Secret CISO 2/22: Fortinet's Alert, ConnectWise Breach, SSH-Snake's Rise, and OneTrust's Recruitment Drive

In this edition of The Secret CISO newsletter, we delve into the pressing cybersecurity issues that are shaping our digital landscape. From the recent discovery of critical vulnerabilities in ConnectWise ScreenConnect, exposing significant risks within IT management frameworks, to innovative security enhancements in blockchain technologies as highlighted by Frode van der Laak's award-winning research.

We also explore the evolving threats in the Indian fintech ecosystem and the strategic implications of geopolitical activities in cybersecurity, marked by the arrival of a Chinese research ship in the Maldives. Additionally, we shed light on the unexpected turn of security tools, such as the 'SSH-Snake', from protective measures to weapons in the hands of cybercriminals. Join us as we unpack these developments and their implications for our global cybersecurity community.

Medibank Data Breach

The breach affected 9.7 million Australians, with hackers accessing highly sensitive data, including medical information. The Australian Signals Directorate detected unusual activity, leading to Medibank's public acknowledgment of the breach. Despite efforts, hackers released customer data on the dark web, including details of medical treatments. Medibank faced significant costs and has been working on upgrading its IT systems, yet cybersecurity specialists argue more improvements are needed​​​​.

Read more: https://www.itnews.com.au/news/data-breach-costs-slowly-abating-for-medibank-605350

Te Whatu Ora Data Breach

A significant leak affecting New Zealand's health sector, particularly vaccinators, has raised alarms for personal safety. This breach highlights the vulnerability of healthcare workers and patients, emphasizing the need for enhanced data security measures in the healthcare industry.

Read more: https://www.nzherald.co.nz/nz/te-whatu-ora-data-breach-has-vaccinators-fearing-for-their-safety/QKJ7TO5Q6VAPBCQ5HYE3PKW73E/

Medical Management Resource Group, LLC Data Breach

This breach potentially exposed sensitive information such as Social Security numbers, medical records, and contact details. The breach underlines the critical need for robust security protocols in managing and protecting personal and medical data.

Read more: https://www.morningstar.com/news/globe-newswire/9041914/lynch-carpenter-investigates-claims-in-medical-management-resource-group-llc-data-breach

Davlyn Investments Data Breach

This incident, reported to the Massachusetts Attorney General, involved unauthorized access to client data. It underscores the importance of stringent security measures and immediate response strategies in the real estate and investment sectors.

Read more: https://www.jdsupra.com/legalnews/davlyn-investments-notifies-clients-of-5136305/

Newport Group's Third-Party Data Breach at Infosys McCamish Systems

Highlighting the risks associated with third-party service providers, this breach affected Newport Group's customer data. It serves as a crucial reminder of the need for comprehensive security assessments and monitoring of all third-party engagements.

Read more: https://bankautomationnews.com/allposts/risk-security/what-bank-of-america-is-doing-for-customers-after-data-breach/

Fortinet FortiOS and FortiProxy

CVE-2023-29181. This vulnerability involves an externally-controlled format string in various versions of Fortinet FortiOS and FortiProxy. It allows an attacker to execute unauthorized code or commands via specially crafted input. The flaw is significant due to its potential for remote code execution, making it crucial for security teams to apply patches provided by Fortinet to mitigate the risk​​​​​​.

Read more: https://www.fortiguard.com/psirt/FG-IR-23-119

Fortinet FortiOS

CVE-2023-29180. Characterized by a null pointer dereference in Fortinet FortiOS, this vulnerability can be exploited to perform a denial-of-service attack by crashing the SSL-VPN daemon. While not as severe as remote code execution, the potential to disrupt services makes this vulnerability noteworthy. Organizations should update to the latest FortiOS versions to avoid exploitation​​.

Read more: https://www.fortiguard.com/psirt/FG-IR-23-111

Fortinet FortiOS

CVE-2023-29179. Another null pointer dereference in Fortinet FortiOS, similar to CVE-2023-29180, but distinct in its specifics and impact. This vulnerability could allow an authenticated attacker to crash the SSL-VPN daemon, emphasizing the need for proper authentication controls and timely system updates​​.

Read more: https://www.fortiguard.com/psirt/FG-IR-23-125

ConnectWise ScreenConnect

CVE-2024-1709. An authentication bypass vulnerability affecting versions of ConnectWise ScreenConnect up to 23.9.7. This issue could permit an attacker direct access to confidential information, underlining the importance of secure authentication mechanisms and the necessity for swift patch application to prevent unauthorized access.

Read more: https://github.com/rapid7/metasploit-framework/pull/18870

Google Chrome

CVE-2024-1671. This vulnerability stems from an inappropriate implementation in Site Isolation in versions of Google Chrome prior to 122.0.6261.57. It allows remote attackers to bypass content security policy via a crafted HTML page, highlighting the continuous need for browser security and prompt updates to safeguard user data from potential exploit attempts.

Read more: https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html

ConnectWise ScreenConnect Vulnerabilities

Security experts have issued warnings about two significant vulnerabilities in ConnectWise ScreenConnect. These vulnerabilities are reportedly easy to exploit and have raised alarms within the cybersecurity community. Users are urged to patch their systems immediately to protect against potential exploitation​​​​.

Read more: https://www.techtarget.com/searchsecurity/news/366570996/ConnectWise-ScreenConnect-flaws-under-attack-patch-now

Innovative Security by Frode van der Laak

Frode van der Laak has been recognized with the 'Best Researcher Award' at the International Congress for his work in pushing the boundaries of digital innovations powered by blockchain, focusing on security, scalability, and efficiency​

Read more: https://finance.yahoo.com/news/frode-van-der-laak-wins-081700468.html

Indian Fintech Security Concerns

Karan Saini's investigative work has shed light on the rapid but potentially fraudulent activities within the Indian fintech sector. This includes concerns about the security of consumer applications and QR codes, highlighting the importance of rigorous cybersecurity measures in the fast-growing fintech industry​​.

Read more: https://www.deccanherald.com/opinion/indian-fintech-is-fast-furious-and-fraudulent-2904966

Exploitation of 'SSH-Snake' Tool

Security firm Sysdig reports rapid abuse of the 'SSH-Snake' worm-like tool, developed by Australian security researcher Joshua Rogers. The tool, initially meant for security testing, has been weaponized by cybercriminals for network attacks, illustrating how tools intended for security can be turned against users​​.

Read more: https://www.securityweek.com/threat-actors-quick-to-abuse-ssh-snake-worm-like-tool/

Active Exploitation of ConnectWise ScreenConnect

Cybersecurity Dive warns users of critical flaws in ConnectWise ScreenConnect that are being actively exploited. The company has issued an alert urging immediate patching to prevent an authentication bypass vulnerability​​.

Read more: https://www.cybersecuritydive.com/news/connectwise-screenconnect-exploitation-critical-flaws/708232/

Chief Information Security Officer at Case Western Reserve University

This is a high-level executive role responsible for setting and implementing the university's cybersecurity strategy, making it one of the most impactful positions due to the breadth of information and systems needing protection in an academic environment.

Read more: https://www.linkedin.com/jobs/view/3836120411

Chief Information Security Officer at HealthEdge

This remote position allows for flexible working while overseeing the company's information security, which is particularly crucial in the healthcare sector due to the sensitive nature of medical data.

Read more: https://www.linkedin.com/jobs/view/3802298341

Senior Director, Information Security at Slalom

A senior-level position with a significant salary range and responsibilities including overseeing the information security and governance at Slalom, a consulting firm known for its innovative solutions.

Read more: https://www.linkedin.com/jobs/view/3758780943

Director, Information Security Operations at First American

This role offers a broad operational scope, with responsibilities in managing threats, incidents, and security of information assets in a hybrid work setting, providing a balance between on-site and remote management.

Read more: https://www.linkedin.com/jobs/view/3837214661

Senior Director, Information Security at OneTrust

This position commands a high salary range and is responsible for leading the information security efforts at OneTrust, emphasizing the growing importance of privacy and trust in technology solutions.

Read more: https://www.linkedin.com/jobs/view/3817937346

We appreciate your commitment to reading this issue of The Secret CISO newsletter. Your involvement and commitment to remaining updated are crucial to our mission of providing significant cybersecurity insights. If you find our content beneficial, please consider sharing it with peers and colleagues who might find it equally informative. By spreading knowledge, we contribute to creating a stronger, more knowledgeable cybersecurity community.

Thank you again for your ongoing support and confidence in us.

Warm wishes,
The Secret CISO Team