Welcome to today's edition of Secret CISO, where we unravel the intricate web of cybersecurity incidents and vulnerabilities that have emerged on this eventful December 24th. In a world where data breaches and cyber threats are becoming alarmingly frequent, today's stories highlight the critical need for robust security measures and proactive vigilance.

Our journey begins with a series of data breaches that have left a trail of exposed personal information across the globe. From Pharmaceutics International's compromised PII to Aflac's massive breach affecting over 22 million customers, the ripple effects of these incidents are profound. Meanwhile, Shinhan Card and Sax LLP grapple with their own security lapses, as legal repercussions loom on the horizon.

In the realm of public infrastructure, Nova Scotia Power's cyberattack report and the unrestricted access to Cedar Rapids Police cameras underscore vulnerabilities that could have far-reaching implications for privacy and security. Similarly, Uzbekistan's exposed license plate surveillance system serves as a stark reminder of the importance of safeguarding national surveillance networks.

As we delve deeper, the spotlight shifts to the digital landscape, where malicious Chrome extensions threaten user credentials, and DNSSEC's longstanding cracks are laid bare by formal proofs. The urgency to fortify software supply chains against malware campaigns is echoed by GitHub's Bug Bounty team, emphasizing the need for heightened awareness and preparedness.

Finally, we uncover a series of critical vulnerabilities that could allow remote code execution and authentication bypasses in popular software like MariaDB, IceWarp, and Hugging Face. These flaws highlight the ever-present danger of unpatched systems and the relentless pursuit of cyber adversaries seeking to exploit them.

Join us as we navigate these complex narratives, offering insights and strategies to bolster your defenses in an increasingly perilous digital world.

Data Breaches

1. Pharmaceutics International Data Breach Exposes PII: Pharmaceutics International suffered a data breach that exposed a wide range of sensitive information, including full names, Social Security numbers, and dates of birth. The breach has raised concerns about the company's data protection measures and the potential impact on affected individuals. Source.
2. Nova Scotia Power Cyberattack Report: Nova Scotia Power released an incident report shedding light on their response to a recent cyberattack. The report highlights the utility's efforts to identify security gaps and improve data privacy measures following the breach. However, it does not provide a comprehensive update on the current status of the investigation. Source.
3. Shinhan Card Data Leak Affects 190,000 Customers: Shinhan Card, a major financial services company in South Korea, reported an internal data leak affecting approximately 190,000 customers. The breach involved unauthorized access to personal information, prompting the company to enhance its security protocols and notify affected individuals. Source.
4. Sax LLP Data Breach Affects 228K: Sax LLP experienced a data breach impacting 228,000 individuals, leading to potential legal action. The breach has prompted attorneys to investigate the incident and consider a class action lawsuit on behalf of those affected. Source.
5. Aflac Data Breach Impacts Over 22 Million Customers: Aflac disclosed a significant data breach affecting more than 22 million customers. The company has begun notifying state regulators and sending breach notification letters to those impacted, as it works to address the security lapse and prevent future incidents. Source.

Security Research

1. Cedar Rapids Police Cameras Among Dozens Exposed to Unrestricted Access: A security researcher discovered that live video feeds from Cedar Rapids Police surveillance cameras were accessible without restrictions, raising significant privacy and security concerns. This exposure highlights vulnerabilities in public surveillance systems that could be exploited by unauthorized individuals. Source: KCRG
2. Strengthening Supply Chain Security: Preparing for the Next Malware Campaign: GitHub's Bug Bounty team emphasizes the importance of securing the software supply chain against potential malware threats. By spotlighting the work of security researcher André, the initiative aims to enhance awareness and preparedness for future cyber threats in the software development ecosystem. Source: GitHub Blog
3. Inside Uzbekistan's Nationwide License Plate Surveillance System: Security researcher Anurag Sen uncovered a significant security lapse in Uzbekistan's license plate surveillance system, which was found exposed online without password protection. This breach poses serious privacy risks and underscores the need for robust security measures in national surveillance infrastructures. Source: TechCrunch
4. WARNING: These Malicious Chrome Extensions Will Steal Your Credentials: Cybersecurity researchers from Socket identified two malicious Google Chrome extensions that secretly intercept web credentials. These extensions pose a significant threat to user privacy and data security, emphasizing the need for vigilance when installing browser add-ons. Source: LinkedIn
5. Formal Proofs Expose Long Standing Cracks in DNSSEC: Recent research into DNSSEC has revealed validation gaps and operational risks that could undermine DNS security. These findings highlight the need for continuous evaluation and improvement of internet security protocols to protect against potential vulnerabilities. Source: Help Net Security

Top CVEs

1. MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability: This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability, with attack vectors varying based on implementation. The flaw lies in the handling of view names, resulting from improper validation of a user-supplied path before file operations. An attacker can exploit this to execute code in the context of the current user. Source: Vulners
2. IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability: This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp without requiring authentication. The flaw exists in the handling of the X-File-Operation header, due to improper validation of a user-supplied string before executing a system call. An attacker can leverage this to execute code in the context of SYSTEM. Source: Vulners
3. Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents without requiring authentication. The flaw exists in the parsing of pickle data, due to improper validation of user-supplied data, leading to deserialization of untrusted data. An attacker can exploit this to execute code in the context of the service account. Source: Vulners
4. IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability: This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw lies in the handling of a parameter passed to the gmaps webpage, due to improper validation of user-supplied data, leading to arbitrary script injection. Source: Vulners
5. A flaw in Keycloak: This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests, exhausting server CPU resources and making the service unavailable. Source: Vulners

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the digital landscape is fraught with challenges and opportunities. From the Pharmaceutics International data breach exposing sensitive personal information to the vulnerabilities in public surveillance systems like those in Cedar Rapids and Uzbekistan, the need for robust security measures has never been more pressing.

We've also seen how companies like Nova Scotia Power and Shinhan Card are responding to cyber threats by enhancing their security protocols, while others, like Aflac and Sax LLP, are dealing with the aftermath of significant data breaches. These incidents serve as a stark reminder of the importance of vigilance and preparedness in the face of evolving cyber threats.

Moreover, the vulnerabilities discovered in widely-used software and systems, such as the MariaDB and IceWarp, highlight the critical need for continuous evaluation and improvement of security protocols. The exposure of malicious Chrome extensions and the cracks in DNSSEC further emphasize the importance of staying informed and proactive in safeguarding our digital environments.

We hope today's insights have been valuable in understanding the current cybersecurity landscape. If you found this newsletter informative, please consider sharing it with your friends and colleagues. Together, we can foster a more secure digital world by spreading awareness and encouraging best practices in cybersecurity.

Stay safe and vigilant, and we'll see you in the next edition of Secret CISO!