Secret CISO 5/27: MediSecure's Ransomware Nightmare, Google Patches Chrome Zero-Day, Ascension Saint Thomas Faces Lawsuit Over Data Breach, Sav-Rx's Data Breach Affects 2.8M Americans, and Cencora Cyberattack Hits Pharmaceutical Companies

Secret CISO 5/27: MediSecure's Ransomware Nightmare, Google Patches Chrome Zero-Day, Ascension Saint Thomas Faces Lawsuit Over Data Breach, Sav-Rx's Data Breach Affects 2.8M Americans, and Cencora Cyberattack Hits Pharmaceutical Companies

Welcome to today's edition of Secret CISO, where we bring you the latest in cybersecurity news, trends, and insights. In today's issue, we delve into the future of compliance and risk management, exploring the need for continuous controls monitoring and compliance as code. We also discuss the importance of generating on-demand, audit-ready documentation and creating a unified security strategy. We also cover the recent data breach at MediSecure, an electronic prescriptions provider, which resulted in the leak of sensitive personal and health information. This incident highlights the ever-present threat of cyberattacks and the importance of robust security measures.

In other news, we look at Chronon, an open-source data platform designed for AI/ML applications. This platform is set to revolutionize how ML teams build, deploy, manage, and monitor data pipelines. We also discuss the recent patching of a new Chrome Zero-Day by Google, a breakthrough in software security discovered by a PhD candidate, and the impact of remote work and cloud migrations on security perimeters. In the legal realm, we cover a class action lawsuit filed over a data breach at Ascension Saint Thomas Health and a SEC fine for ICE for delayed VPN breach disclosure. Finally, we bring you the latest research and expert opinions on cybersecurity, including insights on the rising risks of biometric data breaches, the impact of AI on the casino industry, and the challenges with mobile apps as a safety solution in K-12 schools. Stay tuned for more updates and stay safe in the digital world!

Data Breaches

  1. Electronic Prescriptions Provider MediSecure Leaks Sensitive Data After a Ransomware Attack: MediSecure, an electronic prescriptions provider, suffered a cyber security incident that compromised the personal and health information of individuals. The company is currently investigating the incident and has not disclosed the number of affected individuals. Source: CPOMagazine
  2. New Chrome Zero-Day Patched by Google: Google has patched a new zero-day vulnerability in Chrome. The vulnerability was being actively exploited in the wild. Users are advised to update their browsers to the latest version to protect against this threat. Source: SC Media UK
  3. Ascension Saint Thomas Health patient files class action lawsuit over data breach: A patient affected by the massive data breach at Ascension Saint Thomas has filed a class action lawsuit over the public exposure of their personal information. The number of affected patients and the nature of the exposed data have not been disclosed. Source: WKRN
  4. ICE Hit With SEC Fine for Delayed VPN Breach Disclosure: The Securities and Exchange Commission (SEC) fined Intercontinental Exchange (ICE) $10 million for failing to promptly report a 2021 VPN security breach, which compromised employee data. Source: Spiceworks
  5. Sav-Rx discloses data breach impacting 2.8 million Americans: Prescription management company Sav-Rx has disclosed a data breach, warning over 2.8 million people in the United States that their personal information may have been compromised. The company has not disclosed the nature of the exposed data. Source: Bleeping Computer

Security Research

  1. Another top spyware firm has been taken down — pcTattletale website defaced, then taken offline: A prominent spyware company, pcTattletale, has been compromised and subsequently taken offline. This follows a warning from a security researcher about a vulnerability in the app. Source: TechRadar.
  2. Windows and Android Malware Delivered Through Fake Antivirus Websites: Trellix security researchers have discovered fake websites impersonating legitimate antivirus solutions. These sites are being used by threat actors to distribute malware to Windows and Android devices. Source: Spiceworks.
  3. Rising Like A Phoenix, ShowMeCon 2024 Resurrects A Security Community In The Midwest: The ShowMeCon 2024 conference highlighted the need for better preparation against misinformation and disinformation in the age of AI, according to security researcher Winn Schwartau. Source: Security Boulevard.
  4. 27th May – Threat Intelligence Report - Check Point Research: A recent incident has prompted collaboration with the state's Division of Homeland Security and Emergency Services Cyber Incident Response Team, according to a report by Check Point Research. Source: Check Point Research.
  5. Positive Technologies researcher discovered five dangerous vulnerabilities in Mitsubishi: Anton Dorfman, a Principal Firmware Security Researcher at Positive Technologies, has discovered five dangerous vulnerabilities in Mitsubishi Electric controllers. To exploit these vulnerabilities, attackers only need network access to the controller. Source: CIO News.

Top CVEs

  1. CVE-2024-4533: The KKProgressbar2 Free WordPress plugin (up to version 1.1.4.2) has a vulnerability that allows admin users to perform SQL injection due to lack of parameter sanitization and escape before using it in a SQL statement. Source: CVE-2024-4533
  2. CVE-2024-4535: The KKProgressbar2 Free WordPress plugin (up to version 1.1.4.2) lacks CSRF checks in some places, potentially allowing attackers to make logged-in users perform unwanted actions. Source: CVE-2024-4535
  3. CVE-2024-5377: A critical vulnerability was found in SourceCodester Vehicle Management System 1.0, affecting an unknown part of the file /newvehicle.php. This vulnerability allows unrestricted file upload and can be exploited remotely. Source: CVE-2024-5377
  4. CVE-2024-5368: Kashipara College Management System 1.0 has a vulnerability in an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to cross-site scripting, and the attack can be launched remotely. Source: CVE-2024-5368
  5. CVE-2024-34152: Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, and 8.1.x <= 8.1.12 have a vulnerability that fails to perform proper access control. This allows a guest to get the metadata of a public playbook run linked to the channel they are a guest in. Source: CVE-2024-34152

API Security

  1. MIT IdentiBot Vulnerability (CVE-2024-35237): A vulnerability in MIT IdentiBot, an open-source Discord bot, allows unauthorized users to execute commands and reveal personal information about verified users. The issue, which affects all versions prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e, has been patched in the latest version. Source: vulners.com
  2. OpenAPI Generator Path Traversal (CVE-2024-35219): OpenAPI Generator, prior to version 7.6.0, has a path traversal vulnerability that allows attackers to read and delete files from any writable directory. The issue has been fixed in version 7.6.0. Source: vulners.com
  3. Openfind Mail2000 API Vulnerability (CVE-2024-5399): Openfind Mail2000 does not properly filter parameters of a specific API, allowing remote attackers with administrative privileges to execute arbitrary system commands. Source: vulners.com
  4. Marvin Test HW.exe Vulnerability (CVE-2024-36055): Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access, leading to a denial of service. Source: vulners.com
  5. Mattermost Authorization Check Failure (CVE-2024-34029): Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check, allowing users to learn the members of an AD/LDAP group linked to a team. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the future of compliance and risk management to the latest data breaches and security vulnerabilities. Remember, the world of cybersecurity is constantly evolving, and staying informed is the first step in staying secure.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends. They might find it just as useful as you do. And remember, we're all in this together. Let's help each other stay safe in the digital world. Until next time, stay vigilant and keep your data secure.

Read more

'Secret CISO 7/12: AT&T's Massive Data Breach Impacts Nearly All Customers, Ticketmaster's Data Breach Affects Credit Card Info, Research on Optimizing Data Security in Medical Field, 10 Billion Passwords Stolen in Cyber Attack'

'Secret CISO 7/12: AT&T's Massive Data Breach Impacts Nearly All Customers, Ticketmaster's Data Breach Affects Credit Card Info, Research on Optimizing Data Security in Medical Field, 10 Billion Passwords Stolen in Cyber Attack'

Welcome to today's issue of Secret CISO. We're diving into the deep end of data breaches, with AT&T making headlines as their massive data breach impacts nearly all customers. This breach has exposed customer call and text records, leaving millions of users vulnerable. But

By Secret CISO