Secret CISO 3/5: AMEX Data Breach, Healthcare Sector Cyber Threats, AI Worm Infiltration, and Critical Node.js Vulnerabilities

Secret CISO

5 min read
Secret CISO 3/5: AMEX Data Breach, Healthcare Sector Cyber Threats, AI Worm Infiltration, and Critical Node.js Vulnerabilities

Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches that have rocked the financial and healthcare sectors. American Express has admitted to a data breach, with card data exposed due to a third-party blunder. The breach occurred through a provider frequently used by the company's travel services division, leading to a potential compromise of customer credit card details. Meanwhile, the healthcare sector is facing an alarming rise in data breaches, with ransomware and hacking at the forefront. In the last five years, there has been a significant increase in cyber threats targeting healthcare providers. In other news, Bayview mortgage servicers are seeking to block a plaintiff's filing in a data breach lawsuit, while U-Haul has suffered a data breach affecting 67,000 individuals. On the brighter side, we're also covering some proactive measures being taken to prevent future breaches. The Michigan Department of Insurance and Financial Services is offering tips to consumers on how to safeguard their accounts before a data breach occurs. In the world of security research, a critical pre-auth RCE bug has been exposed in the CI/CD platform TeamCity, and researchers have developed a self-replicating AI worm that can infiltrate people's emails to spread malware and steal data. Stay tuned for more updates on these stories and other breaking cybersecurity news. Stay safe, stay informed with Secret CISO.

Data Breaches

American Express Data Breach

American Express admitted to a data breach, blaming a third-party for the exposure of card data. The breach occurred through a provider frequently used by the company's travel services division, potentially exposing credit card details of numerous customers. Source: The Register, Dark Reading

Healthcare Data Breaches

The healthcare sector has seen a significant rise in data breaches over the last five years, with ransomware and hacking being the primary threats. This has had a substantial impact on healthcare providers, compromising patient data and disrupting services. Source: JD Supra, National Law Review

U-Haul Data Breach

U-Haul suffered a data breach that exposed 67,000 customer records. The breach leveraged legitimate passwords, affecting a customer records system and potentially exposing sensitive customer information. Source: CPO Magazine

Aetna Life Insurance Data Breach

Aetna Life Insurance Company filed a notice of data breach impacting tens of thousands of customers. The breach was discovered in March 2024, potentially exposing sensitive customer data. Source: JD Supra

Western National Data Breach

Western National Group disclosed a data breach that occurred in June 2023. The breach was discovered in February 2024, potentially exposing sensitive customer data. Source: JD Supra

Security Research

CI/CD platform TeamCity exposed to critical pre-auth RCE bug

A critical pre-authentication remote code execution (RCE) bug has been discovered in the CI/CD platform TeamCity. The vulnerability could allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass security measures. Source: The Stack and The Record

Hackers Behind the Change Healthcare Ransomware Attack Received a $22 Million Payment

The group responsible for the ransomware attack on Change Healthcare has reportedly received a $22 million ransom payment. This not only funds future attacks by the group but also encourages other cybercriminals. Source: Wired

FCC and crypto firms targeted in advanced phishing attacks using fake Okta logins

A sophisticated phishing campaign is targeting employees of the US Federal Communications Commission (FCC) and various cryptocurrency firms, using fake Okta logins to gain unauthorized access. Source: TechRadar

Critical Node.js Vulnerabilities Impact Ubuntu 23.10

Critical security vulnerabilities have been identified in Node.js, particularly impacting users of Ubuntu 23.10. Users are urged to update their systems immediately to mitigate the risk. Source: BNN Breaking

AI worm that infects computers and reads emails created by researchers

Security researchers have developed a self-replicating AI worm that can infiltrate people's emails to spread malware and steal data. The worm uses an "adversarial self-replicating prompt" to propagate. Source: The Independent and NDTV

Top CVEs

CVE-2023-38362

IBM CICS TX Advanced 10.1 could potentially disclose sensitive information to remote attackers due to observable discrepancies in HTTP responses. This vulnerability could lead to unauthorized access to confidential data. Source: CVE-2023-38362

CVE-2023-38360

IBM CICS TX Advanced 10.1 is susceptible to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. Source: CVE-2023-38360

CVE-2023-32331

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. This vulnerability could lead to service disruption and potential data loss. Source: CVE-2023-32331

CVE-2022-43890

IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. This vulnerability could lead to unauthorized access to confidential data. Source: CVE-2022-43890

CVE-2024-27889

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. Source: CVE-2024-27889

CISO Job's

Director of Security Compliance - Industrial Cybersecurity Consulting at 1898 & Co. (Multiple California Locations)

This role offers a unique opportunity to shape the security landscape within the industrial sector, providing critical compliance oversight and cybersecurity consulting. The position's high compensation range reflects the level of expertise required, signaling an advanced and influential role in the industry. Candidates will have the chance to work on varied projects across multiple locations in California, making this a dynamic and impactful position.

Read more: https://www.linkedin.com/jobs/view/3846120092

Chief Information Security Officer at Caltech (Pasadena, CA)

The CISO position at Caltech represents a prestigious opportunity to lead cybersecurity initiatives at one of the world's leading scientific and research institutions. The role offers a significant salary and the chance to impact the security of cutting-edge research and academic information systems. This on-site position in Pasadena, CA, allows for direct interaction with some of the brightest minds in science and technology.

Read more: https://www.linkedin.com/jobs/view/3810554440

Head of Incident Response at Halcyon (United States - Remote)

This remote position as Head of Incident Response offers the flexibility to work from anywhere in the United States, appealing to top talent seeking work-life balance. The role provides a competitive salary and the opportunity to lead critical cybersecurity incident response efforts, an area of growing importance in an increasingly digital world.

Read more: https://www.linkedin.com/jobs/view/3845736994

Virtual Chief Information Security Officer at Optomi (Shelton, CT - Remote)

The Virtual CISO role offers a modern, flexible approach to a high-level security position, allowing for remote work and a focus on delivering strategic cybersecurity guidance to multiple clients. The pay-per-hour model indicates a strong demand for experienced cybersecurity professionals who can provide tailored advice and strategies.

Read more: https://www.linkedin.com/jobs/view/3842060450

Senior Director of Privacy and Cybersecurity at InterEx Group (Washington DC-Baltimore Area - Hybrid)

This hybrid role offers the best of both worlds: the flexibility of remote work with the option for in-person collaboration in the dynamic Washington DC-Baltimore area. The position is critical for ensuring privacy and cybersecurity compliance and offers a unique opportunity to impact policies and strategies at a high level within the organization.

Read more: https://www.linkedin.com/jobs/view/3845647527

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, the cyber landscape is ever-evolving, with new threats and vulnerabilities emerging daily. From the recent data breaches at American Express to the rise in healthcare data breaches, it's clear that no sector is immune. Remember, knowledge is power. By staying informed, we can all play a part in bolstering our defenses and safeguarding our data.

So, don't keep this valuable information to yourself. Share this newsletter with your friends and colleagues, and let's work together to create a safer digital world. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more