Secret CISO 11/29: Edelson Lechtzin LLP and Met Police Data Breaches, Washington's Record High Breaches, North Korean Hackers Funding Nuclear Program

Secret CISO 11/29: Edelson Lechtzin LLP and Met Police Data Breaches, Washington's Record High Breaches, North Korean Hackers Funding Nuclear Program

Subject: Secret CISO Daily: Data Breaches Reach New Highs, Cybersecurity Myths Debunked, and More Hello there, In today's issue of Secret CISO, we're diving into a series of data breaches that have made headlines recently. From Edelson Lechtzin LLP's ongoing investigation into a breach compromising personal data, to the Met Police's apology to honeytrap victims over an email breach, it's clear that data security is a pressing concern. In Washington, data breaches have reached an all-time high, while a man accused of involvement in a massive data breach made a brief court appearance.

Meanwhile, the health data of over 600 veterans in Minnesota was compromised in a cyberattack, and Bologna FC confirmed a data breach following a RansomHub ransomware attack. We're also debunking three cloud storage security myths and discussing the importance of cybersecurity in keeping our data safe. Plus, we'll look at the consequences of cybersecurity failures, with insurance companies facing hefty fines due to lapses in data security systems.

In the world of research, we'll explore the work of security researchers uncovering vulnerabilities, the rise of 'ghost engineers' in software development, and the evolving landscape of cybersecurity. We'll also delve into the threats posed by AI-driven attacks on SaaS applications and the latest findings from security researchers on new malware loaders.

Finally, we'll round up the latest news on vulnerabilities and cyberattacks, including a critical vulnerability found in the Concert Ticket Ordering System and a confirmed 0-click backdoor Russian cyber attack. Stay tuned for these stories and more in today's Secret CISO newsletter.

Data Breaches

  1. Edelson Lechtzin LLP Investigates Data Breach: Edelson Lechtzin LLP is investigating a data breach that may have compromised personal data, including names, addresses, Social Security numbers, and medical information. The extent of the breach and the number of affected individuals are yet to be determined. Source: GlobeNewswire
  2. Data Breaches Reach All-Time High in Washington: A new report reveals that data breaches have reached an all-time high in Washington. The unauthorized acquisition of data has compromised the security, confidentiality, and integrity of personal information. The report does not specify the number of individuals affected or the entities responsible for the breaches. Source: Tacoma Weekly
  3. Massive Data Breach Involving Several U.S. Companies: A man accused of being behind a massive data breach impacting several large U.S. companies appeared in court. The details of the companies affected and the extent of the breach are yet to be disclosed. Source: CTV News
  4. Health Data of 600+ Veterans in Minnesota Taken in Cyberattack: The health data of over 600 veterans in Minnesota was compromised in a cyberattack. Federal officials are working with DBP to ensure appropriate security measures are in place. Source: CBS News
  5. Bologna FC Confirms Data Breach After RansomHub Ransomware Attack: Bologna Football Club 1909 confirmed a data breach following a ransomware attack by the RansomHub extortion group. The extent of the breach and the data leaked online are yet to be disclosed. Source: BleepingComputer

Security Research

  1. New Rockstar 2FA phishing service targets Microsoft 365 accounts: A new phishing service is targeting Microsoft 365 accounts, redirecting bots, security researchers, or out-of-scope targets to a harmless decoy page. This sophisticated attack method is a reminder of the importance of robust security measures. Source: Bleeping Computer
  2. North Korean hackers stole billions in crypto to fund their nuclear weapon program: At Cyberwarcon, security researchers revealed that North Korean hackers are using fake identities to access corporate secrets and fund their nuclear weapons program. This highlights the growing threat of state-sponsored cybercrime. Source: Indian Express
  3. New Warning As Venture Capitalist Scammers Net $1 Billion In Crypto: Security researchers at the annual Cyberwarcon conference warned of scammers posing as venture capitalists, netting over $1 billion in cryptocurrency. This highlights the increasing sophistication and scale of cyber scams. Source: Forbes
  4. Windows Warning As New 0-Click Backdoor Russian Cyber Attack Confirmed: Security researchers confirmed a severe vulnerability in Windows, exploited in a zero-click cyber attack by Russian hackers. This underscores the critical importance of regular software updates and patches. Source: Forbes
  5. Security Bite: Mosyle identifies new malware loaders written in unconventional languages: Mosyle's Security Research team discovered a new family of Mac malware loaders, written in unconventional languages. This discovery highlights the evolving nature of malware and the importance of continuous security research. Source: 9to5Mac

Top CVEs

  1. CVE-2024-11970: A critical vulnerability has been discovered in the Concert Ticket Ordering System 1.0 by code-projects. An unknown function of the file /tour(cor).php is affected, allowing for SQL injection through the manipulation of the argument 'mai'. The vulnerability can be exploited remotely and has been publicly disclosed. Source: Vulners.
  2. CVE-2024-8300: Dead Code vulnerability has been found in ICONICS GENESIS64 and Mitsubishi Electric GENESIS64. A local authenticated attacker can execute malicious code by tampering with a specially crafted DLL, potentially leading to information disclosure, tampering, destruction, deletion, or a denial of service (DoS) condition. Source: Vulners.
  3. CVE-2024-8299: An Uncontrolled Search Path Element vulnerability has been identified in ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and Mitsubishi Electric MC Works64. A local authenticated attacker can execute malicious code by storing a specially crafted DLL in a specific folder, potentially leading to information disclosure, tampering, destruction, deletion, or a denial of service (DoS) condition. Source: Vulners.

API Security

  1. CVE-2024-53865 - IBM Z HMC Web Services API: The Python package "zhmcclient" was found to be writing password-like properties in clear text into its HMC and API logs. This issue affects users who have enabled the Python loggers named "zhmcclient.api" or "zhmcclient.hmc" and use certain functions. The issue has been fixed in zhmcclient version 1.18.1. Source: vulners.com
  2. CVE-2024-11481 - ESM 11.6.10: A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API. Source: vulners.com
  3. CVE-2024-11482 - ESM 11.6.10: Another vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root. Source: vulners.com
  4. CVE-2024-45495 - MSA FieldServer Gateway: Versions 5.0.0 through 6.5.2 of MSA FieldServer Gateway allow cross-origin WebSocket. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the face of ever-evolving cybersecurity threats. From the data breaches at Edelson Lechtzin LLP, Met Police, and Bologna FC, to the massive cyberattack on Minnesota veterans, it's clear that no sector is immune. We've also seen how cloud storage security myths can be debunked and how researchers are tirelessly working to protect the Internet of Things. We've learned about the potential consequences of cybersecurity failures, as evidenced by the hefty fines faced by insurance companies. In the midst of these challenges, we're also witnessing the incredible work of security researchers, who are not only identifying vulnerabilities but also developing innovative solutions to protect our data and systems.

As we continue to navigate this complex cybersecurity landscape, we encourage you to share Secret CISO with your friends and colleagues.

Together, we can stay informed, stay vigilant, and stay secure. Remember, in the world of cybersecurity, knowledge is power.

Stay tuned for more updates tomorrow. Until then, stay safe and secure!

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO