Welcome to this edition of The Secret CISO newsletter, where we delve into recent developments that underscore the continuous challenges and evolving landscape of cybersecurity. This time, we spotlight five significant data breaches that not only highlight the diverse nature of cyber threats but also the imperative need for robust defensive strategies across various sectors. From unexpected application errors in military data handling in Germany, legal ramifications faced by Houser LLP, to the extensive impacts on healthcare from Pacific Cataract and Laser Institute and a medical technology company, and geopolitical cyber tensions between China and Taiwan, each case provides unique insights and valuable lessons. Join us as we explore these incidents and their broader implications for cybersecurity professionals worldwide.

Germany Military Data Leak

Initially suspected as a cyber attack, Germany later clarified that the military data leak was due to an "application error", not a hack by Russian operatives. This incident underscores the importance of thorough internal reviews and application integrity to prevent unintentional leaks that can lead to misunderstandings and escalate tensions.

Read more: https://www.bankinfosecurity.com/germany-rules-out-russian-hack-in-military-data-leak-a-24526

Houser LLP Data Breach

The business litigation law firm Houser LLP is facing a class action lawsuit following a data breach in 2023. This breach has raised significant concerns regarding the protection of sensitive client information, emphasizing the need for robust security measures and immediate response strategies in legal firms to maintain client trust and comply with regulatory requirements.

Read more:https://www.law360.com/legalethics/articles/1810049/houser-llp-hit-by-class-action-over-2023-data-breach

Pacific Cataract and Laser Institute Data Breach

This incident highlights the vulnerability of medical data and the far-reaching impacts of breaches in the healthcare sector. Patients affected by the breach may face significant privacy concerns and the breach stresses the necessity for enhanced security protocols and regular audits within healthcare institutions.

Read more: https://www.classaction.org/data-breach-lawsuits/pacific-cataract-and-laser-institute-inc.-p.c-march-2024

Medical Tech Company Hack

A major breach affected a medical technology company, impacting billions of records and forcing healthcare providers to revert to manual systems. This breach not only disrupted healthcare services but also exposed the critical need for securing healthcare data against cyber threats and ensuring operational continuity in the face of cybersecurity incidents.

Read more: https://www.usatoday.com/story/news/health/2024/03/05/unitedhealth-cyberattack-disrupts-records-billing-security/72849687007/

Suspected Chinese Hack of Taiwan's Largest Telco

The breach of Chunghwa Telecom by suspected Chinese hackers, involving the sale of stolen government data, reflects the increasing tensions and cybersecurity threats in the geopolitical landscape. This incident demonstrates the necessity for national infrastructure and telecom services to implement stringent security measures and for international cooperation in cybersecurity defenses.

Read more: https://www.teiss.co.uk/cyber-threats/suspected-chinese-hackers-breach-taiwans-largest-telco-selling-stolen-government-data-13602

JetBrains patches new TeamCity authentication bypass bugs

Rapid7 principal security researcher Stephen Fewer discovered critical severity bugs in JetBrains TeamCity last month. The bugs could allow attackers to bypass authentication, making TeamCity a ripe target for attacks. Urgent patches have been released to address these vulnerabilities. Source: SC Media and Cybersecurity Dive

Using form hijacking to bypass CSP

PortSwigger Research warns against using Content-Security-Policy: script-src 'self' https: as it could allow an attacker to inject a script resource. This form hijacking method can be used to bypass Content Security Policy (CSP), compromising the security of web applications. Source: PortSwigger Research

SNS Sender Script Used for Bulk Smishing Attacks

Security researcher Alex Delamotte highlighted that smishing scams often masquerade as messages from the United States Postal Service (USPS). These scams use SNS Sender Script for bulk attacks, posing a significant threat to unsuspecting users. Source: Security Boulevard

Critical Security Flaws Uncovered in RT-Thread RTOS by Researcher Marco Ivaldi

Security researcher Marco Ivaldi discovered critical vulnerabilities in RT-Thread RTOS, affecting devices across various industries. The vulnerabilities could allow attackers to gain unauthorized access, and urgent patches are recommended. Source: BNN Breaking

Researchers create AI worm targeting LLMs

A group of security researchers created a self-replicating AI worm that can steal data, spread malware, and spam others via an email client. This worm targets large language models (LLMs), demonstrating the potential for AI systems to be exploited for malicious purposes. Source: TechMarketView and TechSpot

CVE-2024-27308

This candidate is reserved for a future security problem yet to be announced by an organization or individual. The details will be publicized once the candidate is ready. Source: CVE-2024-27308

CVE-2023-49968

Customer Support System v1 has a SQL injection vulnerability via the id parameter. This could potentially allow unauthorized access to sensitive data. Source: CVE-2023-49968

CVE-2023-42419

Cybellum's Maintenance Server in QCOW air-gapped distribution (China Edition) versions 2.15.5 through 2.27 was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges and access to the server could potentially use this key to run commands on the server. Source: CVE-2023-42419

CVE-2024-25164

iA Path Traversal vulnerability in iDURAR v2.0.0 allows unauthenticated attackers to expose sensitive files via the download function. This could lead to unauthorized access to sensitive information. Source: CVE-2024-25164

CVE-2024-27718

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php function. This could potentially lead to unauthorized access and control over the system. Source: CVE-2024-27718

Chief Information Security Officer at Franklin Fitch (Boston, MA - Hybrid)

This high-level position offers an opportunity to steer the cybersecurity strategy and implementation for Franklin Fitch, a notable entity in the Boston area. The hybrid working arrangement provides flexibility while allowing for crucial in-person collaboration and leadership. This role is pivotal for safeguarding the company's information assets against an increasingly complex threat landscape.

Read more: https://www.linkedin.com/jobs/view/3846043707

Director of Cyber Security at Acuity Insurance (Wisconsin, United States)

The Director of Cyber Security at Acuity Insurance holds a crucial role in safeguarding the company's vast information systems. This position is integral to the development and enforcement of cybersecurity policies and procedures, ensuring the security and integrity of client and company data, which is vital in the insurance industry.

Read more: https://www.linkedin.com/jobs/view/3846645687

Director of Cybersecurity & Network Operations at Stockbridge Munsee Community(Bowler, WI - On-site)

This on-site role provides a unique opportunity to contribute to the cybersecurity and network operations of the Stockbridge Munsee Community. It offers the chance to work closely with community infrastructure, requiring a candidate who is not only technically proficient but also sensitive to the specific needs and culture of the community.

Read more: https://www.linkedin.com/jobs/view/3845999874

Managing Director in Cybersecurity at Sia Partners (New York, NY - On-site)

This prestigious position in one of the world's financial capitals offers a unique opportunity to influence and steer cybersecurity strategies at a global consulting firm. The role not only promises a competitive salary range but also places the individual at the forefront of managing complex cybersecurity challenges in diverse industries. As an on-site role, it offers direct engagement with clients and teams, providing significant impact and visibility within the cybersecurity community.

Read more: https://www.linkedin.com/jobs/view/3846581648

Director, Information Security Consultant at SimplyApply (Washington, DC - On-site)

This position places you at the heart of US government and policy influence, providing a unique platform to shape cybersecurity practices in a critical and high-stakes environment. It's an unparalleled opportunity for those dedicated to making substantial impacts on both private and public sector security postures, in a city synonymous with national security and cyber regulations.

Read more: https://www.linkedin.com/jobs/view/3846794824

That's it for today's edition of Secret CISO. We've covered a lot of ground, from data breach claims in the UK to the investigation of Fidelity Investments Life Insurance for a data breach. We've also touched on the recent data breach at Aspen Dental Management and the lawsuit against UnitedHealth over a data breach affecting millions. In the world of security research, we've seen the discovery of new vulnerabilities in TeamCity JetBrains and the creation of an AI worm targeting LLMs. Remember, in the ever-evolving landscape of cybersecurity, staying informed is your first line of defense. So, share this newsletter with your friends and colleagues to help them stay ahead of the curve too. Stay safe and secure until our next edition of Secret CISO.