Hello Cyber Defenders,
Welcome to the 10th edition of the Secret CISO newsletter, brought to you by an undisclosed group of passionate CISOs, who are committed to keeping you in-the-know on all things cybersecurity.
First and foremost, we want to thank each and every one of you for helping us reach our milestone of 2,000 subscribers in just 10 weeks! It's a testament to the value and impact our newsletter has on the cybersecurity community. Your support fuels our drive to continue delivering the most relevant and valuable content to you each week.
In this week's issue, we have the latest scoop on data breaches, cutting-edge cybersecurity research, must-listen podcasts, and exciting job opportunities. As always, our content is curated to provide you with the most pertinent and actionable information to help you stay ahead in the ever-evolving world of cybersecurity.
Please do us a favor and share this newsletter with your colleagues in the cyber space. Encourage them to subscribe and join our growing community of security experts. Together, we can create a more resilient and secure digital world.
Thank you once again for your support, and happy reading!
Stay safe and vigilant,
The Secret CISO Team
1. Data Breaches
Cyber security, avionics, and clinical software companies hacked
Rubrik Data Breach: Zero-Day Strikes Again as Clop Ransomware Gang Targets Security Company
Data security company Rubrik has fallen victim to the Fortra GoAnywhere zero-day vulnerability (CVE-2023-0669), which led to unauthorized access to the firm's nonproduction IT testing environments. Attackers mainly accessed Rubrik's internal sales information, including customer and partner company names, business contact details, and some purchase orders. The company confirmed that no sensitive personal data was exposed. The Clop ransomware gang, which has exploited this zero-day flaw to target over 130 organizations, posted a listing naming Rubrik on its dark web leak site.
Safran Group's Sensitive Data Leak Exposes Aviation Sector's Cyber Vulnerabilities
Safran Group, a leading aerospace supplier, was found to have leaked sensitive data due to misconfiguration issues in its systems, leaving the company vulnerable to cyberattacks for an estimated 18 months. Cybernews researchers discovered a publicly available environment file, which contained the Laravel app key, JSON Web Token (JWT) key, MySQL credentials, and SMTP credentials. These exposed keys and credentials could have allowed attackers access to the company's backend, employee computers, and servers. Safran Group has since fixed the misconfiguration. The incident highlights the aviation industry's susceptibility to cyber threats and the potential consequences of supply chain attacks on companies and their customers.
Independent Living Systems Reveals Breach Impacting 4.2 Million Patients
Florida-based Independent Living Systems (ILS), a provider of clinical and administrative services to managed care organizations for elderly and disabled patients, reported that a 2022 cyber incident affected over 4.2 million individuals. The breach initially involved inaccessible computers and was reported as affecting only 501 individuals. The company's updated breach notice reveals that an unauthorized actor accessed ILS systems between June 30 and July 5, 2022, acquiring and potentially viewing some information on the network. Potentially compromised data includes names, addresses, birthdates, government identifiers, financial account information, and treatment details.
2. Security Research
LastPass was not the last: Bitwarden PIN hack, voice cloning attacks with AI, and HinataBot DDoS details
Bitwarden PINs Can Be Brute-Forced, Leaving Vault Data Vulnerable
Bitwarden, a popular OSS password manager, has a vulnerability that allows an attacker to brute-force a user's PIN if they gain access to the encrypted vault data stored locally on the device. The attacker can decrypt the vault data by trying different PINs until the ciphertext successfully decrypts. This issue exposes a risk for users who set up a low-entropy PIN and configure Bitwarden to not require the master password on restart. Bitwarden has been made aware of the issue but marked it as out of scope. It is recommended that users opt for a longer passphrase as a PIN and use additional measures like full-disk encryption to enhance security.
HinataBot: New GoLang-Based Botnet Exploits Router and Server Flaws for DDoS Attacks
A new Golang-based botnet called HinataBot has been discovered, exploiting known vulnerabilities in routers and servers to launch distributed denial-of-service (DDoS) attacks. The botnet targets unpatched vulnerabilities and weak credentials in Hadoop YARN servers, Realtek SDK devices, and Huawei HG532 routers. Active since December 2022, the threat actors initially used a generic Go-based Mirai variant before switching to their custom malware in January 2023. HinataBot is still in development, with newer versions exhibiting modular functionality and added security measures to resist analysis.
Adversary Simulation with Voice Cloning in Real Time, Part 1
With the advent of generative AI, voice cloning technology has become more advanced, enabling social engineers to conduct highly convincing attacks. Respeecher, a company specializing in voice cloning, has developed a real-time voice changing system that can be used in social engineering attacks. This technology allows for seamless transitions between different identities, genders, ages, and nationalities during live calls. Voice cloning only requires a few seconds of audio to create a realistic model, which could potentially compromise voice recognition systems in various industries, including banking. To protect against this, organizations should conduct regular attack simulations, invest in security awareness training, and implement technical security controls such as multi-factor authentication.
3. CISO Podcasts
GCC, GRC, and CISO Wisdom in the latest episodes
Should We Be in Microsoft 365 GCC, GCC High, or Commercial?
The Virtual CISO Podcast discusses the differences between Microsoft 365's Government Community Cloud (GCC), GCC High, and Commercial offerings. Host John Verry and Conrad Agramont, CEO of Agile IT, delve into the key security capabilities of each, emphasizing the importance of discussing cybersecurity requirements with government program offices. They also explore the migration process, its time, cost, and effort, and discuss the challenges of Microsoft 365 migrations. Finally, they examine the pros and cons of using a hybrid approach with multiple Microsoft 365 environments.
DtSR Episode 542 - Distilling 20 Years of CISO Wisdom
In this Down the Security Rabbithole podcast episode, co-hosts Rafal Los and James discuss various aspects of the security leadership role with Ray Emerly, a long-time veteran in the Chief Information Security Officer (CISO) position. They talk about important topics and explore what has changed and what hasn't in the security industry over the years. The conversation concludes with a thought-provoking question, highlighting a valuable insight for listeners.
Bridging the Gap: Tech, GRC, and the CISO Journey with Dr. Mike Brass
In this engaging podcast episode, Allan and Dr. Mike Brass, an archaeologist-turned-CISO, delve into the dynamics between technical teams and Governance, Risk, and Compliance (GRC) teams. They discuss the challenges and opportunities of bridging the gap between these two groups and explore how GRC can be an excellent foundation for a successful CISO career. The conversation highlights key insights for engineering, architecture, and GRC professionals, as well as essential knowledge for the broader business audience. Listen to Dr. Mike Brass's intriguing career journey spanning diverse industries and roles, from IT technician to CISO.
4. CISO Jobs
Shape the Future of Cybersecurity at Experian
Experian is seeking a Global CISO Programs Senior Director to lead a team and collaborate with the CISO and security leadership to execute strategic initiatives for the Global Security Office. Key responsibilities include creating reports, briefings, and presentations, developing communication strategies, and facilitating the prioritization of security initiatives. The ideal candidate will have 10+ years of relevant work experience, including leadership or managerial roles in cybersecurity, excellent communication skills, and a background in program/project management. This role offers an opportunity to make a significant impact on the organization's cybersecurity strategies and initiatives.
Deputy CISO for Governance, Risk & Compliance
The New York City Office of Technology & Innovation is seeking a Deputy CISO for Governance, Risk & Compliance (GRC) to provide leadership and support in executing the GRC program for Cyber Command. Reporting to the Citywide CISO, the Deputy CISO will lead a team of audit, compliance, risk, and policy analysts, overseeing policy implementation, risk analysis, security maturation, and compliance enforcement. The ideal candidate should have 10+ years of experience in cybersecurity or information security, knowledge of security frameworks, and strong communication and team management skills. This role offers an opportunity to play a pivotal role in shaping the cybersecurity landscape for New York City.
CIO and CISO - Drive Digital Transformation and Cybersecurity at SAIC
SAIC is looking for a highly experienced, customer-oriented CIO/CISO to lead a large IT and Cyber organization for a critical project. The role involves IT service delivery, digital strategy development, risk analysis, vendor negotiation, and goal-setting, while ensuring the organization is secure from cyber risks. The ideal candidate should have 25+ years of program/project management experience, 15+ years of experience leading IT and cybersecurity for NNSA (or a comparable agency), and CISSP certification. This position offers an opportunity to spearhead digital transformation and cybersecurity initiatives, ensuring the organization stays secure and ahead of the curve.
Dear friends and fellow CISOs,
As we wrap up the pilot project of our unnamed CISO group, we can't help but feel a sense of accomplishment and gratitude. Over the course of ten episodes, we've seen our community grow to over 2,000 subscribers, and we couldn't have done it without you. Your support, engagement, and willingness to share our content with others have truly made this a remarkable journey.
Let's celebrate this milestone with us by sharing a piece of this Birthday Cyber Cake, an art piece that we hope will brighten your day and serve as a symbol of our collective achievements. Feel free to share this gift with others, as we continue to spread the word about our group and its mission.
Thank you once again for joining us on this adventure, and for helping to make our pilot project a resounding success. As we move forward, we promise to bring you new chapters filled with even more valuable insights, data, and resources to help you excel in your role as a CISO. Until then, please take care, stay connected, and we'll see you in the next episode!
Warm regards and happy cybersecurity-ing,
The Secret CISO Team.