Welcome to today's issue of Secret CISO. We're diving into the latest cybersecurity news, starting with a breach at UW Health and Medical Home Network. While no Social Security numbers or financial information were compromised, the incident serves as a reminder of the ongoing threats to healthcare data. Meanwhile, the courts are determining citizenship in a data security litigation case involving Fred Hutchinson. In other news, nearly 2800 patients at Catholic Medical Center may have had their personal and health information exposed in a third-party data security incident.

We're also covering a new tool used in China-linked attacks against Asia-Pacific, a data leak conducted by HelloKitty ransomware, and a potential data breach at Frontier Communications. In legal news, a class action lawsuit claims a data breach at Ernest Health was preventable, and a lawsuit in London alleges Grindr shared users' HIV status with ad firms. On the research front, we're looking at how a parliamentary researcher was charged with spying for China, and how the ToddyCat APT is stealing data on an 'industrial scale'. Stay tuned for more updates on the latest cybersecurity threats, data breaches, and emerging trends. Stay safe, stay informed.

Data Breaches

1. Email Accounts Compromised at UW Health and Medical Home Network: UW Health and Medical Home Network recently reported a data breach, compromising several email accounts. However, no Social Security numbers, health insurance ID numbers, or financial information were contained in the emails. Source: HIPAA Journal.
2. Records of almost 2800 CMC patients vulnerable in 'data security incident': Nearly 2800 patients at Catholic Medical Center may have had their personal and health information exposed in a third-party data security incident. The hospital is currently investigating the breach. Source: Union Leader.
3. Hackers threaten to leak a copy of the World-Check database: Hackers have threatened to leak a copy of the World-Check database used to assess potential risks. The compromised data includes names, passport numbers, Social Security numbers, and online crypto account details. Source: Security Affairs.
4. Educational Computer Systems Confirms Brandeis University Students Affected: Educational Computer Systems has confirmed that Brandeis University students were affected by a recent data breach. The company has begun sending out data breach notification letters to all affected individuals. Source: JD Supra.
5. Frontier Communications Confirms Recent Cyberattack and Investigates Possible Data Breach: On April 18, 2024, Frontier Communications filed a notice of data breach with the Securities and Exchange Commission following a recent cyberattack. The company is currently investigating the possible data breach. Source: JD Supra.

Security Research

1. Parliamentary Researcher Charged with Spying for China: Two men, including a parliamentary researcher, have been charged with spying for China under the Official Secrets Act. The researcher had close links to senior Tories, highlighting the potential security risks within political circles. Source: Yahoo News UK
2. ToddyCat APT Stealing Data on Industrial Scale: Security researchers have revealed that the ToddyCat APT is stealing data on an industrial scale. The attackers have secured constant access to the infrastructure, enabling large-scale data theft. Source: Dark Reading
3. ASIS Foundation Releases Findings on AV Research for Security Industry: The ASIS Foundation has released its findings on a comprehensive research endeavor for the security industry. The research was led by researchers Ishmael Bhila and Peter Lee. Source: Security Systems News
4. Researcher of the Year Awards for 2023 Celebrate Excellence in Discovery and Impact: The awards recognized Nicole Nguyen for her research on how U.S. national security policy has affected everyday life and Claire Laurier Decoteau for her work in other areas. Source: UIC Today
5. New uOttawa-France Science Diplomacy Research Chair to Tackle Global Health and Security: A new research chair has been created in partnership with the Embassy of France in Canada, signaling a renewed commitment to scientific collaboration on global health and security. Source: University of Ottawa

Top CVEs

1. CVE-2024-32039 (FreeRDP Integer Overflow and Out-of-Bounds Write): FreeRDP versions prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Users are advised to update to the patched versions or deactivate /gfx options as a workaround. Source: vulners.com
2. CVE-2024-32460 (FreeRDP Out-of-Bounds Read): FreeRDP versions prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read when using /bpp:32 legacy GDI drawing path. Users are advised to update to the patched versions or use modern drawing paths as a workaround. Source: vulners.com
3. CVE-2024-32041 (FreeRDP Out-of-Bounds Read): FreeRDP versions prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Users are advised to update to the patched versions or deactivate /gfx as a workaround. Source: vulners.com
4. CVE-2024-32688 (MyRewards Missing Authorization): A missing authorization vulnerability is present in Long Watch Studio MyRewards. The specific versions affected are not mentioned. Source: vulners.com
5. CVE-2024-3177 (Kubernetes Bypass Mountable Secrets Policy): A security issue in Kubernetes allows users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The issue affects clusters using the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation. Source: vulners.com

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from email accounts being compromised at UW Health and Medical Home Network to the latest data breaches at Catholic Medical Center and the new tools used in China-linked attacks against Asia-Pacific. We've also delved into the world of security research, highlighting the work of researchers in the field of AI integration, military spending, and cybersecurity. Remember, knowledge is power.

The more we know, the better we can protect ourselves and our organizations from potential threats. So, don't keep this valuable information to yourself. Share this newsletter with your friends and colleagues to keep them in the loop too. Stay safe, stay informed, and see you in the next edition of Secret CISO.