Secret CISO #12: Florida Sheriff's office ransomware attack jail networks.

Secret CISO #12: Florida Sheriff's office ransomware attack jail networks.
Secret CISO #12: Florida Sheriff's office ransomware attack jail networks.

Welcome to the twelfth episode of The Secret CISO newsletter, where we bring you the latest news and insights from the world of cybersecurity. In this edition, we have gathered a range of valuable resources, including updates on data breaches, common vulnerabilities and exposures (CVEs), research studies, informative podcasts, and exciting job postings.

Our team of experienced CISOs has carefully curated this content with a focus on delivering relevant and actionable insights for fellow CISOs. Whether you are a seasoned cybersecurity professional or just starting in the field, our newsletter is designed to keep you informed and up-to-date with the latest developments in the industry. We hope you find this edition informative and valuable, and we encourage you to share it with your colleagues and peers.

Let's dive in!

1. Data Breaches

Canadian finance giant TMX's breach impacts 4.8 million people; LockBit ransomware disrupts Florida County Sheriff's Office; Dutch software provider Nebu's breach affects major clients; Ithaca College students' bank accounts hacked after ticketing software breach; and Israel's Technion University suffers a DarkBit ransomware attack.

Canadian Finance Giant TMX Suffers Massive Breach

TMX, a Canadian finance giant, discloses a data breach impacting 4.8 million people, with hackers breaching its systems in December 2022 but remaining undetected until February 2023.

Read more: https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people

Florida County Sheriff's Office Rocked by LockBit Ransomware Attack

Washington County Sheriff's Office experiences a ransomware attack, resulting in the disruption of its app, finance system, and jail networks between February and March 2023.

Read more: https://www.scmagazine.com/brief/ransomware/lockbit-exposes-florida-county-sheriffs-office-data

Dutch Customer Survey Software Provider Nebu Hit by Data Breach

Nebu, a customer survey software provider, suffers a data breach affecting major clients such as Nederlandse Spoorwegen, VodafoneZiggo, ArboNed, Heineken, International Film Festival Rotterdam, and more.

Read more: https://www.iamexpat.nl/expat-info/dutch-expat-news/millions-affected-dutch-data-breach-heres-what-we-know-so-far

Students' Bank Accounts Hacked After Ticketing Software Breach

Ithaca College students' credit and debit card information is compromised and funds stolen due to a ticketing software breach following a concert at Cornell University.

Read more: https://theithacan.org/news/students-bank-accounts-hacked-because-of-ticketing-software-breach

DarkBit Ransomware Attack Affects Israel’s Technion University

Technion University in Israel is hit by a ransomware attack, with the cybercriminal group DarkBit demanding 80 bitcoins as ransom and putting the university's data for sale.

Read more: https://www.csoonline.com/article/3691823/darkbit-puts-data-from-israel-s-technion-university-on-sale.html

2. Top CVE

IntelliJ IDEA's unsandboxed Chromium (CVE-2022-48432); Nextcloud's permission escalation (CVE-2023-25817); Cal.com's account takeover (CVE-2023-1647); Apache InLong's deserialization vulnerability (CVE-2023-27296); and Infoline Project Management System's SSRF issue (CVE-2023-1725).

  1. IntelliJ IDEA Sandboxing Issue - CVE-2022-48432The bundled version of Chromium in JetBrains IntelliJ IDEA before 2023.1 wasn't sandboxed, potentially exposing users to security risks. Update to the latest version to mitigate the issue. Read more: https://www.jetbrains.com/privacy-security/issues-fixed/
  2. Nextcloud Permission Escalation - CVE-2023-25817Nextcloud server versions 24.0.0 to 24.0.9 have a vulnerability that allows users to escalate their permissions and delete files they shouldn't be able to. Update to version 24.0.9 to resolve the issue. Read more: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8v5c-f752-fgpv
  3. Cal.com Account Takeover - CVE-2023-1647Improper Access Control in the GitHub repository calcom/cal.com prior to 2.7 allows attackers to take over victim accounts by using their email addresses. Update to the latest version to avoid account takeover risks. Read more: https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6/
  4. Apache InLong Deserialization Vulnerability - CVE-2023-27296Apache InLong versions 1.1.0 to 1.5.0 have a Deserialization of Untrusted Data vulnerability, allowing authenticated users to exploit the issue. Update to the latest version or cherry-pick the provided solution to fix it. Read more: https://github.com/apache/inlong/pull/7422
  5. Infoline Project Management System SSRF - CVE-2023-1725Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System versions before 4.09.31.125 allows attackers to exploit the vulnerability. Update to a newer version to prevent SSRF attacks. Read more: https://www.usom.gov.tr/bildirim/tr-23-0187

3. Security Research

The 3CX Supply Chain Debacle: Unraveling the 'Smooth Operator' Attack

The recent 3CX Voice Over Internet Protocol (VOIP) desktop client supply chain attack, dubbed "Smooth Operator," affected over 600,000 companies and 12 million users. North Korean-linked threat actor Labyrinth Chollima is the prime suspect. The attackers distributed a trojanized update, compromising both Windows and MacOS versions of the software, which then dropped an info-stealing payload. Despite early reports from users, 3CX's initial response was inadequate, dismissing the issue and instructing users to create security exceptions.

Research: https://opalsec.substack.com/p/the-defenders-guide-to-the-3cx-supply

Socksprox: Unleashing Bug Bounty Potential with AI and Kubernetes

Socksprox is a solution to common bug bounty hunting challenges, using a Kubernetes cluster with multiple Dante Socks Proxy nodes to bypass rate-limiting, avoid bans, and manage IP addresses. Developed with the help of ChatGPT, an AI language model, Socksprox demonstrates the potential of AI models to accelerate learning and development in technology. The scalable and cost-effective solution has great potential for enhancing bug bounty hunting and optimizing the experience for developers.

Research: https://blog.ceriksen.com/2023/04/01/leveraging-llms-for-solving-bounty-hunting-pain-points/

Reading SAK and ATQA values using the PC/SC driver with libnfc

The patch improves the compatibility of the CLOUD 3700 F reader with the NFC library by implementing additional functions and updating the code. This change enhances communication and allows the reader to better support various NFC card types.

Patch: https://paste.debian.net/1275841/

Beware the Trap: SNMP Exploit Leads to Remote Code Execution on LibreNMS

A critical security vulnerability has been discovered in LibreNMS, a popular open-source network monitoring solution. An unauthenticated attacker could exploit this vulnerability by sending a single SNMP trap, allowing them to execute arbitrary code remotely. The issue affects LibreNMS versions 22.10.0 and earlier, with a patch available in version 22.11.0. The article provides an in-depth explanation of SNMP, the vulnerability, and its impact, as well as key learnings and recommendations for securing SNMP configurations and using safer template engines.

Research: https://www.sonarsource.com/blog/it-s-a-snmp-trap-gaining-code-execution-on-librenms/

Google's Threat Analysis Group (TAG) has discovered two campaigns using 0-day exploits against Android, iOS, and Chrome. These campaigns show that commercial spyware vendors have increased their capabilities and are enabling dangerous hacking tools to be utilized by governments. Both campaigns were limited and highly targeted, highlighting the importance of timely patching and keeping devices updated.

Research: https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/

4. CISO Podcasts

Discover insights on a range of cybersecurity topics, including IRS tax scams, the 3CX supply chain attack, post-pandemic cyber threats, bug bounty programs, and the future of authentication, by tuning in to these five informative podcast episodes.

  1. The Virtual CISO Moment: A discussion on IRS tax scams, phishing emails, 3CX supply chain attack, and more. Listen: https://podcasts.apple.com/us/podcast/infosec-wrap-up-march-31-2023/id1608185823?i=1000606764452
  2. Cyber Week in Review: Highlights on the 3CX supply-chain attack, AI pause request, and WiFi protocol flaw. Listen: https://podcasts.apple.com/us/podcast/week-in-review-supply-chain-attack-on-3cx-ai-pause/id1527478719?i=1000606814917
  3. The Pandemic's Lasting Effects on Cybersecurity: Examining how organizations are coping with emerging cyber threats post Covid-19. Listen: https://soundcloud.com/user-305373143/the-pandemics-lasting-effects-on-cybersecurity-how-much-has-changed-ciso-talks
  4. How to Find a Good BBP: Tips on determining the quality of a bug bounty program, Acropalypse, and ZDI's Pwn2Own competition. Listen: https://rss.com/podcasts/ctbbpodcast/886550/
  5. Implementing Secure and Fast Authentication Processes: An insight into current and future authentication trends and low-code/no-code passwordless authentication solutions. Listen: https://www.dchatte.com/podcast/

5. CISO Jobs

Explore diverse CISO opportunities at West Virginia University, Crisis Prevention Institute, and Canonical, with remote options and various focuses on information security, policy standards, and Linux in Morgantown, Milwaukee, and Madison respectively.

Remote Chief Information Security Officer - ITS Information Security

West Virginia University is seeking a CISO with exceptional collaboration, communication, and leadership skills to join their team remotely.

Apply: https://www.indeed.com/viewjob?t=Chief+Information+Security+Officer+Its+Information+Security&c=Careers+%7C+West+Virginia+University&l=Morgantown,+WV&jk=4e58286402e54965&rtk=1gt1b6jvpi3ah800&from=rss

Chief Information Security Officer (CISO)

The Crisis Prevention Institute is hiring a CISO with experience in global Information Security Management and policy standards creation in Milwaukee, WI.

Apply: https://www.indeed.com/viewjob?t=Chief+Information+Security+Officer&c=Crisis+Prevention+Institute&l=Milwaukee,+WI&jk=be1720897713be42&rtk=1gt1b6jvpi3ah800&from=rss

Chief Information Security Officer - Canonical

Canonical is seeking a global cybersecurity leader with a passion for Linux and open source to help secure its corporate operations in Madison, WI.

Apply: https://www.indeed.com/viewjob?t=Chief+Information+Security+Officer&c=Canonical&l=Madison,+WI&jk=a1a7d4120e050800&rtk=1gt1b6jvpi3ah800&from=rss

Final Words

Thank you for reading Secret CISO #12!

If you enjoyed reading this, please consider sharing and recommending it to your colleagues. We hope you enjoyed our new format with 5 picks instead of 3 as it was before and a new CVE section we added recently.

As always, we are glad to share with you our digital token of appreciation, today it is a cyber parrot:

Thank you again for your time and interest in our weekly newsletter!

Always with you in all the cyber challenges, Secret CISO Team.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO