Secret CISO #18: Stratford's Email Leak, Health NZ's Insider Breach, Veterans' Data Crisis, and Comcast's Data Vulnerability

Secret CISO #18: Stratford's Email Leak, Health NZ's Insider Breach, Veterans' Data Crisis, and Comcast's Data Vulnerability

Welcome to The Secret CISO, your indispensable source for the pulse of cybersecurity across the globe. In today’s edition, we delve into a series of captivating stories that showcase the relentless battle against digital threats.

First up, we reveal the story of Health NZ, where an internal breach has put 12,000 people at risk, highlighting the critical need for insider threat management. Next, we turn our lens to a grave breach involving veterans' medical data, a stark reminder of the vulnerabilities in protecting sensitive health information. The saga continues with the Stratford Council, where a data breach's ripple effects have extended far beyond initial estimates, underscoring the interconnectedness of digital security. Comcast Xfinity’s recent ordeal sheds light on the vulnerability of customer data and the imperative for robust security measures. Lastly, we spotlight JCT600, where a swift response to a potential security breach illustrates the ongoing vigilance required in the retail and automotive sectors.

Join us as we explore these stories, each a piece of the puzzle in understanding the complex cybersecurity landscape we navigate daily.

1. Data Breaches

Health NZ Data Breach

In a significant breach, Health NZ notified around 12,000 people whose personal information may have been compromised due to unauthorized access by a former employee. This incident, which became public in December, has led to court charges against the individual responsible. Health NZ is now working with local and international cybersecurity experts to enhance data security measures and monitor for any misuse of the disclosed data.

Read more:https://www.newshub.co.nz/home/new-zealand/2024/02/at-least-12-000-people-caught-in-health-nz-data-breach.html

University Program Veterans' Medical Data Breach

A university program was shut down amid a class action investigating the misuse of veterans' medical data, highlighting serious privacy concerns. This breach raises significant issues about the security and confidentiality of sensitive health information, with potential long-term implications for those affected.

Read more:https://www.abc.net.au/news/2024-02-15/potential-class-action-lawsuit-over-veterans-medical-data-breach/103471536

Stratford Council Data Breach

Stratford District Council experienced a data breach affecting email addresses of Warwick district residents. The investigation concluded that the breach extended beyond initially anticipated, underlining the importance of robust data protection measures and the potential for wide-reaching impacts of such incidents.

Read more:https://www.warwickshireworld.com/news/people/stratford-council-data-breach-extended-to-email-addresses-of-warwick-district-residents-4520444

Comcast Xfinity Data Breach

Comcast faced a data breach, leading to an investigation by Lynch Carpenter, LLP into claims against the company. Customers who received a data breach notification from Xfinity are being examined for the extent of the impact. This breach underscores the vulnerability of customer data and the need for stringent security protocols.

Read more:https://www.globenewswire.com/news-release/2024/02/15/2830387/0/en/Lynch-Carpenter-Investigates-Claims-in-Comcast-Xfinity-Data-Breach.html

JCT600 Security Breach

JCT600, a Bradford-based franchise car sales business, identified a "potential security breach," prompting immediate action to address the vulnerability. This incident serves as a reminder of the cybersecurity threats facing various sectors, including retail and automotive sales, and the critical need for ongoing vigilance.

Read more:https://www.thetelegraphandargus.co.uk/news/24122925.jct600-takes-action-potential-security-breach-found/

2. Top CVE

CVE-2022-23088

FreeBSD Wi-Fi Client Vulnerability. This CVE addresses a critical vulnerability in FreeBSD's handling of 802.11 beacon frames. A malicious beacon frame can exploit the failure to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer, leading to kernel memory overwrite and remote code execution when the Wi-Fi client is scanning for networks. This vulnerability poses a significant threat due to the potential for unauthorized remote access and control.

Read more: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc

CVE-2022-23087

E1000 Network Adapter Vulnerability. This vulnerability affects e1000 network adapters, allowing an attacker to modify Ethernet packets during transmission, including checksum insertions, VLAN header insertions, and TCP segmentation offload. The issue stems from the use of an on-stack buffer, potentially leading to memory corruption or other unintended behaviors. The impact is particularly concerning for systems relying on e1000 network adapters for secure communication.

Read more: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:05.bhyve.asc

CVE-2023-40113

Cross-User Message Data Access Vulnerability. This CVE reveals a vulnerability allowing applications to access cross-user message data without proper permissions, leading to potential local information disclosure. The absence of a need for user interaction or additional execution privileges amplifies the risk, as it allows for silent data breaches, underscoring the necessity for strict permission checks within multi-user environments.

Read more: https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/64ca6ba981745875dbf2064e0b2a47f8194c4f0a

CVE-2023-40106

Background Activity Launch Vulnerability. Identified in the NotificationManagerService.java's sanitizeSbn method, this vulnerability enables unauthorized launching of activities from the background due to a Background Activity Launcher (BAL) Bypass. This escalation of privilege risk, which does not require user interaction, points to the critical need for secure background process management and validation in application services.

Read more: https://android.googlesource.com/platform/frameworks/base/+/442b4390c1f04b0e74ae4a7e349418dad4e7522e

CVE-2023-40115

Memory Corruption in StatsService.cpp This vulnerability involves a possible memory corruption due to a use-after-free error in readLogs of StatsService.cpp, leading to a potential local escalation of privilege. The lack of requirement for user interaction or additional privileges highlights the importance of secure memory management and the dangers of improper resource handling.

Read more: https://android.googlesource.com/platform/packages/modules/StatsD/+/e4cd2d8f75d1b7b83a759d752f38099a9aa9997e

3. Security Research

Stillwater Officials Address Potential Email Leak

Brian Krebs reported that U.S. Internet had leaked years of internal and customer emails, according to a Yahoo Finance article. This incident underscores the critical importance of securing email systems and the potential reputational and privacy impacts of such leaks. Organizations must ensure robust security measures are in place to protect against unauthorized access to sensitive communications.

Read more: https://finance.yahoo.com/news/stillwater-officials-address-potential-email-230900626.html

Critical Software Vulnerabilities in Credit Unions

LMG Security researchers discovered critical software vulnerabilities impacting credit unions, as reported by Dark Reading. These vulnerabilities could potentially allow attackers to compromise financial data and disrupt operations. This discovery highlights the need for ongoing vigilance and timely patching within the financial sector to protect against exploitation.

Read more: https://www.darkreading.com/cloud-security/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher

Hackers Exploit Ad Tools to Track Victims

Security researchers from HP Inc. found that hackers are exploiting advertising tools to track victims and boost scam efforts, according to Yahoo Finance. By embedding tracking mechanisms in email links, attackers collect valuable information when recipients click on them. This tactic emphasizes the evolving nature of cyber threats and the importance of educating users on the risks of clicking on unknown links.

Read more: https://finance.yahoo.com/news/hackers-exploit-ad-tools-track-184948118.html

Apple's Deliberate Breakage of iPhone Web Apps in the EU

TechCrunch reported that Apple confirmed it is breaking iPhone web apps in the EU on purpose, citing security concerns. This decision, while aimed at enhancing security, raises questions about the balance between security measures and user experience. Organizations must navigate these challenges carefully to ensure security enhancements do not unduly hinder functionality.

Read more: https://techcrunch.com/2024/02/15/apple-confirms-its-breaking-iphone-web-apps-in-the-eu-on-purpose/

ESET Patches High-Severity Privilege Escalation Vulnerability

SecurityWeek reported that ESET patched a high-severity privilege escalation vulnerability reported by researchers with Trend Micro's ZDI. Although there was no evidence of in-the-wild exploitation, this incident highlights the importance of proactive vulnerability management and the collaboration between cybersecurity researchers and vendors to address potential threats.

Read more: https://www.securityweek.com/eset-patches-high-severity-privilege-escalation-vulnerability/

4. CISO Jobs

CISO - Kavaliro

This position at Kavaliro emphasizes the hybrid nature of modern work environments and is based in Ormond Beach, FL. The role suggests a need for leadership in cybersecurity within a dynamic setting, reflecting the adaptability required in today's security landscape.

Read more: https://www.linkedin.com/jobs/view/3798734253

Senior Chief Information Security Officer - KBR, Inc.

KBR, Inc. is looking for a Senior Chief Information Security Officer with a CISSP certification, highlighting the importance of recognized cybersecurity qualifications. The on-site requirement in Fulton, MD, underscores the critical role of direct leadership and oversight in securing the company's information systems.

Read more: https://www.linkedin.com/jobs/view/3826848183

Managing Director - Technology Services (AI & Cybersecurity) - BTSA

BTSA's opening for a Managing Director specializing in AI and Cybersecurity in the San Francisco Bay Area offers a hybrid work model. This role points to the intersection of cutting-edge technologies like AI and the need for advanced cybersecurity strategies to protect and leverage these tools effectively.

Read more: https://www.linkedin.com/jobs/view/3827930002

CISO - Dice

Dice is offering a fully remote CISO position, catering to the growing trend of remote work. This role demonstrates the expanding opportunities for cybersecurity professionals to lead and innovate from anywhere in the country, emphasizing the importance of remote security management capabilities.

Read more: https://www.linkedin.com/jobs/view/3800861353

CYBER SECURITY OFFICER / DEPUTY CIO - Los Angeles Superior Court

The Los Angeles Superior Court is seeking a Cyber Security Officer/Deputy CIO for an on-site position in Los Angeles, CA. This role within the judicial system highlights the critical need for cybersecurity expertise in public sector organizations to protect sensitive legal and personal data.

Read more: https://www.linkedin.com/jobs/view/3830714463

Final Words

Wrapping up today's edition of The Secret CISO newsletter this February 15th, it's evident that the cybersecurity landscape doesn't pause or slow down, even as we move through the month. Today's highlighted data breaches and vulnerabilities reinforce the ongoing complexity and diversity of cybersecurity challenges that we face daily.

As we progress through February, let this day serve as a reminder of the dynamic risks in the digital realm and the indispensable role of CISOs and cybersecurity professionals in defending against these threats. Let's leverage the insights from today's newsletter to bolster our security posture, share knowledge, and advance best practices that will fortify our defenses against the sophisticated cyber threats of tomorrow.

Thank you for your unwavering commitment to cybersecurity. Let's stay vigilant, informed, and secure as we move forward.

Warm regards,
The Secret CISO Daily Newsletter Team

DO NOT FORGET TO SHARE US WITH YOUR COLLEAGUES!

See You Tomorrow

Read more

Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Secret CISO 5/22: Universities and Healthcare Under Attack, OmniVision and CentroMed Breaches, Homeland Security's DNA Data Collection, and Latest Cybersecurity Research Insights

Good day, Secret CISO readers! Today's newsletter is packed with critical updates on the latest cyber threats and breaches. First up, we delve into a concerning cyber breach at a university in NSW, Australia, where students' data was compromised. The incident has sparked a broader conversation about

By Secret CISO
Secret CISO 5/21: Massive Data Breaches at PNP, Oregon, MediSecure, and NJ High School; SEC Tightens Data Breach Regulations; Research on Financial Security Risks for Parents and AI Safety Prioritization

Secret CISO 5/21: Massive Data Breaches at PNP, Oregon, MediSecure, and NJ High School; SEC Tightens Data Breach Regulations; Research on Financial Security Risks for Parents and AI Safety Prioritization

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the world of data breaches, from the massive PNP data breach in the Philippines to the rising concerns over data privacy in Oregon. We also explore why health

By Secret CISO