Secret CISO 2/28: Cencora's Data Crisis, UnitedHealth's Hacker Havoc, Golden Corral's Info Leak & More

Secret CISO

Feb 28, 2024 — 6 min read

Welcome to the latest issue of The Secret CISO newsletter, where we delve into the critical cybersecurity developments shaping our industry. Our aim is to provide you with an insightful compilation of news, trends, and analyses designed to keep you informed and prepared in the ever-evolving cybersecurity landscape. In this edition, we explore recent high-profile data breaches, emerging threats, and effective strategies for enhancing your organization's cyber resilience. Join us as we navigate the complexities of cybersecurity togethe

1. Data Breaches

Cencora's Major Data Breach

Cencora, a pharmaceutical giant, recently fell victim to a significant cyberattack, leading to the theft of sensitive personal data. The breach underscores the escalating cyber threats targeting the healthcare and pharmaceutical sectors. It serves as a critical reminder of the importance of implementing robust cybersecurity measures and maintaining vigilance to protect sensitive information from sophisticated threat actors.

UnitedHealth Pharmacy Cyberattack

UnitedHealth experienced a severe data breach due to a cyberattack attributed to an infamous hacking group. This incident highlights the growing vulnerabilities in the healthcare sector, especially in pharmacy services. The engagement of cybersecurity firms Mandiant and Palo Alto Networks for the investigation emphasizes the necessity of expert intervention in understanding and mitigating such sophisticated attacks.

Golden Corral Data Breach

The Golden Corral Corporation faced multiple class actions following a data breach impacting nearly 200,000 individuals. This incident reflects the increasing trend of data breaches in the hospitality industry and emphasizes the need for stringent data security measures and prompt breach response strategies to safeguard employee and customer information.

Surge in PHI Data Breaches

A significant rise in data breaches exposing Protected Health Information (PHI) has been reported, with large breaches affecting 500 or more individuals. This trend highlights the urgent need for healthcare entities to enhance their data protection practices and to comply strictly with HIPAA regulations to prevent such breaches and protect patient information.

Third-party Attack Vectors

A recent report has revealed that third-party attack vectors account for 29% of data breaches. This statistic underscores the critical importance of third-party risk management plans in cybersecurity strategies. Organizations must rigorously assess and monitor their third-party vendors to prevent data breaches and ensure the security of their information systems.

2. Top CVE

Rails Action Controller XSS Vulnerability

CVE-2024-26143. This vulnerability in the Rails web-application framework arises within Action Controller's translation helpers, leading to potential XSS exploits when using translation methods like translate or t. This issue becomes apparent with keys ending in "_html" combined with a :default key containing untrusted user input. It highlights the importance of sanitizing user inputs and updating Rails applications to safeguard against XSS threats.

Diffoscope Directory Traversal Flaw

CVE-2024-25711. In diffoscope versions prior to 256, there is a directory traversal vulnerability that could allow attackers to expose sensitive files, such as SSH keys, by exploiting the --use-embedded-filenames option in GPG files. This flaw underlines the necessity for users to upgrade their diffoscope installations to maintain the confidentiality and integrity of their file systems.

X.Org Server DisableDevice Function Vulnerability

CVE-2024-21886. This issue in the X.Org server's DisableDevice function can lead to a heap buffer overflow, causing application crashes or potential remote code execution during SSH X11 forwarding. It emphasizes the need for immediate updates to the X.Org server to mitigate the risks associated with buffer overflow vulnerabilities.

X.Org Server XISendDeviceHierarchyEvent Buffer Overflow

CVE-2024-21885. Another heap buffer overflow vulnerability within the X.Org server, specifically in the XISendDeviceHierarchyEvent function, can result in application crashes or arbitrary code execution. The problem arises when new device IDs extend beyond the allocated array length. Promptly updating the X.Org server is crucial to prevent exploitation and ensure system security.

Apache Ambari Malicious Code Injection Risk

CVE-2023-50379. This vulnerability in Apache Ambari before version 2.7.8 allows for malicious code injection, potentially enabling cluster operators to gain unauthorized root access. It accentuates the importance of upgrading to Apache Ambari version 2.7.8 or later to eliminate the risk of malicious code execution and secure cluster management.

3. Security Research

Seneca Protocol Hack

The Seneca Protocol hack underscores the inherent risks associated with Ethereum's token approval mechanism. Crypto security researcher Daniel Von Fange discovered a significant flaw in Seneca's code, highlighting the vulnerabilities in smart contract design and the importance of community engagement in identifying and addressing security issues. This incident emphasizes the need for thorough security audits and community involvement in the cryptocurrency space.

Security Cameras Vulnerability

Recent research from Northeastern University revealed a substantial security gap that allows hackers to spy through security cameras. This discovery points to a massive breach in our security infrastructure, emphasizing the need for improved security measures and technologies to protect privacy and ensure the security of surveillance systems.

Change Healthcare Cyberattack

The healthcare sector faces increasing uncertainty following the cyberattack on Change Healthcare. This incident highlights the critical need for robust cybersecurity frameworks within healthcare organizations to maintain operations and protect sensitive patient data against evolving cyber threats.

Hugging Face Security Issue in AI Models

A security flaw identified in AI models, particularly those associated with Hugging Face, raises significant concerns about the vulnerabilities in machine learning systems. This discovery by security researchers at HiddenLayer underscores the importance of securing AI platforms against potential attacks that could compromise the integrity and functionality of AI systems.

BlackCat Ransomware Targeting Healthcare

The FBI's warning about targeted BlackCat ransomware attacks against the U.S. healthcare sector signifies the increasing threat landscape in this industry. This situation highlights the urgency for healthcare organizations to adopt comprehensive cybersecurity measures and to prepare for potential ransomware attacks to protect patient information and healthcare services.

4. CISO Jobs

OT Cybersecurity SME - Director, Cognizant, Dallas, TX

This role emphasizes the growing demand for operational technology (OT) cybersecurity expertise, reflecting the critical need to protect industrial and infrastructure systems from cyber threats. Cognizant is seeking a director-level professional in Dallas, offering a 401(k) benefit, highlighting the company's commitment to securing critical OT environments and providing competitive employee benefits.

Director, Information Security, Walmart, Bentonville, AR

Walmart's active recruitment for an Information Security Director underlines the retail giant's prioritization of cybersecurity in safeguarding its vast digital and physical operations. The position, based in Bentonville and featuring a 401(k) benefit, emphasizes Walmart's dedication to enhancing its security posture amidst evolving cyber threats in the retail sector.

CISO, Cyber Security & IT Governance, Portland General Electric, Tualatin, OR

This role reflects the energy sector's increasing focus on cybersecurity and IT governance, with Portland General Electric offering a significant salary range and medical benefits. Situated in Tualatin, OR, this position underscores the importance of integrating cybersecurity strategies with overall IT governance to protect critical energy infrastructure.

Senior Director, Chief Information Security Officer, Navis, Atlanta, GA

Navis is seeking a CISO in Atlanta, indicating the maritime industry's heightened focus on cybersecurity. The position offers a 401(k) benefit, illustrating Navis's commitment to leading cybersecurity efforts within the maritime and shipping sectors, protecting against global cyber threats.

Director - IT Security, Sanford Health, Sioux Falls, SD

Sanford Health's recruitment for an IT Security Director in Sioux Falls showcases the healthcare industry's urgent need for enhanced cybersecurity measures. Offering medical, vision, dental, and 401(k) benefits, this position highlights the critical role of cybersecurity in protecting sensitive health data and ensuring the continuity of healthcare services amid rising cyberattacks.

Final words

Appreciation for your thorough engagement with The Secret CISO newsletter. Your commitment fuels our mission to present significant cybersecurity updates and insights. Should you find our content beneficial, please consider sharing it with peers to help cultivate a knowledgeable and robust cybersecurity network. Thank you for your ongoing trust and support.

Warm wishes,
The Secret CISO Team