Secret CISO 1/28: Rochester School District and MGM Resorts Face Data Breaches, PowerSchool and Change Healthcare Expose Millions, Research on Cybersecurity Threats and Vulnerabilities Continues

Secret CISO 1/28: Rochester School District and MGM Resorts Face Data Breaches, PowerSchool and Change Healthcare Expose Millions, Research on Cybersecurity Threats and Vulnerabilities Continues

Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're diving into a series of data breaches that have rocked the education and healthcare sectors, and the hefty price one entertainment giant had to pay in a data breach settlement.

First up, the Rochester City School District and several school districts in Southern Idaho have issued warnings about data breaches involving student information. Meanwhile, UK telecommunications company TalkTalk has also suffered a data breach, though initial findings suggest no leak of highly sensitive personal data. In a staggering revelation, Change Healthcare has identified a ransomware group behind a security breach that has impacted a whopping 190 million victims.

On a similar note, a massive data breach at PowerSchool has affected millions of students, with sensitive records including names, addresses, Social Security numbers, and medical records being compromised. In the world of entertainment, MGM Resorts has agreed to pay $45 million in a data breach settlement, highlighting the costly consequences of data breaches. In the realm of cybersecurity research, we have updates on Apple patching an actively exploited zero-day affecting iPhones, Macs, and more. We also have news on a critical Kubernetes flaw discovered by Akamai's security research team, and a warning about toll scam texts targeting U.S. drivers.

Lastly, we have a series of updates on various CVEs, including vulnerabilities in IBM MQ Container, IBM Sterling File Gateway, and more. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, stay informed with Secret CISO.

Data Breaches

  1. Rochester City School District Data Breach: The Rochester City School District has issued a warning to students, families, and staff about a data breach. The specifics of the breach are not yet clear, but the district is taking steps to address the situation. Source: YouTube
  2. MGM Resorts Data Breach Settlement: MGM Resorts has agreed to pay $45 million in a lawsuit regarding two data breaches. The breaches had significant impacts, and the settlement aims to compensate those affected. Source: FOX5 Vegas
  3. TalkTalk Data Breach: UK telecommunications company TalkTalk has suffered a data breach. Initial findings suggest no leak of highly sensitive personal data, but the company is still investigating the incident. Source: Check Point Research
  4. Change Healthcare Data Breach: Change Healthcare has reported a massive data breach affecting 190 million people. The breach was carried out by the ransomware group ALPHV/Blackcat, highlighting the need for robust cybersecurity measures. Source: HC Innovation Group
  5. PowerSchool Data Breach: PowerSchool, a leading software provider in K-12 education, suffered a data breach in late December that affected thousands of students' accounts. The full scale of the breach is still unclear as impacted individuals are being contacted. Source: The Sentinel

Security Research

  1. Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More: Apple has released updates to address an actively exploited zero-day vulnerability affecting its devices. The flaw, yet to be attributed to a specific security researcher, could potentially compromise user data and device security. Source: The Hacker News
  2. Election Security Expert Avoids OAN Subpoena in Dominion Case: An election cybersecurity expert has successfully avoided a subpoena from One America News Network in a case brought by Dominion. The case highlights the ongoing tension between cybersecurity experts and media outlets in the context of election security. Source: Bloomberg Law News
  3. For $50, Attackers Can Use GhostGPT to Write Malicious Code: Security researchers have discovered that GhostGPT, a tool marketed for a range of malicious activities including coding and malware creation, can be used by attackers for as little as $50. This highlights the increasing accessibility of cyber attack tools. Source: Dark Reading
  4. Akamai Uncovers Critical Kubernetes Flaw for Windows Nodes: Akamai's security research team has discovered a critical flaw in Kubernetes for Windows nodes. The extent of the vulnerability, highlighted by security researcher Tomer Peled, underscores the importance of robust security measures in cloud-based systems. Source: SecurityBrief Asia
  5. Hackers Found a Way to Control Subaru Cars Over the Internet Without Drivers Even Knowing: Security researcher Sam Curry has found a security flaw in the Starlink system integrated into connected Subaru cars. This flaw allows bad actors to gain control over the vehicles remotely, highlighting the growing risks associated with connected vehicles. Source: Autoevolution

Top CVEs

  1. CVE-2024-27256 - IBM MQ Container Cryptographic Weakness: IBM MQ Container versions 3.0.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS, and 2.4.0 through 2.4.8, among others, use weaker than expected cryptographic algorithms. This could allow an attacker to decrypt highly sensitive information. Source: CVE-2024-27256
  2. CVE-2023-47159 - IBM Sterling File Gateway User Enumeration: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. Source: CVE-2023-47159
  3. CVE-2024-38320 - IBM Storage Protect Cryptographic Weakness: IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client versions 8.1.0.0 through 8.1.23.0 use weaker than expected cryptographic algorithms. This could allow an attacker to decrypt highly sensitive information. Source: CVE-2024-38320
  4. CVE-2023-50316 - IBM Sterling B2B Integrator SQL Injection: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Source: CVE-2023-50316
  5. CVE-2023-52292 - IBM Sterling File Gateway Stored XSS: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Source: CVE-2023-52292

API Security

  1. CVE-2025-23084 - Node.js Vulnerability in Windows Environment: A vulnerability has been discovered in Node.js, specifically affecting the handling of drive names in the Windows environment. This issue arises from certain Node.js functions not treating drive names as special on Windows, leading to potential security risks. Users are advised to update their Node.js to the latest version to mitigate this vulnerability. Source: vulners.com
  2. CVE-2024-56316 - AXESS ACS TR069 API Vulnerability: A serious vulnerability has been identified in AXESS ACS (Auto Configuration Server) through 5.2.0, where unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests. Users are advised to update their AXESS ACS to the latest version to prevent this attack. Source: vulners.com
  3. CVE-2024-52012 - Apache Solr Relative Path Traversal Vulnerability: A Relative Path Traversal vulnerability has been found in Apache Solr. This vulnerability, commonly known as a "zipslip", allows maliciously constructed ZIP files to write data to unanticipated parts of the filesystem. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Alternatively, users can use Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates insightful and helpful in staying ahead of the curve in the ever-evolving world of cybersecurity.

Remember, knowledge is power, and sharing is caring. So, don't hesitate to pass this newsletter along to your friends and colleagues.

Let's work together to create a safer digital world. Until next time, stay safe and secure!

Read more

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Secret CISO 2/15: Americans to get $5k from data breach settlement, USAID accuses DOGE of security breach, PCSO denies data breach, DOGE faces largest data breach lawsuit, Star Solution Services and Fillmore County Hospital announce data breaches

Welcome to today's edition of Secret CISO, your daily dose of cybersecurity news. Today, we're diving into a series of data breaches that have left hundreds of Americans eligible for a chunk of a multi-million dollar payout. We'll also explore allegations against the Department

By Secret CISO
Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Secret CISO 2/14: St. Andrew's Senior System & PPL Electric hit by data breaches, Russian ransomware group claims responsibility, 2.7 billion records leaked in Mars Hydro breach, CAPTCHA trick bypasses security scanners

Hello there, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and security research that you need to know. Firstly, we delve into the ongoing investigation into the data breach at St. Andrew's Resources for Seniors System. The breach has raised

By Secret CISO
Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Secret CISO 2/12: PowerSchool, DOGE, Mercer University, Duane Morris LLP under investigation for data breaches; Apple warns of security breach; Research reveals false sense of security with online scams

Welcome to today's issue of Secret CISO, where we bring you the latest news on data breaches and security vulnerabilities. Today, we're looking at a series of data breaches impacting PowerSchool, DOGE, Mercer University, and more. Attorney General Jeff Jackson is investigating a recent data breach

By Secret CISO