Secret CISO 7/31: IBM's Data Breach Report Reveals Rising Costs, Disney's Celebrity Data Breach, HealthEquity's 4.3M Users Affected, Research on Security AI Lowering Breach Costs

Secret CISO 7/31: IBM's Data Breach Report Reveals Rising Costs, Disney's Celebrity Data Breach, HealthEquity's 4.3M Users Affected, Research on Security AI Lowering Breach Costs

Good morning, Secret CISO readers! Today's newsletter is packed with the latest updates on data breaches and cybersecurity. First off, we delve into the escalating data breach disruption in India, where a recent IBM report reveals that 34% of data breaches involved data stored on public clouds. The cost of these breaches for Indian organizations has surged by a staggering 39% since 2020.

Next, we turn our attention to Hollywood, where a potential data breach of Disney's Slack channels has celebrities on edge. The fear is that personal information could be leaked, causing widespread panic among the stars. In other news, the Washington Post advises resistance in the era of data breaches, highlighting the importance of safeguarding personal information such as Social Security numbers. Meanwhile, a cybersecurity breach in the Village of Niles has resulted in late water bills, demonstrating how data breaches can disrupt everyday services.

On the healthcare front, the cost of data breaches has fallen to $9.77M, but healthcare organizations still bear the brunt of the costliest breaches. Finally, we explore how AI-driven and automated security solutions are helping to speed up recovery and decrease data breach costs.

Stay tuned for more updates and remember, knowledge is the key to cybersecurity.

Data Breaches

  1. IBM Report: Escalating Data Breach Disruption Pushes Average Cost of a Data Breach in India to All-Time High: The 2024 report reveals that 34% of data breaches in India involved data stored on public clouds and 29% across multiple environments. The average cost of a data breach in India has reached an all-time high of INR 195 million. Source: CXOToday.com
  2. Hollywood Hacked! Disney Data Breach Has Celebs Freaking Out: Celebrities are reportedly concerned about the potential leak of personal information following a possible data breach of Disney's Slack channels. Source: In Touch Weekly
  3. Niles Data Breach Sends Water Bills Out Late: The Village of Niles experienced a cybersecurity breach in June, resulting in the late dispatch of the village's quarterly water bills. Source: Journal & Topics Media Group
  4. HealthEquity Data Breach Could Affect 4.3M: Health benefits administrator, HealthEquity, reported a data breach after a vendor's user accounts were compromised. The breach could potentially affect 4.3 million people, with information like contact details and Social Security numbers at risk. Source: HR Dive
  5. Electoral Commission Reprimanded for Massive Data Breach: The Electoral Commission faced criticism for a massive data breach due to failure to implement essential security updates to its servers. Weak password policies were also identified as a vulnerability. Source: Computing UK

Security Research

  1. Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes: Cybercriminals have launched a large-scale phishing attack on WhatsApp, deploying over 100,000 malware-infected Android apps to steal one-time passwords (OTP). The attack begins with a seemingly innocent message, but the consequences can be severe. Source: The Hacker News
  2. Virtual machines at risk as ransomware gangs exploit dangerous VMware vulnerability: Security expert Kevin Beaumont warns that ransomware gangs are exploiting a dangerous vulnerability in VMware. This vulnerability puts virtual machines at risk, and the response from Broadcom suggests a lack of seriousness about security. Source: CyberNews
  3. India-Linked SideWinder Group Pivots to Hacking Maritime Targets: The SideWinder group, linked to India, has shifted its focus to maritime targets. From 2020 to 2022, the group conducted over 1,000 attacks, according to Noushin Shabab, a senior security researcher with Kaspersky. Source: Dark Reading
  4. Meta Prompt Guard Is Vulnerable to Prompt Injection Attacks: Researchers at Carnegie Mellon University discovered that Meta's Prompt Guard is susceptible to prompt injection attacks. An automated technique was found that can generate adversarial prompts to compromise safety mechanisms. Source: BankInfoSecurity
  5. OAuth Implementation Flaw Puts Millions of Websites at Risk of XSS Attacks: Security researchers have discovered a flaw in OAuth implementation that could expose millions of websites to cross-site scripting (XSS) attacks. This vulnerability poses a significant risk to web security. Source: Spiceworks

Top CVEs

  1. CVE-2024-39379 - Acrobat for Edge Vulnerability: Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. This could potentially lead to sensitive information disclosure. User interaction is required for exploitation. Source: CVE-2024-39379
  2. CVE-2024-7208 - Email Spoofing in Hosted Services: Hosted services do not verify the sender of an email against authenticated users, allowing an attacker to spoof the identity of another user's email. Source: CVE-2024-7208
  3. CVE-2023-26288 - IBM Aspera Orchestrator Vulnerability: IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. Source: CVE-2023-26288
  4. CVE-2024-7273 - Alton Management System Vulnerability: A critical vulnerability was found in itsourcecode Alton Management System 1.0. The vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to SQL injection. The attack can be initiated remotely. Source: CVE-2024-7273
  5. CVE-2024-6990 - Reserved Candidate Vulnerability: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. The details for this candidate will be publicized once it has been reserved. Source: CVE-2024-6990

API Security

  1. Tainacan Plugin for WordPress Vulnerability (CVE-2024-7135): The Tainacan plugin for WordPress, up to version 0.21.7, is vulnerable to unauthorized data access due to a missing capability check on the 'get_file' function. This allows attackers with Subscriber-level access to read arbitrary files on the server, potentially containing sensitive data. Source: vulners.com
  2. Fuels-ts Typescript SDK Vulnerability (GHSA-3JCG-VX7F-J6QF): The fuels-ts Typescript SDK lacks awareness of to-be-spent transactions, leading to transaction failures or silent pruning of transactions funded with already used UTXOs. This issue arises when a user attempts to fund multiple transactions within one block. Source: vulners.com
  3. Akana API Platform Vulnerabilities (CVE-2024-5250, CVE-2024-5249, CVE-2024-3930): Versions of Akana API Platform prior to 2024.1.0 are vulnerable to overly verbose errors in SAML, SAML tokens, and a flaw resulting in XML External Entity (XXE). Source: vulners.com, vulners.com, vulners.com
  4. Langflow Privilege Escalation Vulnerability (CVE-2024-7297): Langflow versions prior to 1.0.13 are vulnerable to a Privilege Escalation vulnerability. A remote and low privileged attacker can gain super admin privileges by performing a mass assignment request on the '/api/v1/users'. Source: vulners.com
  5. Xibo CMS SQL Injection Vulnerabilities (CVE-2024-41944, CVE-2024-41802, CVE-2024-41804, CVE-2024-41803): Xibo, a content management system (CMS), has multiple SQL injection vulnerabilities in various API routes inside the CMS. These vulnerabilities allow an authenticated user to obtain and modify arbitrary data from the Xibo database. Users should upgrade to version 3.3.12 or 4.0.14 to fix these vulnerabilities. Source: vulners.com, vulners.com, vulners.com, vulners.com

Booth #3122 at Black Hat

Get Cool Stickers and Learn API Security

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we've seen, data breaches continue to be a major concern across various sectors, from Hollywood to healthcare. The cost of these breaches is escalating, and it's clear that organizations need to be proactive in their security measures. Remember, security is not a one-time event but a continuous process. Stay vigilant, stay informed, and most importantly, stay secure. If you found this newsletter helpful, please consider sharing it with your colleagues and friends. Let's work together to create a safer digital world. Until next time, stay safe out there. [Share Secret CISO](#)

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO