Secret CISO 8/16: US Social Security data breach exposes 2.7 billion records, Ukrainian refugees' data leaked, research reveals average data breach cost for financial sector tops $6M, and new findings on ransomware payment sizes in 2024

Secret CISO 8/16: US Social Security data breach exposes 2.7 billion records, Ukrainian refugees' data leaked, research reveals average data breach cost for financial sector tops $6M, and new findings on ransomware payment sizes in 2024

Hello there, In today's edition of Secret CISO, we delve into the alarming news of a massive data breach that has potentially exposed the Social Security numbers of billions of people.

A hacking group named USDoD claims to have stolen 2.7 billion records of personal information, including Social Security numbers. The breach has been reported across various platforms, including Fox 32 Chicago, USA Today, and iHeart.

The fallout from this breach could be far-reaching, with the average cost for the financial sector topping $6M. But it's not all doom and gloom. We also bring you expert advice on how to protect your privacy in the wake of such breaches. From checking if your information was compromised to freezing your credit, we provide you with actionable steps to safeguard your personal data. In other news, we explore the rising trend of cyber-risk management, with key takeaways from Black Hat 2024.

We also delve into the latest research on ransomware payment sizes and the slow-burn nightmare of the National Public Data Breach. Stay tuned for more updates and remember, knowledge is your best defense against cyber threats.

Data Breaches

  1. "Massive Social Security Data Breach": A hacking group, USDoD, has reportedly stolen 2.7 billion records of personal information from Americans, including their Social Security numbers. This breach is considered one of the largest in history, potentially affecting nearly every American. Source: USA Today
  2. "Data Breach Exposes Ukrainian Refugees in Scotland": Personal details of Ukrainian refugees in Scotland were exposed in a data breach. The breach has been reported to the Information Commissioner's Office and access to the data has been disabled. Source: BBC News
  3. "Muncie City Employees Data Breach": Personal information of Muncie city employees, including names and social security numbers, was inadvertently emailed to an unintended party. The city has reached out to law enforcement to conduct an investigation. Source: Fox 59
  4. "National Public Data Breach": Background check company National Public Data confirmed a breach, with a lawsuit claiming nearly 3 billion people have been impacted. The stolen data includes social security numbers, physical addresses, and more. Source: WIRED
  5. "Financial Sector Data Breach": A report reveals that the average cost of a data breach for the financial sector tops $6M. One-third of organizations reported that at least some of their breached information involved “shadow data” being stored without the security team's knowledge. Source: ABA Banking Journal

Security Research

  1. Cyber-risk management: Key takeaways from Black Hat 2024: Security teams are struggling to maintain an accurate view of assets and attack surfaces, as well as continuous vulnerability. This research highlights the importance of effective cyber-risk management in today's digital landscape. Source: TechTarget
  2. Chainalysis: Ransomware Payment Sizes Spike in 2024: Research by Chainalysis indicates that ransom payment sizes are increasing, despite a growing sentiment against paying ransoms. This suggests that threat groups are adapting their strategies in response to changing attitudes. Source: Duo Security
  3. The Slow-Burn Nightmare of the National Public Data Breach: The public has become desensitized to the constant leaks of personal data, but the risk remains serious. This research emphasizes the need for improved data security measures. Source: WIRED
  4. Thousands of Oracle NetSuite ERP websites found leaking private customer information: Research at AppOmni has found that many Oracle NetSuite ERP websites are leaking private customer information. This highlights the need for vendors to improve the security of their products. Source: TechRadar
  5. Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign: Security researchers warn that a threat actor is extorting organizations after compromising their cloud environments via misconfigurations. This research underscores the importance of proper cloud configuration to prevent cyber threats. Source: SecurityWeek

Top CVEs

  1. CVE-2024-34743 - SurfaceFlinger.cpp Tapjacking Vulnerability: A logic error in SurfaceFlinger.cpp's setTransactionState could allow local escalation of privilege without additional execution privileges or user interaction. Source: CVE-2024-34743
  2. CVE-2024-43374 - Vim Use-After-Free Error: Prior to version 9.1.0678, the UNIX editor Vim has a use-after-free error in argument list handling. This could lead to a crash of Vim, but the impact is low as it requires unusual autocommands or a malicious plugin. Source: CVE-2024-43374
  3. CVE-2024-34731 - TranscodingResourcePolicy.cpp Memory Corruption: Multiple functions of TranscodingResourcePolicy.cpp have a potential memory corruption due to a race condition, leading to local escalation of privilege without additional execution privileges or user interaction. Source: CVE-2024-34731
  4. CVE-2024-34727 - sdp_utils.cc Out of Bounds Read: In sdp_utils.cc's sdpu_compare_uuid_with_attr, a possible out of bounds read due to a heap buffer overflow could lead to remote information disclosure without additional execution privileges or user interaction. Source: CVE-2024-34727
  5. CVE-2024-42472 - Flatpak Persistent Directories Vulnerability: In versions prior to 1.14.0 and 1.15.10, Flatpak, a Linux application sandboxing and distribution framework, has a vulnerability that could allow a malicious or compromised app to access and write files outside of its access scope. Source: CVE-2024-42472

API Security

  1. Cilium Gateway API Information Leak: Due to a flaw in Cilium's GatewayAPI controller, Gateway resources can access secrets in other namespaces even after the associated ReferenceGrant has been revoked. This could lead to unauthorized access to sensitive information. The issue has been patched in Cilium v1.15.8 and v1.16.1. Source: vulners.com
  2. Ingress-nginx Security Issue: A security issue in ingress-nginx allows an actor with permission to create Ingress objects to bypass annotation validation and inject arbitrary commands, potentially compromising the ingress-nginx controller's credentials. Source: vulners.com
  3. Build Your Own Botnet 2.0.0 Remote Code Execution: A vulnerability in the Build Your Own Botnet 2.0.0 allows for remote code execution, potentially compromising the security of the system. Source: vulners.com
  4. Gateway API Route Matching Order: Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification, potentially leading to traffic being delivered to the incorrect backend and unauthorized access to information. The issue has been fixed in Cilium v1.15.8 and v1.16.1. Source: vulners.com
  5. OAuth Library for nim CSRF Vulnerability: In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy, potentially allowing an attacker to perform a CSRF attack. The issue has been fixed in version 0.11. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of the Secret CISO newsletter, we want to remind you that the security of your data is of utmost importance. With the recent massive data breach, it's crucial to stay informed and take necessary precautions to protect your personal information. Remember, the cost of a data breach can be enormous, not just in financial terms but also in terms of your personal security and privacy.

So, stay vigilant, stay safe, and keep your data secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world. Until next time, stay safe and secure!

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO