Secret CISO 8/19: National Public Data Breach Exposes 2.9B Records, Security Flaws in MacOS App Store, New Kubernetes Vulnerability, North Korea's Lazarus APT Linked to Windows Zero-Day Attack

Secret CISO 8/19: National Public Data Breach Exposes 2.9B Records, Security Flaws in MacOS App Store, New Kubernetes Vulnerability, North Korea's Lazarus APT Linked to Windows Zero-Day Attack

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we delve into the recent data breach at National Public Data (NPD), a background check company, which exposed a staggering 2.9 billion records of private U.S. consumer data. This breach has sparked a renewed call for stronger identification methods and has left millions at risk of identity theft due to leaked Social Security numbers. In response to the breach, several lawsuits have been filed and cybersecurity experts are urging consumers to take precautions.

We'll also look at the Better Business Bureau's tips on what to do after a data breach and discuss the need for a better solution than just credit monitoring. In other news, we'll explore some major security flaws found in the MacOS app store and the new Kubernetes vulnerability that allows attackers to access clusters remotely.

We'll also discuss a recent Windows zero-day attack linked to North Korea's Lazarus APT and the use of the Xeon Sender tool to launch SMS phishing and spam campaigns. Stay tuned for more updates on these stories and other cybersecurity news. Stay safe and secure!

Data Breaches

  1. National Public Data Breach: The background check company National Public Data (NPD) has confirmed a massive data breach, with criminals obtaining 2.9 billion records of private U.S. consumer data. The stolen information includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses. This breach has led to several lawsuits and cybersecurity experts are issuing warnings for potentially affected individuals. Source: Payments Journal, GovInfoSecurity, Newsweek.
  2. Social Security Number Data Breach: In a related incident to the NPD breach, Social Security numbers and other personally identifiable information (PII) have been leaked onto the dark web. This breach has put millions of people at risk, with their social security information potentially compromised. Source: TechTarget, YouTube.
  3. Carespring Data Breach: Carespring, a healthcare provider, has suffered a data breach exposing the personal and medical information of nearly 77,000 patients. The data includes names, dates of birth, physical addresses, Social Security Numbers, medical and diagnosis information, and health insurance details. Source: Security Week.
  4. Email Accounts Compromised at UConn Health and Maryville Inc.: Email accounts at UConn Health and Maryville Inc. have been compromised, leading to a potential data breach. Complimentary credit monitoring services have been offered to individuals who had their Social Security numbers exposed. Source: The HIPAA Journal.
  5. Data Breach in Financial Services: The financial services sector is being urged to safeguard against data breaches, with roughly 306.4 billion emails sent and received each day in 2020, increasing the risk of data breaches. Specific strategies for safeguarding financial services from data breaches are being discussed. Source: Yahoo Finance.

Security Research

  1. Major Security Flaws in MacOS App Store: Security researcher Alex Kleber has identified five active Mac App Store accounts, all owned by a single actor, that may pose significant security risks. These flaws could potentially allow unauthorized access and data theft. Source: TechRadar
  2. New Kubernetes Vulnerability: Security researcher André Storfjord Kristiansen discovered a vulnerability in Kubernetes that could allow attackers to access clusters remotely. This flaw lies in the way ingress-nginx validates annotations. Source: Cybersecurity News
  3. Windows Zero-Day Attack Linked to North Korea's Lazarus APT: Security researchers at Gen Threat Labs have linked a Windows zero-day attack to North Korea's Lazarus APT. This discovery highlights the ongoing threat posed by state-sponsored cyber attacks. Source: Security Week
  4. Assume Breach When Building AI Apps: A new approach to building AI apps suggests assuming a breach from the outset. This approach can help developers to better identify potential security vulnerabilities and mitigate them effectively. Source: Dark Reading
  5. Attackers Use Xeon Sender Tool for SMS Phishing: Security researcher Alex Delamotte reports that attackers are using the Xeon Sender tool to launch SMS phishing and spam campaigns. This tool allows cybercriminals to exploit the APIs of various services. Source: Tech Times

Top CVEs

  1. CVE-2024-32927: A potential use after free vulnerability due to improper locking in sendDeviceState_1_6 of RadioExt.cpp could lead to local privilege escalation. No user interaction is required for exploitation. Source: CVE-2024-32927
  2. CVE-2024-43313: FormFacade is vulnerable to Cross-site Scripting (XSS) due to improper neutralization of input during web page generation. This could allow an attacker to inject arbitrary web script or HTML. Source: CVE-2024-43313
  3. CVE-2024-43320: Livemesh Addons for WPBakery Page Builder is susceptible to Stored XSS due to improper neutralization of input during web page generation. This could allow an attacker to inject arbitrary web script or HTML. Source: CVE-2024-43320
  4. CVE-2024-7917: A critical vulnerability has been discovered in DouPHP 1.7 Release 20220822. The flaw lies in the /admin/system.php file of the Favicon Handler component, which could be manipulated to allow unrestricted file upload. The attack can be launched remotely. Source: CVE-2024-7917
  5. CVE-2024-43286: Squirrly SEO Plugin by Squirrly SEO is vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. This could allow an attacker to manipulate SQL queries, potentially leading to data exposure or loss. Source: CVE-2024-43286

API Security

  1. Module Savepoints Vulnerability (CVE-2024-25582): A security flaw has been identified in the module savepoints, which could be exploited to inject references to malicious code. This could allow attackers to perform harmful API requests or extract user account information. The vulnerability requires temporary account access or successful social engineering. Users are advised to deploy updates and patch releases to mitigate the risk. Source: CVE-2024-25582
  2. Microcks API Import/Export Vulnerability (CVE-2024-44076): In Microcks versions before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access, posing a potential security risk. Users are advised to update to the latest version to resolve this issue. Source: CVE-2024-44076
  3. Ewon Cosy+ / Talk2M Remote Access Solution Authentication Issue: An improper authentication issue has been identified in the Ewon Cosy+ / Talk2M Remote Access Solution. Detailed information about this vulnerability is yet to be disclosed. Users are advised to monitor the situation and apply patches as they become available. Source: PACKETSTORM:180237

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of robust identification methods and the potential consequences of their failure. The recent breach at National Public Data, which exposed 2.9 billion records of private U.S. consumer data, underscores the urgency of this issue. In the face of such threats, it's crucial to stay informed and proactive. Remember to check with the breached company for the latest information and take necessary steps to protect your personal information.

We hope you found today's newsletter informative and useful. If you did, please consider sharing it with your friends and colleagues.

After all, cybersecurity is a shared responsibility. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO