Secret CISO #16: Navigating the Storm - BoA's 57,000 Account Breach & The Crucial Lessons for Vendor Security

Secret CISO

6 min read
Secret CISO #16: Navigating the Storm - BoA's 57,000 Account Breach & The Crucial Lessons for Vendor Security


Welcome back to The Secret CISO newsletter this Tuesday! In our latest issue, we dive into critical cybersecurity developments that demand our attention. We're focusing on significant data breaches, including the Bank of America incident and vulnerabilities identified in IBM and WordPress plugins, highlighting the importance of robust cybersecurity measures.

We also explore the latest cybersecurity research findings, providing insights into emerging threats and defense mechanisms. Plus, we spotlight key job opportunities in the field, reflecting the high demand for cybersecurity expertise across various industries.

Stay ahead in the cybersecurity landscape with us as we uncover the challenges and opportunities that shape our digital world.

1. Data Breaches

Bank of America Accounts Compromise by Infosys McCamish

A significant breach at Infosys McCamish impacted 57,000 Bank of America accounts. This breach exposed sensitive customer information including names, addresses, dates of birth, Social Security numbers, and details related to deferred compensation plans. This incident underscores the vulnerabilities in the financial sector and the importance of securing third-party vendors.

Read more: https://www.americanbanker.com/news/data-breach-affects-57-000-bank-of-america-accounts

FCC Introduces Stricter Data Breach Reporting Rules for Telcos

The Federal Communications Commission (FCC) has mandated stricter data breach reporting rules for telecommunications companies. Now, telcos must report data breaches within seven days of discovery. This decision follows recent breaches and aims to enhance accountability and transparency in the sector, ensuring quicker responses to potential threats.

Read more: https://www.scmagazine.com/brief/stricter-data-breach-reporting-rules-for-telcos-introduced-by-fcc

US Government Data Breach Tied to Atlassian Bug

A significant breach affecting the U.S. government was linked to a vulnerability in Atlassian's Confluence software suite. This breach highlights the critical nature of promptly patching known software vulnerabilities to prevent unauthorized access and potential compromise of sensitive government data.

Read more: https://www.itnews.com.au/news/us-government-data-breach-linked-to-atlassian-bug-605069

Liberty Hospital's Data Breach Notification

In December 2023, Liberty Hospital experienced a data breach that affected patient information. This breach, disclosed in February 2024, involved unauthorized access to patients' personal and health information. It emphasizes the ongoing security challenges faced by healthcare institutions and the importance of robust data protection measures.

Read more: https://www.jdsupra.com/legalnews/liberty-hospital-notifies-patients-of-2081003/

HealthEC Notifies MD Valuecare Patients of Data Breach

HealthEC, LLC, reported a breach in December 2023, affecting patients of MD Valuecare. This incident involved unauthorized access to sensitive patient information. It underscores the vulnerabilities in healthcare data management and the critical need for stringent security protocols to protect patient data against unauthorized access.

Read more:https://www.jdsupra.com/legalnews/healthec-notifies-md-valuecare-patients-4086395/

2. Top CVE

CVE-2022-38714

IBM DataStage on Cloud Pak for Data Credential Exposure. This vulnerability in IBM DataStage on Cloud Pak for Data versions 4.0.6 to 4.5.2 involves storing sensitive credential information in a manner accessible to privileged users. It underscores the importance of secure credential storage practices and the potential risks of improper access control mechanisms within cloud and data management platforms.

Read more:https://exchange.xforce.ibmcloud.com/vulnerabilities/235060

CVE-2024-0248

EazyDocs WordPress Plugin Security Flaw. The EazyDocs WordPress plugin, before version 2.4.0, reintroduced a previously fixed vulnerability (CVE-2023-6029) in version 2.3.8. This flaw allows authenticated users, such as subscribers, to delete arbitrary posts and add or delete documents/sections. It highlights the significance of thorough security testing and version management in software maintenance to prevent regression vulnerabilities.

Read more:https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/

CVE-2024-22024

Ivanti Connect Secure XXE Vulnerability. An XML External Entity (XXE) vulnerability in the SAML component of Ivanti Connect Secure versions 9.x and 22.x, Ivanti Policy Secure versions 9.x and 22.x, and ZTA gateways could allow attackers to access restricted resources without proper authorization. This vulnerability emphasizes the need for robust input validation and the potential risks associated with SAML-based authentication systems.

Read more:https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

CVE-2023-6036

Web3 WordPress Plugin Authentication Bypass. The Web3 WordPress plugin, before version 3.0.0, contains an authentication bypass vulnerability in its login flow, allowing non-authenticated attackers to log in as any existing user. This issue spotlights the critical nature of secure authentication mechanisms and the potential impact of such vulnerabilities on user privacy and data security in web applications.

Read more:https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/

CVE-2023-51403

Nicdark Restaurant Reservations XSS Vulnerability. This vulnerability allows for Stored Cross-Site Scripting (XSS) in the Nicdark Restaurant Reservations plugin. It demonstrates the persistent threat of XSS vulnerabilities in web applications and the importance of sanitizing user input to prevent malicious script injection, which can lead to unauthorized access and data breaches.

Read more:https://patchstack.com/database/vulnerability/nd-restaurant-reservations/wordpress-restaurant-reservations-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve

3. Security Research

Canadian Flipper Zero Planned Crackdown Provokes Backlash

The proposed crackdown on Flipper Zero, a multi-tool device popular among security researchers and hackers, has sparked controversy in the cybersecurity community. Critics argue that such measures could hinder security research by limiting tools that expose vulnerabilities, emphasizing the need for balance between regulation and innovation in cybersecurity practices.

Read more:https://www.govinfosecurity.com/canadian-flipper-zero-planned-crackdown-provokes-backlash-a-24348

Urgent Patches Available for QNAP Vulnerabilities

QNAP has issued urgent patches for critical vulnerabilities, one being a zero-day, as highlighted by Rapid7 researchers. These vulnerabilities, if exploited, could severely compromise network-attached storage devices, underlining the constant vigilance required to protect against emerging threats in the cybersecurity landscape.

Read more: https://www.theregister.com/2024/02/13/qnap_latest_vulnerabilities/

Ivanti Finds Another High Severity Vulnerability

Security researchers have uncovered a high-severity vulnerability exploited by China-supported hackers since December 2023. This revelation showcases the ongoing cybersecurity threats posed by nation-state actors and the importance of timely vulnerability disclosure and patching to safeguard customer networks and sensitive information.

Read more: https://www.cybersecuritydive.com/news/ivanti-threat-researchers-flaws/707261/

Seal Security's Open Source Vulnerability Remediation Initiative

Seal Security aims to simplify the remediation of vulnerabilities in open source software. By transitioning from a researcher to a solution builder, the initiative seeks to address the complexities of securing open-source ecosystems, demonstrating the evolving role of security professionals in enhancing digital safety.

Read more:https://techcrunch.com/2024/02/13/seal-security-wants-to-make-open-source-vulnerability-remediation-easy/

Fertility Tracker Glow Fixes Bug Exposing User Data

A significant bug in the Glow fertility tracker app was fixed after a security researcher discovered it was leaking users' personal data. This incident highlights the privacy concerns in health apps and the critical role of ethical hacking and responsible disclosure in protecting users' sensitive information.

Read more:https://techcrunch.com/2024/02/13/fertility-tracker-glow-fixes-bugs-that-exposed-users-personal-data/

4. CISO Jobs

Director of Cyber Security Governance, Risk Compliance at Insight Global

This remote position, offering $190K/yr to $230K/yr with seven benefits, is ideal for senior professionals specializing in GRC within cybersecurity. It underscores the growing importance of compliance and risk management in the cyber domain across industries.

Read more: https://www.linkedin.com/jobs/view/3828961115

Director, Airport Cybersecurity Programs at Tetra Tech

Focused on enhancing cybersecurity for airport infrastructures, this role is crucial in safeguarding critical transportation networks. It's a specialized position that combines cybersecurity expertise with the specific requirements of airport operations and safety.

Read more:https://www.linkedin.com/jobs/view/3828374263

VP, Chief Information Security Officer at Zenith American Solutions, Inc

This leadership role offers a competitive package and the chance to oversee the cybersecurity strategy of a leading company. It's particularly appealing for candidates looking to impact at a strategic level, ensuring the protection of sensitive health and benefits administration data.

Read more: https://www.linkedin.com/jobs/view/3793284773

Chief Information Security Officer at Pushpay

Offering a salary range from $10K/yr to $210K/yr with a 401(k) benefit, this role is a unique opportunity in the fintech sector, emphasizing the security of digital payments and charitable giving platforms. It is ideal for a leader seeking to balance innovation in financial technology with rigorous security measures to protect sensitive financial data.

Read more: https://www.linkedin.com/jobs/view/3828620828

Deputy Chief Information Security Officer at the United States Holocaust Memorial Museum

This position offers a unique opportunity to contribute to the security posture of a significant cultural and historical institution. The hybrid nature allows for both on-site engagement and remote flexibility, appealing to professionals passionate about both cybersecurity and history.

Read more: https://www.linkedin.com/jobs/view/3826249371

Final Words

Thank you for reading Secret CISO #16!

We hope you found the insights and opportunities shared within both enlightening and valuable. As we continue to navigate the ever-evolving landscape of cybersecurity, staying informed and connected has never been more important. If you found this newsletter helpful, we kindly ask that you share it with friends and colleagues who may also benefit from its contents. As a token of our appreciation for your engagement and to add a bit of digital flair to your day, please enjoy this cyber flamingo digital gift. Together, let's keep our communities informed, prepared, and secure.

Thank you again for your time and interest in our newsletter!

Always with you in all the cyber challenges, Secret CISO Team.

Read more