action Points:

1. Strengthen Security: Enhance security measures for databases, especially those managed by third-party providers.

2. Customer Protection: Offer credit monitoring and fraud protection services to affected customers.

4. Hugging Face Platform Compromise

AI development company Hugging Face detected unauthorized access to its Spaces platform, potentially exposing a subset of secrets. The company has taken measures to revoke compromised tokens and notify affected users.

  • Improved security by removing organizational tokens and implementing key management services.

  • Enhanced ability to identify and invalidate leaked tokens.

Action Points:

1. Token Rotation: Regularly rotate API keys and tokens to minimize exposure risks.

2. Security Updates: Stay updated with security improvements and ensure implementation of recommended measures.

5. NIST Addresses Vulnerability Backlog

NIST is addressing a backlog of over 33,000 vulnerabilities due to challenges with funding and staffing. A new contract aims to support the processing of these vulnerabilities.

Details:

  • Maryland-based Analygence awarded a contract to support vulnerability processing.

  • Efforts will start this week, focusing on using the Common Platform Enumeration process and CVSS.

Action Points:

1. Vulnerability Management: Ensure a robust process for managing and addressing vulnerabilities in your systems.

2. Engage with NIST: Stay informed about updates from NIST and integrate their recommendations into your cybersecurity strategy.

6. Docker Hub Blocks Russian Users

Docker Hub has suspended service for users in Russia, citing adherence to U.S. export control rules. This impacts Russian developers who use the platform for managing container images.

  • Block affects Russia, Cuba, Iran, North Korea, Sudan, Syria, and Russian-annexed Crimea.

  • Developers face challenges accessing services even via VPNs.

Stay tuned for more updates, and don't forget to subscribe to our podcast. Have a great day and stay cyber safe!

Leave a comment

👀 SHOW Supporters:

Today’s Episode is supported by our friends at Nudge Security free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub

This episode is brought to you by Nudge Security. Discover and categorize every SaaS app account in your organization with Nudge Security. Start your 14-day free trial now at nudgesecurity.com/cyberhub.

✅ Story Links: 

https://www.securityweek.com/snowflake-hack-impacts-ticketmaster-other-organizations/

https://www.securityweek.com/hackers-boast-ticketmaster-breach-on-relaunched-breachforums/

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/

https://www.securityweek.com/secrets-exposed-in-hugging-face-hack/

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/

https://www.cybersecuritydive.com/news/nist-vulnerability-analysis-backlog/717631/

https://therecord.media/docker-hub-suspends-services-russia

https://www.securityweek.com/information-of-hundreds-of-european-politicians-found-on-dark-web/

https://www.darkreading.com/cybersecurity-operations/allies-kenya-us-bolster-digital-security-africa

https://therecord.media/nato-article-5-cyberattacks-emily-goldman-cyber-command-cycon

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Website: https://www.cyberhubpodcast.com

👉Substack:

👉Listen here: https://linktr.ee/cyberhubpodcast   

Stay Connected With Us.

👉Rumble: https://rumble.com/c/c-1353861 

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

 =============================

About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. 

Tune in to our series of podcasts that provide everything from highlighting CISO in our CISOTalk Podcast or our signature CyberHub Podcast giving you the latest news live daily.

For Collaboration and Business inquiries, please use the contact information below:

📩 Email:  info@cyberhubpodcast.com 

Discussion about this podcast

CISO Talk by James Azar
CyberHub Podcast
Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.