Secret CISO 5/19: Ascension Healthcare Ransomware Attack, Google Cloud's $125B Mistake, North Korea Infiltrates US Firms, OpenAI Safety Concerns

Secret CISO 5/19: Ascension Healthcare Ransomware Attack, Google Cloud's $125B Mistake, North Korea Infiltrates US Firms, OpenAI Safety Concerns

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity news and insights. Today, we're diving into a series of alarming incidents and developments that underscore the ever-evolving landscape of cyber threats. First up, we're looking at a crippling cyber attack on Ascension Healthcare Systems, a stark reminder of the vulnerability of our healthcare infrastructure. In a twist of irony, the attack was powered by RaaS (Ransomware as a Service), a subscription-based software service designed to launch ransomware attacks. In another shocking incident, Google Cloud accidentally deleted a $125 billion Australian pension fund. While not a cyber attack or data breach, it highlights the potential risks associated with cloud-based services.

Meanwhile, Boston Dynamics' robotic canine is making headlines, not for a security breach, but for its eerie dance moves. However, it's a reminder of the increasing role of AI and robotics in our lives, and the potential security implications that come with it. In the US, an official has warned about a cell network flaw being exploited for spying, while two out of three businesses are leaving themselves vulnerable to cybercrime due to their remote workforce. In the UK, the legal sector is being urged to improve its cybersecurity, following a series of data breaches. And soon, banks will be required to inform customers about any data breaches within 30 days.

We also have updates on a security oversight at DRDO, North Korea-linked IT workers infiltrating US firms, and new standards to mitigate cybersecurity threats in access control systems. Finally, we're sharing the latest cybersecurity research, including a critical RCE vulnerability affecting over 6K AI models, and the departure of safety researchers from OpenAI over prioritization concerns. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, stay informed with Secret CISO.

Data Breaches

  1. Cyber Attack Cripples Ascension Healthcare Systems: A Ransomware-as-a-Service (RaaS) attack has severely impacted Ascension Healthcare Systems, highlighting the increasing threat of subscription-based cybercrime services. Source: Los Alamos Daily Post
  2. Google Cloud Accidentally Deletes $125 Billion Australian Pension Fund: UniSuper CEO, Peter Chun, confirmed that a significant data loss incident was not a cyberattack or data breach, but rather a mishap on Google Cloud's part. Source: Business Standard
  3. Cell Network Flaw Exploited for Spying: A significant data breach has been reported, impacting 49 million customers due to a flaw in the cell network, raising concerns about privacy and data security. Source: WIRED
  4. UK's Legal Sector Cybersecurity Lapses: One in ten data breaches in 2023 occurred in the UK legal sector, indicating that law firms are attractive targets for cybercriminals and need to bolster their cybersecurity measures. Source: CityAM
  5. North Korea-linked IT Workers Infiltrate US Firms: The US Justice Department has charged five individuals, including a U.S. woman, for aiding North Korea-linked IT workers to infiltrate 300 firms, highlighting the global nature of cyber threats. Source: Security Affairs

Security Research

  1. Boosting per acre yield to ensure food security in Pakistan: Experts suggest that Pakistan needs to increase its agricultural production to ensure food security amid global uncertainties. This is particularly important considering the country's growing population and evolving needs. Source: The Nation
  2. Health company victim of big data breach: A significant data breach has occurred at a health company, prompting the government to show a new approach to cyber security incident handling. The incident has sparked a renewed energy in addressing such issues. Source: Cosmos Magazine
  3. OpenAI complicates work to control a superintelligence: Concerns have been raised about OpenAI's ability to assess or guarantee safety and security in its research. Critics argue that the company may no longer be on the right track to control a superintelligence. Source: heise online
  4. Conflict whisperer: This man knows when you're angry and how to stop it ruining a night out: Security expert Scott Taylor has developed a method to identify signs of frustration and anger in individuals, potentially preventing conflicts before they escalate. His approach involves observing changes in posture, tightening of the jaw, or rubbing of the neck. Source: The Sydney Morning Herald
  5. China, Russia should work together to ensure food security: Experts suggest that China and Russia should collaborate to ensure food security. This cooperation could be crucial in the face of global uncertainties and the need for sustainable food production. Source: CGTN

Top CVEs

  1. CVE-2024-2782 - Unauthorized Modification in Fluent Forms Plugin: The Contact Form Plugin by Fluent Forms for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint. This allows unauthenticated attackers to modify all of the plugin's settings. Source: Vulners
  2. CVE-2024-31879 - Remote Code Execution in IBM i: IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. Source: Vulners
  3. CVE-2024-3812 - Local File Inclusion in Salient Core Plugin: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion via the 'nectar_icon' shortcode 'icon_linea' attribute. This allows authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server. Source: Vulners
  4. CVE-2024-2771 - Privilege Escalation in Fluent Forms Plugin: The Contact Form Plugin by Fluent Forms for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This allows unauthenticated attackers to grant users with Fluent Form management permissions. Source: Vulners
  5. CVE-2024-3811 - Stored Cross-Site Scripting in Salient Shortcodes Plugin: The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages. Source: Vulners

API Security

  1. CVE-2024-2782 - Unauthorized Modification in Fluent Forms Plugin: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data. This is due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This vulnerability allows unauthenticated attackers to modify all of the plugin's settings and features. Source: CVE-2024-2782
  2. CVE-2024-2771 - Privilege Escalation in Fluent Forms Plugin: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation. This is due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This vulnerability allows unauthenticated attackers to grant users with Fluent Form management permissions, giving them access to all of the plugin's settings and features, and even the ability to delete managers. Source: CVE-2024-2771

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. From the crippling cyber attack on Ascension Healthcare Systems to the accidental deletion of a $125 billion Australian pension fund by Google Cloud, it's clear that the cyber landscape is as unpredictable as ever.

Remember, the robotic canines may be dancing, but the cyber threats are not taking a break. As we've seen, even the most secure systems can fall prey to breaches, and it's up to us to stay vigilant and informed. So, whether you're a business owner grappling with the vulnerabilities of remote work, or a concerned individual who's just received a data breach letter, remember that knowledge is your best defense.

If you found today's newsletter informative, don't keep it to yourself.

Share it with your friends, colleagues, and anyone else who could benefit from a daily dose of cyber security insights. After all, in the world of cyber security, we're all in this together. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

'Secret CISO 7/12: AT&T's Massive Data Breach Impacts Nearly All Customers, Ticketmaster's Data Breach Affects Credit Card Info, Research on Optimizing Data Security in Medical Field, 10 Billion Passwords Stolen in Cyber Attack'

'Secret CISO 7/12: AT&T's Massive Data Breach Impacts Nearly All Customers, Ticketmaster's Data Breach Affects Credit Card Info, Research on Optimizing Data Security in Medical Field, 10 Billion Passwords Stolen in Cyber Attack'

Welcome to today's issue of Secret CISO. We're diving into the deep end of data breaches, with AT&T making headlines as their massive data breach impacts nearly all customers. This breach has exposed customer call and text records, leaving millions of users vulnerable. But

By Secret CISO