Secret CISO 3/8: Swiss Government Data Leak by Play Ransomware

Secret CISO

5 min read
Secret CISO 3/8: Swiss Government Data Leak by Play Ransomware


Welcome to the latest installment of the Secret CISO newsletter. As we delve into crucial cybersecurity topics, we also pause to celebrate International Women's Day, honoring the achievements and contributions of women around the world, particularly in the tech and cybersecurity fields. Today, more than ever, the importance of diversity and inclusion in shaping a robust cybersecurity landscape cannot be overstated. In this issue, we address pressing matters from GDPR compliance challenges to the surge in third-party data breaches, while also acknowledging the integral role women play in advancing our industry. Join us as we explore significant developments and celebrate the strides made towards gender equality in cybersecurity.

Data Breaches

Yahoo Data Breach

Yahoo's 2013 data breach compromised the personal information of over three billion accounts, making it one of the largest breaches in history. The breach had significant implications for Yahoo's reputation and user trust. Source: Forbes

UniCredit Bank Data Breach

Italy's data protection authority, the Garante, fined UniCredit Bank 2.8 million euros for failing to prevent a data breach. This incident underscores the importance of robust data security measures in financial institutions. Source: IAPP

Swiss Government Data Leak by Play Ransomware

The Play ransomware gang exposed 65,000 Swiss government documents, accounting for almost 5% of nearly 1.3 million leaked files stolen from its breach. This significant breach highlights the increasing threat of ransomware attacks on government entities. Source: SC Magazine

Fidelity Investments Data Breach

Fidelity Investments experienced a data breach linked to a third-party hack, affecting more than 57,000 Bank of America customers. This incident highlights the risks associated with third-party vendors and the need for stringent cybersecurity measures. Source: Cybersecurity Dive

Interior Health Data Breach

A data breach of more than 20,000 staff at Interior Health led to the health authority trying to track down former employees. This breach underscores the importance of securing employee data and the potential risks of insider threats. Source: iHeartRadio

Security Research

Web apps are ubiquitous in healthcare – and come with vulnerabilities

Security research reveals that web applications, which are widely used in the healthcare sector, are riddled with security vulnerabilities. These vulnerabilities can lead to potential breaches, emphasizing the need for robust security measures. Source: Healthcare IT News

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Security researcher Paulos Yibelo Mesfin discovered a high-severity VPN hijacking bug in Cisco's Secure Client. Cisco has since issued a patch to address this vulnerability. Source: The Hacker News

Actively exploited AnyCubic 3D printer zero-day addressed

Security researchers have warned 3D printer users about a significant security issue in AnyCubic 3D printers that is being actively exploited. The issue has since been addressed. Source: SC Media

Researcher Claims Judge Torres Didn't Define XRP as a Non-Security in SEC v. Ripple Case

Crypto researcher Dark Horse has stirred controversy in the XRP community with his analysis of Judge Analisa Torres' decision in the SEC v. Ripple case, claiming that the judge did not define XRP as a non-security. Source: The Crypto Basic

Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors

A group of seven security researchers discovered numerous vulnerabilities in Sceiner Smart Locks, allowing hackers to open doors. The vulnerabilities were found in vehicles from 16 car makers. Source: Security Week

Top CVEs

CVE-2024-0203 - Digits plugin for WordPress

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1 due to missing nonce validation. This allows unauthenticated attackers to modify the default role of registered users and elevate user privileges via a forged request. Source: CVE-2024-0203

CVE-2024-1442 - Grafana API

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. This grants the user access to read, query, edit and delete all data sources within the system. Source: CVE-2024-1442

CVE-2024-23226 - macOS, visionOS, iOS, iPadOS, watchOS, tvOS

The issue was addressed with improved memory handling. Processing web content may lead to arbitrary code execution. Source: CVE-2024-23226

CVE-2024-0818 - paddlepaddle/paddle

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before certain versions. Source: CVE-2024-0818

CVE-2024-1351 - MongoDB Server

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. Source: CVE-2024-1351

CISO Jobs

Director of IT Security, PRI Technology, Pawtucket, RI (Hybrid)

This role stands out due to its critical position within a technology-focused firm, emphasizing a hybrid work model conducive to balancing life and work. The Director of IT Security at PRI Technology will lead the development and implementation of robust security strategies to protect against evolving threats. Given the hybrid nature, this role offers flexibility while still maintaining a strong presence in the physical workplace, essential for fostering team collaboration and overseeing IT security operations effectively.

Read more:https://www.linkedin.com/jobs/view/3826125439

Deputy Director - Information Security Architecture & Engineering, Sound Transit, Seattle, WA (On-site)

This position is notable for its significant impact on public infrastructure and transportation security. The Deputy Director at Sound Transit will have the unique opportunity to safeguard critical systems affecting daily commuter safety and operational efficiency. The role’s on-site requirement underlines its critical nature, allowing direct involvement in the architecture and engineering decisions pivotal to securing the transit network against cyber threats.

Read more: https://www.linkedin.com/jobs/view/3725047911

Director, Cybersecurity Architecture, Crowley, Jacksonville, FL (Hybrid)

This role is crucial within the logistics and transportation industry, focusing on securing complex supply chains and maritime operations. The Director of Cybersecurity Architecture will lead strategic initiatives to enhance security frameworks and mitigate risks across global operations. The hybrid model offers a balance between hands-on engagements and remote flexibility, ideal for strategic planning and international collaboration.

Read more: https://www.linkedin.com/jobs/view/3784990232

Director, Cybersecurity and Crisis Management, Freddie Mac, McLean, VA (Hybrid)

This position offers a unique blend of cybersecurity leadership and crisis management within the financial sector, crucial for protecting sensitive information and ensuring financial stability. The role at Freddie Mac involves developing comprehensive cybersecurity strategies and managing responses to cyber incidents, with a significant salary range indicating the role's importance and impact.

Read more: https://www.linkedin.com/jobs/view/3831633788

Security Engineering Manager, Virtualization Security, Cloud CISO, Google, United States (Remote)

This remote role at Google represents a forefront position in cloud and virtualization security, appealing to those passionate about cutting-edge technologies and large-scale systems. The Security Engineering Manager will lead efforts to secure cloud infrastructure, vital for countless businesses and individuals relying on Google services. The position offers the flexibility of remote work, allowing for talent recruitment nationwide and fostering innovation in virtualization security practices.

Read more: https://www.linkedin.com/jobs/view/3830667070

Final Words

That's it for today's edition of Secret CISO. As we've seen, data breaches continue to be a significant concern across various sectors, from banking to healthcare. It's a stark reminder of the importance of robust cybersecurity measures in our increasingly digital world. Remember, cybersecurity isn't just a one-person job. It's a team effort. So, share this newsletter with your colleagues and friends to keep them in the loop. Let's work together to create a safer digital space for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more