Secret CISO 2/29: AI Model Threats, NEW Ivanti VPN Vulnerabilities, Exposed 2FA Codes, SMR Security Risks, and Memory-Safe Programming

Welcome back to The Secret CISO, your essential guide to the evolving landscape of cybersecurity. After a nine-month hiatus, we are thrilled to reconnect with our community and dive back into the critical issues shaping our industry.

Today, we spotlight an array of pressing topics, from the vulnerabilities affecting AI models and traditional VPN solutions to the latest significant data breaches impacting sectors worldwide. Join us as we explore the implications of these developments and provide actionable insights to bolster your organization's defenses. Happy to be with you again! Let's embark on this informed journey together, staying one step ahead in the dynamic world of cybersecurity.

1. Change Healthcare Data Breach: BlackCat ransomware group claimed to have stolen 6TB of data from Change Healthcare's network. This significant breach could have extensive implications for patient privacy and corporate security. The incident underscores the growing threat of ransomware attacks in the healthcare sector and highlights the importance of robust cybersecurity measures. https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/
2. Houser LLP Law Firm Data Breach: This breach exposed personal information of more than 325,000 individuals, impacting high-profile financial institutions. Discovered in May 2023, this incident raises concerns about the security measures employed by legal firms handling sensitive information and emphasizes the critical need for improved data protection strategies in the legal sector. https://therecord.media/houser-law-firm-reports-data-breach
3. Egyptian Health Department Cyberattack: Affecting up to 100,000 individuals, this breach demonstrates the vulnerabilities in public health systems. The cyberattack on EHD in Eldorado, IL, highlights the need for enhanced cybersecurity defenses in public health institutions and the potential consequences of data breaches on patient privacy and trust. https://www.hipaajournal.com/egyptian-health-department-cyberattack-affects-up-to-100000-individuals/
4. ALPHV/BlackCat Ransomware Group Targets Healthcare: This incident, involving the ALPHV/BlackCat ransomware group, emphasizes the increasing focus of cybercriminals on the healthcare industry. The timely alert from federal agencies about the group's tactics underlines the urgent need for healthcare entities to adopt comprehensive cybersecurity measures and to remain vigilant against such threats. https://www.hipaajournal.com/cybersecurity-alert-alphv-blackcat-healthcare/
5. CISA’s Report on State-Level Data Breach: Leveraging admin credentials of a former employee led to a significant data breach, spotlighting the critical importance of proper access control and employee offboarding procedures. This incident serves as a reminder of the potential internal threats and the necessity for ongoing monitoring and updating of security credentials and practices. https://www.cpomagazine.com/cyber-security/cisa-admin-credentials-of-a-former-employee-leveraged-to-compromise-a-state-government-organization/

1. CVE-2023-29181 (Fortinet FortiOS and FortiProxy): This CVE identifies a critical vulnerability due to the use of an externally-controlled format string in multiple versions of Fortinet FortiOS and FortiProxy. Affected versions range widely across different series, making this vulnerability notable for its broad impact. Organizations using affected versions should prioritize updating to patched versions to mitigate potential exploitation, which could lead to sensitive data disclosure or unauthorized access. https://nvd.nist.gov/vuln/detail/CVE-2023-29181
2. CVE-2023-29180 (Fortinet FortiOS and FortiProxy): This vulnerability is a null pointer dereference issue found in various versions of Fortinet FortiOS and FortiProxy. The flaw could lead to system crashes and denial of service (DoS) conditions, undermining network security and reliability. Users are advised to apply necessary updates and patches to prevent malicious attacks that could exploit this weakness, ensuring the stability and security of their Fortinet deployments. https://nvd.nist.gov/vuln/detail/CVE-2023-29180
3. CVE-2024-21722 (MFA Management Features): This CVE highlights a significant flaw in the MFA management features, where existing user sessions were not properly terminated following changes to a user's MFA methods. This oversight could allow unauthorized access to persist even after MFA settings have been altered, posing a serious security risk. Immediate revision of session management policies and practices is recommended to close this security gap. https://nvd.nist.gov/vuln/detail/CVE-2024-21722
4. CVE-2024-21725 (Inadequate Escaping of Mail Addresses): This vulnerability involves inadequate escaping of mail addresses, leading to XSS (Cross-Site Scripting) vulnerabilities. The flaw exposes systems to potential malicious scripting attacks that could compromise user data and system integrity. Organizations should ensure that proper input validation and sanitization mechanisms are in place to protect against such XSS attacks. https://nvd.nist.gov/vuln/detail/CVE-2024-21725
5. CVE-2024-21726 (Inadequate Content Filtering): Similar to CVE-2024-21725, this CVE concerns inadequate content filtering mechanisms that lead to XSS vulnerabilities. The lack of effective filtering exposes systems to attacks where malicious scripts can be injected and executed. Strengthening content filtering and implementing robust security measures are crucial steps in mitigating the risks associated with this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2024-21726

1. Ivanti VPN Vulnerabilities: CISA has highlighted significant risks associated with using Ivanti VPNs due to three Connect Secure flaws that have been massively exploited since their initial disclosure on January 10. This situation underlines the critical importance of updating and securing VPN solutions, which are fundamental to maintaining the integrity and confidentiality of organizational networks. https://www.crn.com/news/security/2024/cisa-using-ivanti-vpns-may-pose-significant-risk
2. Leaky Database Exposing 2FA Codes: A security researcher discovered a database inadvertently exposing 2FA codes belonging to tech giants. This breach underscores the vulnerabilities in the storage and transmission of two-factor authentication codes, which are essential for the security of user accounts and sensitive data. https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/
3. Security of Small Modular Reactors: New research focuses on the global security implications of small modular reactors (SMRs), particularly in the context of export control and the prevention of technology proliferation. This breach signals the increasing importance of securing emerging technologies against unauthorized access and misuse. https://www.newswise.com/articles/new-research-aims-to-improve-global-security-of-small-modular-reactors
4. White House Memory-Safe Languages Initiative: Following a series of breaches, the White House has advocated for the use of memory-safe programming languages as part of a broader effort to enhance national cybersecurity infrastructure. This approach aims to reduce vulnerabilities that can lead to significant breaches and underscores the evolving landscape of cybersecurity best practices. https://www.bankinfosecurity.com/breach-roundup-white-house-calls-for-memory-safe-languages-a-24475
5. Hugging Face AI Malicious Models: JFrog Security Research has identified 100 malicious code-execution models on the Hugging Face AI platform. This breach highlights the growing threat of malicious AI models and the need for robust security measures in the development and deployment of machine learning models, marking a new frontier in cybersecurity challenges. https://www.darkreading.com/application-security/hugging-face-ai-platform-100-malicious-code-execution-models

1. Director, Digital Products, Information Security at Genmab (Princeton, NJ - Hybrid): Offering a salary range of $165K to $275K per year, this role focuses on protecting digital products and is a testament to the increasing importance of information security in the pharmaceutical sector. The position emphasizes the need for seasoned professionals who can balance security with digital innovation. https://www.linkedin.com/jobs/view/3825253836
2. Global Director, Cyber Security Policy at Intel Corporation (Washington, DC - Hybrid): With a salary range of $162.6K to $284.6K per year, this position underscores the growing significance of cybersecurity policy at a global scale. The role is ideal for individuals looking to influence cyber security strategies and policies within a leading technology firm. https://www.linkedin.com/jobs/view/3824237809
3. Director, Cybersecurity Portfolio Management at SimplyApply (Boston, MA): This role highlights the demand for directors capable of managing a comprehensive cybersecurity portfolio, reflecting the diversified nature of cybersecurity challenges and solutions in the current market. https://www.linkedin.com/jobs/view/3842907247
4. Director of Infrastructure and Cybersecurity at WSI (Warehouse Specialists, LLC) (Appleton, WI - Hybrid): This position indicates the expanding scope of cybersecurity roles beyond traditional tech companies into more operational and infrastructure-focused sectors, demonstrating the universal need for cybersecurity leadership. https://www.linkedin.com/jobs/view/3842988839
5. Senior Director, IT Infrastructure & Security at Day One Biopharmaceuticals (Brisbane, CA - Hybrid): Offering a salary range of $260K to $280K per year, this role highlights the critical importance of integrating IT infrastructure with cybersecurity strategies in the biopharmaceutical industry, pointing to the high demand for top-tier security professionals within specialized sectors. https://www.linkedin.com/jobs/view/3842802308

As we wrap up today's edition of The Secret CISO newsletter, we hope you found our insights and updates valuable for safeguarding your digital landscape. Cybersecurity is a collective effort, and sharing knowledge is key to strengthening our defenses against evolving threats.

If you found this information useful, please share it with your colleagues and friends in the industry. Together, we can create a safer cyber environment for all. Thank you for reading, and we look forward to bringing you more essential security insights in our next issue.

Stay secure and informed!