Secret CISO 11/27: Anniemac, Washington, Finsure, LifeLabs breaches; Geico, Travelers fined; Quantum, Cyber risks research

Secret CISO 11/27: Anniemac, Washington, Finsure, LifeLabs breaches; Geico, Travelers fined; Quantum, Cyber risks research

Welcome to today's issue of Secret CISO, where we delve into the latest happenings in the world of cybersecurity.

Today, we're focusing on the alarming surge in data breaches. Anniemac Home Mortgage is facing a lawsuit after failing to protect customer data, while Washington state has seen an all-time high in data breaches, with cyberattacks and ransomware attacks making up 78% of all reported breaches. Across the globe, Australian mortgage broker Finsure has confirmed a 'cyber incident' impacting customers and brokers, and LifeLabs has finally released a report into a 2019 hacking incident that compromised millions of Canadians' health data. Insurance giants Geico and Travelers have been hit with a combined $11.3 million fine for data breaches that exposed 120,000 people. Meanwhile, 23andMe CEO Anne Wojcicki discusses the company's future following a major data security incident that led to a $30 million settlement. In the academic world, Andrew Tate's online university was hacked, leading to the data leak of 800,000 users.

We also explore the growing interest and investments in the Quantum Security Market, and the rising cyber risks in holiday e-commerce. Stay tuned for more updates and remember, knowledge is the best defense against cyber threats. Stay safe and secure!

Data Breaches

  1. Anniemac hit with lawsuit after data breach: Anniemac Home Mortgage is facing a proposed class-action lawsuit for allegedly failing to protect customer data as required by law. Source: National Mortgage News
  2. Data breaches reach all-time high in Washington: A report from the Attorney General found that 11.6 million data breach notices were sent to Washingtonians over the past year, marking an all-time high. Cyberattacks and ransomware attacks were the most common types of breaches. Source: KIRO 7
  3. Aussie mortgage broker Finsure confirms 'cyber incident': Finsure confirmed a cyber incident after almost 300,000 unique Finsure emails were added to the data leak website HaveIBeenPwned. Source: Cyber Daily
  4. LifeLabs data breach report released after firm loses four-year bid to keep it quiet: A long-withheld investigation into a 2019 hacking at LifeLabs Inc. that compromised millions of Canadians' health data has been made public. Source: Canadian Underwriter
  5. Geico And Travelers Fined 11.3 Million For Data Breaches Exposing 120,000: New York State has fined insurance giants Geico and Travelers a combined $11.3 million for data breaches that exposed 120,000 people. Source: Forbes

Security Research

  1. Report Reveals Growing Interest, Investments in Quantum Security Market: The Quantum Insider reports a surge in interest and investments in the quantum security market, with initiatives like the Center for Quantum Networks (CQN) and Q-SEnSE bridging research and real-world applications. Source: The Quantum Insider
  2. CyCognito report highlights rising cyber risks in holiday e-commerce: CyCognito's research team has identified increasing cyber risks in e-commerce during the holiday season, after analyzing web application assets across its customer base from November 2023. Source: Security Info Watch
  3. 20 Years Old macOS Vulnerability Allow Attackers To Gain Root Access Remotely: Security researcher Gergely Kalman has uncovered a severe macOS vulnerability privilege escalation in Apple's MallocStackLogging framework, which has been present for 20 years and allows attackers to gain root access remotely. Source: Cybersecurity News
  4. BlackBasta ransomware gang shifts to nation-state tactics: Security researchers have observed a shift in tactics, techniques, and procedures by the BlackBasta ransomware gang, suggesting a possible link to Russian-backed threats. Source: Cyber Daily
  5. More than 2,000 Palo Alto Networks firewalls compromised: Over 2,000 firewalls from Palo Alto Networks have been compromised, according to Elad Luz, Head of Research at Oasis Security. Customers are advised to restrict access immediately before patching. Source: Security Magazine

Top CVEs

  1. CVE-2024-8114 - GitLab CE/EE Vulnerability: A critical issue has been discovered in all versions of GitLab CE/EE from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This vulnerability allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. Source: CVE-2024-8114
  2. CVE-2024-11699 - Firefox and Thunderbird Memory Safety Bugs: Memory safety bugs have been identified in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. These bugs could potentially be exploited to run arbitrary code. Source: CVE-2024-11699
  3. CVE-2024-11691 - WebGL Operations Vulnerability on Apple M Series Devices: Certain WebGL operations on Apple silicon M series devices could lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. Source: CVE-2024-11691
  4. CVE-2017-18307 - Information Disclosure in Audio: This vulnerability allows for potential information disclosure in audio. Source: CVE-2017-18307
  5. CVE-2018-11816 - Crafted Binder Request Causes Heap UAF: A crafted binder request can cause a heap use-after-free (UAF) condition. Source: CVE-2018-11816

API Security

  1. CVE-2024-42327 - SQLi Vulnerability in Zabbix Frontend: A non-admin user account on the Zabbix frontend with default User role or any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function. Source: CVE-2024-42327
  2. CVE-2024-36467 - Unauthorized Group Addition in Zabbix: An authenticated user with API access, specifically a user with access to the user.update API endpoint, can add themselves to any group, except to groups that are disabled or having restricted GUI. Source: CVE-2024-36467
  3. CVE-2024-10240 - Unauthorized Access in GitLab EE: An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2. An unauthenticated user may be able to read some information about an MR in a private project, under certain conditions. Source: CVE-2024-10240
  4. CVE-2024-53844 - Path Traversal Vulnerability in E.D.D.I: A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by manipulating the botFilename parameter in requests. Source: CVE-2024-53844
  5. CVE-2024-52008 - Password Policy Bypass in Fides: The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. This vulnerability allows an invited user to set an extremely weak password for their own account during the initial account setup process. Source: CVE-2024-52008

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the world of cybersecurity is a dynamic and ever-evolving landscape. From the lawsuit against Anniemac following a data breach, to the record-breaking number of data breaches in Washington, and the 'cyber incident' impacting Finsure's customers and brokers, it's clear that no sector is immune to these threats. But it's not all doom and gloom. With the right knowledge and tools, we can all play a part in fortifying our defenses and staying one step ahead of the cybercriminals.

So, let's continue to learn, share, and support each other in this journey. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues.

Remember, knowledge is power, and in the world of cybersecurity, it's our strongest weapon. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO