Secret CISO 4/29: Global Data Breaches Unleashed - China, Argentina, and LA Health Services Under Attack, JP Morgan's Internal Security Slip, Cyber Resiliency Plans, and the Dark Web's Social Security Number Market

Secret CISO 4/29: Global Data Breaches Unleashed - China, Argentina, and LA Health Services Under Attack, JP Morgan's Internal Security Slip, Cyber Resiliency Plans, and the Dark Web's Social Security Number Market

Welcome to today's issue of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we're diving into a series of data breaches and leaks that have left millions of users' data exposed. The US Department of Defense (USDoD) has allegedly published a data leak from China, while the Central Bank of Argentina is dealing with an unverified data breach claim. Meanwhile, nearly 2 million people have been affected by a data breach at the collection agency FBCS, and thousands of police officers and staff in Northern Ireland are taking legal action following a data breach. In the US, the Los Angeles County Department of Health Services has disclosed a data breach, and banking giant JP Morgan has suffered a data security incident. We'll also be looking at a cyber-resiliency plan focused on offensive security, and exploring post-data-breach recommendations for CISOs. In other news, the Internet Freedom Foundation's cybersecurity report for the first quarter of 2024 highlights the widespread impact of recent data breaches and leaks. We'll also discuss the urgent review of a data breach's impact by social exclusion charity Extern, and the need for upskilling programs to close the cybersecurity skills gap. Stay tuned for more updates on data security and remember, knowledge is the best defense. Stay safe and secure!

Data Breaches

  1. USDoD Publishes Alleged China Data Leak on New Site: The threat actor USDoD, previously responsible for various attacks on US government agencies, has claimed to have published an alleged data leak from China. The extent and nature of the leaked data are yet to be confirmed. Source: The Cyber Express
  2. Central Bank of Argentina Data Breach: Unverified Claim: The Central Bank of Argentina has reportedly suffered a data breach. The extent of the breach and the motive behind it have not been disclosed by the threat actor. Source: The Cyber Express
  3. Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People: Financial Business and Consumer Solutions (FBCS) has reported a data breach that may have compromised the personal information of nearly 2 million people, including names, dates of birth, and Social Security numbers. Source: Security Week
  4. Staff taking legal action over NI police data breach: Thousands of police officers and staff have commenced legal action against the Police Service of Northern Ireland following a data breach. The nature of the leaked data and the potential implications of the breach are currently under investigation. Source: Personnel Today
  5. The Los Angeles County Department of Health Services disclosed a data breach: The Los Angeles County Department of Health Services has reported a data breach that exposed thousands of patients' personal and health information. The department is currently working to notify affected individuals and mitigate the impact of the breach. Source: Security Affairs

Security Research

  1. 29th April – Threat Intelligence Report - Check Point Research: Security researchers attribute a new campaign exploiting undiscovered initial access vulnerabilities affecting Cisco firewalls to China. This highlights the importance of continuous vulnerability testing and patching. Source: Check Point
  2. 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 - GBHackers: Microsoft's collaboration with security researchers led to the discovery and patching of over 1,200 vulnerabilities in their products in 2023, demonstrating the value of proactive security research. Source: GBHackers
  3. Why Captchas are getting harder to solve | The Week: Principal security researcher at Netacea, Cyril Noel-Tagoe, discusses the increasing difficulty of solving Captchas, a trend attributed to advanced bot activities. Source: The Week
  4. Neo researchers to unveil novel random number provider protocol for blockchains at DSN 2024: Neo will present a new random number provider protocol for BFT blockchains at the DSN 2024 conference, showcasing advancements in blockchain security. Source: Neo News Today
  5. US Post Office phishing sites get as much traffic as the real one - Bleeping Computer: Security researchers found that phishing campaigns targeting the United States Postal Service (USPS) are so effective that the traffic to the fake domains matches that of the real USPS site. Source: Bleeping Computer

Top CVEs

  1. CVE-2024-1874: PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5 have a vulnerability when using proc_open() command with array syntax. Insufficient escaping allows a malicious user to execute arbitrary commands in Windows if they control the arguments of the executed command. Source: CVE-2024-1874
  2. CVE-2024-2756: An incomplete fix to CVE-2022-31629 allows network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP. Source: CVE-2024-2756
  3. CVE-2024-2757: In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this. Source: CVE-2024-2757
  4. CVE-2024-3096: In PHP  version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Source: CVE-2024-3096
  5. CVE-2024-33891: Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId. Source: CVE-2024-33891

Final Words

And that's a wrap for today's edition of the Secret CISO newsletter. We hope you found this information valuable and that it helps you stay one step ahead of the cyber threats lurking out there. Remember, knowledge is power when it comes to cybersecurity. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Stay safe and secure, [Your Name] P.S. Don't forget to check back tomorrow for more updates on the latest data breaches, security research, and more.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO