Secret CISO 3/12: Roku and School System Breaches, EquiLend and UT Southwestern Data Leaks, American Express and Banregio Financial Compromises, Security Research on AI and VR Vulnerabilities

Secret CISO 3/12: Roku and School System Breaches, EquiLend and UT Southwestern Data Leaks, American Express and Banregio Financial Compromises, Security Research on AI and VR Vulnerabilities

Welcome to today's edition of the Secret CISO newsletter, where we bring you the latest and most impactful cybersecurity news. In today's headlines, Roku hackers have breached 15,000 accounts and are selling them online. This type of attack, known as credential stuffing, involves hackers using emails and passwords exposed in data breaches to gain unauthorized access. In another shocking development, hackers are now targeting a surprising group of people: young public school students. When Celeste Gravatt first heard about a data breach in her kids' school system, it seemed harmless. However, the breach has raised serious concerns about the security of our educational institutions. Fintech firm EquiLend has also fallen victim to a ransomware attack leading to a data breach. The firm has started sending notification letters to its employees to inform them of the breach. In a similar vein, UT Southwestern Medical Center has reported a possible data breach involving the internal use of unapproved software. The breach has compromised data from almost 2,100 individuals. In a third-party breach, American Express customers' credit card information has been leaked. The payment card services provider has notified authorities and customers of the breach affecting a merchant processor. These incidents highlight the growing threat of cyberattacks and the importance of robust cybersecurity measures. Stay tuned for more updates and remember, stay safe online!

Data Breaches

  1. Roku Hackers Breach: Hackers breached 15,000 Roku accounts using a technique called credential stuffing, where they use leaked emails and passwords from other data breaches. The breached accounts are being sold online, posing a significant threat to users' privacy and financial security. Source: The Verge
  2. Public School Students Data Breach: In February 2023, a data breach in a public school system exposed the personal information of young students. The breach, initially thought to be innocuous, has raised concerns about the vulnerability of educational institutions to cyberattacks. Source: OPB
  3. EquiLend Ransomware Attack: Fintech firm EquiLend suffered a data breach in January 2024 due to a ransomware attack. The company has started notifying its employees about the breach, highlighting the increasing threat of ransomware attacks to businesses. Source: SecurityWeek
  4. UT Southwestern Medical Center Breach: UT Southwestern Medical Center reported a data breach involving the internal use of unapproved software. The breach did not involve a cyberattack or external exposure of data but still compromised the data of over 2,100 individuals. Source: SC Media
  5. American Express Third-Party Breach: American Express reported a third-party breach affecting a merchant processor that leaked customers' credit card information. The company has notified authorities and customers about the breach, underlining the risks associated with third-party data processors. Source: CPO Magazine

Security Research

  1. $15 M allocated to food security research: The government of Saskatchewan has granted the University of Saskatchewan institute a five-year funding for food security research. This investment aims to enhance the province's food security and sustainability. Source: SaskToday.ca
  2. Researchers expose Microsoft SCCM misconfigs usable in cyberattacks: Security researchers have developed a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's System Center Configuration Manager (SCCM). This research aims to help organizations understand and mitigate potential cyber threats. Source: BleepingComputer
  3. VR headsets can be hacked with an Inception-style attack: Researchers at the University of Chicago have exposed a security vulnerability in VR headsets. The research highlights the growing need for robust security measures as VR technology becomes increasingly popular. Source: MIT Technology Review
  4. Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities: Security researchers have discovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. This research underscores the importance of timely patching and security updates. Source: Infosecurity Magazine
  5. Gladstone.AI Announces the First-Ever AI Action Plan for United States National Security: Gladstone.AI has announced the first-ever AI action plan for US national security, recommending interim measures, early warnings, contingency planning, and investments in AI safety and security research. This plan aims to address AI safety and security concerns at a national level. Source: PR Newswire

Top CVEs

  1. CVE-2024-0039: In att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Source: CVE-2024-0039
  2. CVE-2024-26619: In the Linux kernel, a vulnerability has been resolved in riscv: Fix module loading free order. Reverse order of kfree calls has been implemented to resolve use-after-free issues. Source: CVE-2024-26619
  3. CVE-2024-26610: In the Linux kernel, a vulnerability has been resolved in wifi: iwlwifi: fix a memory corruption. The issue was related to iwl_fw_ini_trigger_tlv::data pointer to a __le32, which could lead to writing past the allocated memory. Source: CVE-2024-26610
  4. CVE-2024-26614: In the Linux kernel, a vulnerability has been resolved in tcp: make sure init the accept_queue's spinlocks once. The issue was related to a corrupted value in pvqspinlock, which could lead to a system crash. Source: CVE-2024-26614
  5. CVE-2024-26617: In the Linux kernel, a vulnerability has been resolved in fs/proc/task_mmu: move mmu notification mechanism inside mm lock. The notifier will invalidate memory range, which could lead to race condition in other components. Source: CVE-2024-26617

Final Words

That's it for today's edition of the Secret CISO newsletter. We hope you found these updates valuable. Remember, staying informed is the first step in protecting your systems and data. Don't forget to share this newsletter with your colleagues and friends who might also benefit from this information. Stay safe and secure until next time!

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO