Secret CISO 2/16: State Network Compromise, Health Data Exposure, Twitter Incident, & AnyDesk Security Flaw

In today's issue, we delve into the recent, high-profile data breaches and vulnerabilities that underscore the complexity and dynamism of cybersecurity challenges we face. From critical vulnerabilities in widely-used software to sophisticated cyberattacks targeting organizations and infrastructure, we aim to equip you with the knowledge needed to fortify your defenses.

Additionally, we spotlight strategic cybersecurity job opportunities across leading companies, highlighting the demand for skilled professionals ready to take on the challenges of protecting digital assets in various sectors.

As we continue through this month, let this newsletter serve as your guide to understanding and addressing the multifaceted threats of our digital world. Together, we can share best practices, leverage insights, and strengthen our collective security posture against the sophisticated cyber threats that lie ahead.

U.S. State Government Network Breach via Former Employee's Account

This breach emphasizes the risks associated with inactive accounts and the necessity for rigorous offboarding processes. A former employee's account was misused to gain unauthorized access, spotlighting the critical need for continuous monitoring and prompt deactivation of accounts post-employment to safeguard sensitive information.

Read more: https://thehackernews.com/2024/02/us-state-government-network-breached.html

Central Texas on Alert as Williamson County Confirms Data Breach

Williamson County experienced a significant data breach, potentially exposing residents' personal information, including Social Security numbers and medical records. This incident underscores the importance of robust data protection measures and timely incident response strategies to minimize the impact on individuals' privacy and prevent identity theft.

Read more: https://hoodline.com/2024/02/central-texas-on-alert-as-williamson-county-confirms-data-breach-exposing-residents-sensitive-info/

Update on INTEGRIS Health data breach.

Incident Response Criticized by Patients. The INTEGRIS Health data breach, impacting patients' sensitive information, highlights the critical role of effective communication and incident response. Criticism from affected individuals about the organization's handling of the situation points to the need for transparency and swift action in addressing security lapses to restore trust.

Read more: https://www.databreaches.net/update-on-integris-health-data-breach-incident-response-criticized-by-patients/

An Incident Impacting Some Accounts and Private Information on Twitter

This breach on a major social media platform like Twitter raises concerns about the security of user data and the potential for widespread misuse of personal information. It calls attention to the challenges of protecting user data in the face of sophisticated cyber threats and the importance of robust security measures and user awareness.

Read more:https://techcrunch.com/2024/02/12/twitter-alternative-spoutible-clashes-with-critics-over-security-breach/

AnyDesk Breach Calls Urgent Attention To Code Signing Security

The breach discovered during a security audit at AnyDesk, a popular remote desktop software, sheds light on the often-overlooked aspect of code signing security. It stresses the necessity for stringent security practices in software development and distribution to prevent unauthorized access and ensure the integrity of applications.

Read more: https://securityboulevard.com/2024/02/anydesk-breach-calls-urgent-attention-to-code-signing-security/

CVE-2024-0031

Remote Code Execution via Bluetooth. This vulnerability in the Bluetooth stack allows remote code execution without requiring user interaction or additional privileges. Given Bluetooth's widespread use in various devices, this vulnerability poses a significant risk, emphasizing the need for prompt patching and awareness of Bluetooth-related security measures.

Read more: https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661

CVE-2022-23088

Wi-Fi Kernel Memory Overwrite A critical flaw in the handling of 802.11 beacon frames can lead to remote code execution by overwriting kernel memory while a FreeBSD Wi-Fi client scans for networks. This vulnerability underscores the importance of validating external inputs and the potential risks associated with wireless network interfaces.

Read more: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc

CVE-2024-0018

Heap Buffer Overflow in Color Converter. This vulnerability involves an out-of-bounds write in the color conversion process, leading to potential local escalation of privilege. It highlights the challenges in handling complex data structures and the need for rigorous bounds checking in software development.

Read more: https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23

CVE-2024-0015

Intent Redirection in DreamService.java. This flaw allows for the launching of arbitrary protected activities via intent redirection, leading to local escalation of privilege. It emphasizes the importance of secure intent handling and the potential risks associated with inter-component communication in Android applications.

Read more: https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70

CVE-2023-40113

Cross-user Message Data Access. This vulnerability allows apps to access message data across users without proper permissions, leading to information disclosure. It showcases the need for strict permission checks and the potential privacy implications of inter-user data access on shared devices.

Read more: https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/64ca6ba981745875dbf2064e0b2a47f8194c4f0a

Bricks 1.9.6.1 Patches Critical RCE Vulnerability

This story details a critical remote code execution (RCE) vulnerability in the Bricks WordPress theme builder. The flaw, discovered by Calvin Alkan of snicco, could allow attackers to execute arbitrary code on sites using an unpatched version of Bricks. The quick response by the Bricks team to patch this vulnerability underscores the importance of timely vulnerability disclosure and patch management in maintaining web application security.

Read more: https://wptavern.com/bricks-1-9-6-1-patches-critical-rce-vulnerability

13,000 unpatched Ivanti appliances exposed as attacks escalate

A shocking revelation about Ivanti appliances shipping with a 13-year-old, unsupported base OS, leading to widespread security vulnerabilities. This situation highlights the critical need for organizations to conduct regular firmware updates and the risks associated with using outdated and unsupported software, emphasizing the importance of supply chain security.

Read more: https://www.thestack.technology/13-000-unpatched-ivanti-appliances-still-exposed-as-attacks-escalate-and-firmware-analysis-reveals-fresh-horrors/

Security Alliance proposes Whitehat Safe Harbor to secure Web3

The initiative by the Security Alliance (SEAL) to create a Whitehat Safe Harbor aims to encourage ethical hacking and vulnerability disclosure in the Web3 ecosystem. Led by security researcher samczsun, this move points to the growing recognition of the role of ethical hackers in enhancing cybersecurity and the specific challenges facing the decentralized nature of Web3 technologies.

Read more: https://www.lexology.com/library/detail.aspx?g=e3d0f133-52be-48fe-abc6-0d66097d5452

FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

This operation showcases the ongoing efforts to counter state-sponsored cyber threats, particularly as the U.S. approaches election season. The disruption of the Forest Blizzard botnet, attributed to nation-state actors, emphasizes the importance of international cooperation and proactive measures in combating sophisticated cyber threats.

Read more: https://www.cybersecuritydive.com/news/fbi-disrupts-botnet-forest-blizzard/707788/

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The warning from CISA about Akira ransomware targeting a known vulnerability in Cisco ASA/FTD devices serves as a critical reminder of the importance of vulnerability management and the need for organizations to swiftly apply security patches. It highlights the evolving landscape of ransomware threats and the necessity for continuous monitoring and defense-in-depth strategies.

Read more: https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html

Program Manager - CISO CSIRT Response Tools at IBM

This role, offering a salary range of $153K - $231K per year, is crucial for managing the tools and processes associated with the Computer Security Incident Response Team (CSIRT) within IBM. The position emphasizes the importance of strategic leadership in developing and maintaining robust incident response capabilities, catering to a significant need within organizations for rapid and effective response to cyber incidents.

Read more: https://www.linkedin.com/jobs/view/3829171271

Staff Security Engineering Manager, Hardening, Google Cloud CISO

With a salary range of $185K - $283K per year, this position highlights the critical role of security hardening within cloud infrastructure. Focused on enhancing the security posture of Google Cloud services, this role underscores the growing importance of cloud security in protecting organizational assets and data in the cloud.

Read more: https://www.linkedin.com/jobs/view/3831385572

CISO Risk Officer C13 - VP at Citi

Offering a salary range of $125.8K - $188.6K per year, this hybrid role is pivotal in managing cybersecurity risks at the executive level. It emphasizes the integration of risk management with strategic decision-making, reflecting the necessity for organizations to balance innovation with the need to mitigate potential cybersecurity risks.

Read more: https://www.linkedin.com/jobs/view/3813593900

Vice President, Deputy Chief Information Security Officer at Planned Parenthood Federation of America

With a competitive salary range of $255K - $265K per year, this position underscores the importance of leadership in information security within healthcare and nonprofit sectors. It highlights the need for robust privacy and security measures to protect sensitive health information and maintain trust with clients and stakeholders.

Read more: https://www.linkedin.com/jobs/view/3798881449

Chief Information Security Officer (CISO) at Bally Sports

This on-site role points to the critical need for overseeing and enhancing the information security posture within the sports and entertainment industry. It signifies the importance of protecting digital assets, customer data, and intellectual property from cyber threats, which is increasingly crucial in sectors dealing with high volumes of digital content and personal data.

Read more: https://www.linkedin.com/jobs/view/3832458006

As we conclude today's issue of The Secret CISO newsletter on this 16th of February, it's clear that the world of cybersecurity remains as relentless and evolving as ever. The selection of critical vulnerabilities, recent data breaches, and strategic cybersecurity job openings discussed today underscore the multifaceted nature of threats we encounter in our mission to safeguard digital assets.

Moving deeper into February, let these insights serve as a catalyst for reflection on the ever-changing cybersecurity landscape and underscore the vital role played by CISOs and cybersecurity practitioners in navigating these challenges. May the knowledge shared today empower us to enhance our protective measures, foster collaborative efforts, and push forward with innovative solutions to outpace the advancing cyber adversaries of our time.

The Secret CISO newsletter will return on Monday, ready to provide you with the latest cybersecurity news, analyses, and job opportunities. Let's use this time to ponder over the insights shared this week and how they can be applied to enhance our security postures and strategies.

Best wishes,
The Secret CISO Daily Newsletter Team