Subject: Secret CISO Daily Newsletter - May 16th, 2023 Hello there, In today's edition of Secret CISO, we delve into the latest cybersecurity incidents and their implications. Starting with the fashion industry, luxury brand Dior has confirmed a data breach compromising customer information. The breach highlights the importance of prioritizing security tasks and promoting internal awareness of cyber risks. In the healthcare sector, the boss of Breachforums is set to pay $700k following a significant data breach. This comes as a stark reminder of the high costs associated with data breaches, as evidenced by the recent major healthcare hacks affecting 276 million Americans.

In the realm of online security, we explore how to protect your online accounts in the wake of the RI data breach. We also discuss the average time it takes for the government to report a data breach, with a focus on the education sector's lag in reporting ransomware data breaches. In the financial world, Coinbase is reimbursing users following a $20 million extortion attempt, while T-Mobile begins sending out settlement payments for a 2021 cyberattack. Lastly, we touch on the role of security researchers in preventing and mitigating cyber threats, highlighting the importance of continuous research and development in the field of cybersecurity. Stay tuned for more updates and remember, knowledge is the first line of defense. Best, [Your Name] Secret CISO Newsletter Team

Data Breaches

1. Dior Customer Data Breach: Luxury fashion brand Dior confirmed a data breach that compromised customer data. The company has not disclosed the extent of the breach but has assured that customer data security is their utmost priority. Source: The Independent
2. RI Data Breach: A Deloitte employee's login information was compromised, leading to a significant data breach. Cybersecurity expert Patrick Laverty suggests that similar tactics have been used in previous data breaches. Source: WPRI.com
3. Breachforums Healthcare Breach: Breachforums, a popular online forum for data breaches, was fined $700k after tens of thousands of records, including Social Security numbers and dates of birth, were posted for sale on the platform. Source: Krebs on Security
4. Major Healthcare Hack: Cybersecurity experts discovered more than 276 million stolen patient records in a major healthcare hack. The data included Social Security numbers and medical history. Source: Daily Mail Online
5. Coinbase Data Breach: Cryptocurrency exchange Coinbase suffered a data breach that resulted in an extortion attempt. The company is reimbursing affected users and has set up a $20 million reward fund. Source: PYMNTS.com

Security Research

1. Researchers warn threat actors in UK retail attacks are targeting US sector: Threat actors from the UK are now targeting the US retail sector, according to GuidePoint Security. The group, DragonForce, provides encryption tooling and a dark-web site for attacks carried out by contracted hackers. Source: Cybersecurity Dive
2. US research enterprise seeks to retain leadership while upping security: The US research enterprise is increasing scrutiny to ensure safety and security while trying to retain its leadership position, according to Tam Dao, associate vice president of campus safety and research security at Rice University. Source: Physics Today
3. Ransomware running directly from your CPU: Security researcher and Rapid7 analyst, Christiaan Beek, has developed a method to hijack microcode, leading to ransomware running directly from the CPU. This development is inspired by recent advancements in the field. Source: Yahoo Tech
4. Chrome vulnerability allowing account takeover fixed: A vulnerability in Chrome's Loader component that could allow account takeover has been discovered and analyzed by security researcher Vsevolod Kokorin of Solidlab. The issue has since been fixed. Source: Techzine Europe
5. Black Kite research reveals 123% increase in ransomware attacks over two years: Research by Black Kite has revealed a 123% increase in ransomware attacks over the past two years. The research also warns organizations to defend against AI-driven ransomware that can bypass existing security. Source: Security Info Watch

Top CVEs

1. CVE-2025-4560 - Missing Authentication vulnerability in ISOinsight from Netvision: This vulnerability allows unauthenticated remote attackers to access certain system functions, including viewing the administrator list, viewing and editing IP settings, and uploading. This could potentially lead to unauthorized access and manipulation of system settings. Source: CVE-2025-4560
2. CVE-2025-4559 - SQL Injection vulnerability in ISOinsight from Netvision: This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database. This could lead to unauthorized access to sensitive data and potential data loss. Source: CVE-2025-4559
3. CVE-2025-22247 - Insecure file handling vulnerability in VMware Tools: A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that. This could potentially lead to unauthorized access and manipulation of system files. Source: CVE-2025-22247
4. CVE-2025-4561 - Arbitrary File Upload vulnerability in KFOX from KingFor: This vulnerability allows remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the system. This could potentially lead to unauthorized access and control over the system. Source: CVE-2025-4561
5. CVE-2025-31257 - Memory handling issue in watchOS, tvOS, iOS, iPadOS, macOS Sequoia, visionOS, Safari: This issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected Safari crash. This could potentially lead to denial of service and potential unauthorized access. Source: CVE-2025-31257

API Security

1. Incorrect Behavior Order in lockfile-lint-api: Versions before 5.9.2 of the package lockfile-lint-api are vulnerable to Incorrect Behavior Order. This vulnerability can be exploited by extending the package name, allowing an attacker to install unintended npm packages. Source: CVE-2025-4759
2. Access Control Bypass in Zulip: In Zulip versions 10.0 to 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. Source: CVE-2025-47930
3. Untrusted Code Execution in Spotipy: Spotipy, a Python library for the Spotify Web API, has a vulnerability that allows untrusted code execution. Attackers can exploit this to exfiltrate GITHUB_TOKEN and secrets SPOTIPY_CLIENT_ID, SPOTIPY_CLIENT_SECRET. Source: CVE-2025-47928
4. Permission Verification Failure in Mattermost: Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, allowing an attacker to view group information via an API. Source: CVE-2025-2527
5. Unsafe Command Execution in motionEye: Using a constructed (camera) device path with the config/add/add_camera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell. Source: motionEye Vulnerability

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the fashion world to the healthcare sector, data breaches continue to be a pressing concern. It's clear that prioritizing security tasks and promoting greater internal awareness of cyber risks is crucial. Remember, the digital world is a shared space.

Let's work together to make it safer. Share this newsletter with your friends and colleagues to keep them in the loop. Stay safe and see you tomorrow for more updates from the world of cybersecurity.