Secret CISO 8/5: Arisa Health and First Commonwealth Data Breaches, Illinois Election Records Leak, CrowdStrike-Delta Dispute, Normalyze's New DSPM, and APT41

Secret CISO 8/5: Arisa Health and First Commonwealth Data Breaches, Illinois Election Records Leak, CrowdStrike-Delta Dispute, Normalyze's New DSPM, and APT41

Good morning, Secret CISO readers! Today's newsletter is packed with the latest cybersecurity news and insights. We're starting with a significant data breach at Arisa Health, affecting over 375,000 patients. Cyberattacks have also hit Sun City Pediatrics in Texas and Calibrated Healthcare in California. In other news, First Commonwealth Federal Credit Union is under investigation following a data breach in June. Misconfigured databases have leaked 4.6 million Illinois election records, including sensitive personal information.

We also have an interesting piece from Dark Reading on the need for different data protection strategies in today's world. Meanwhile, CrowdStrike is rejecting negligence claims from Delta Air Lines over an IT outage. In the realm of data security, Normalyze is filling critical gaps with market-driven DSPM requirements. We also delve into the rising cost of retail data breaches and the legal action against the Department of Education over a data breach. Our newsletter also covers the importance of an effective security strategy with data loss prevention for CIOs, the alarming statistic that almost three-quarters of ransomware victims are hit multiple times, and IBM's new AI-powered cybersecurity assistant for threat detection.

Stay tuned for more updates, including the appointment of Alex Stamos as Chief Information Security Officer at SentinelOne, the role of early adopters in driving security innovation, and the exposure of 4.6 million US voters' data by a tech contractor. Don't miss out on our expert insights and analysis of these stories and more in today's issue of Secret CISO. Stay safe and informed!

Data Breaches

  1. Arisa Health Confirms Data Breach Affected More Than 375,000 Patients: Arisa Health, a healthcare provider, confirmed a data breach that impacted over 375,000 patients. The breach has also been reported by Sun City Pediatrics in Texas and Calibrated Healthcare in California. Source: HIPAA Journal
  2. Federman & Sherwood Investigates First Commonwealth Federal Credit Union for Data Breach: First Commonwealth Federal Credit Union is under investigation by Federman & Sherwood after a cybersecurity incident was detected on June 27, 2024. The credit union immediately launched an investigation. Source: Morningstar
  3. Misconfigured databases leak 4.6M Illinois election records: A misconfigured database leaked 4.6 million Illinois election records, including individuals' names, addresses, Social Security numbers, and other sensitive information. Source: SC Media
  4. CrowdStrike Rejects Delta's Negligence Claims Over IT Outage: CrowdStrike dismissed negligence claims by Delta Air Lines, which threatened to sue after a faulty security software caused an IT outage. Source: GovInfoSecurity
  5. Legal action against Department of Education over data breach: The Department of Education is facing legal action over a data breach. A full and thorough investigation into the breach has been launched. Source: Belfast News Letter

Security Research

  1. Hackers Warn Of Dangerous New 0-Click Threat To GenAI Apps: A new research from Technion - Israel Institute of Technology, Cornell Tech, and Intuit reveals a dangerous 0-click threat to GenAI apps. The security researchers have warned about the potential hacking capabilities of this threat. Source: Forbes
  2. Hacker group FIN7 is selling EDR evasion tools to other cyber criminals: The notorious hacker group FIN7 is reportedly selling EDR evasion tools to other cyber criminals. This development poses a significant threat to the security landscape. Source: Security Intelligence
  3. Researchers Uncover Flaws in Windows Smart App Control and SmartScreen: Elastic Security Labs has uncovered flaws in Windows Smart App Control and SmartScreen. These vulnerabilities could potentially allow for security breaches with minimal user interaction. Source: The Hacker News
  4. China-linked APT41 breached Taiwanese research institute: APT41, a China-linked group, has breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike. This breach underscores the persistent cyber threats posed by state-sponsored actors. Source: Security Affairs
  5. New Android Trojan "BlankBot" Targets Turkish Users' Financial Data: Cybersecurity researchers have discovered a new Android Trojan named "BlankBot" that targets Turkish users' financial data. This discovery highlights the increasing sophistication of mobile-based cyber threats. Source: The Hacker News

Top CVEs

  1. CVE-2024-35143 - Unauthorized Access in IBM Planning Analytics Local: IBM Planning Analytics Local 2.0 and 2.1 have a vulnerability that allows a remote attacker to gain unauthorized access to the MongoDB server due to its configuration that allows connections without password authentication. Source: CVE-2024-35143
  2. CVE-2024-7409 - DoS Attack in QEMU NBD Server: A flaw in the QEMU NBD Server allows a denial of service (DoS) attack. This vulnerability occurs due to improper synchronization during socket closure when a client keeps a socket open as the server is taken down. Source: CVE-2024-7409
  3. CVE-2024-5081 - CSRF and XSS Vulnerabilities in wp-eMember WordPress Plugin: The wp-eMember WordPress plugin before v10.7.0 lacks CSRF checks in some places and is missing sanitisation as well as escaping. This could allow attackers to make a logged-in admin add Stored XSS payloads via a CSRF attack. Source: CVE-2024-5081
  4. CVE-2024-7459 - CSRF Vulnerability in OSWAPP Warehouse Inventory System: A vulnerability in OSWAPP Warehouse Inventory System 1.0/2.0 allows for cross-site request forgery due to an unknown function of the file /edit_account.php. The exploit has been publicly disclosed and may be used. Source: CVE-2024-7459
  5. CVE-2024-7462 - Buffer Overflow in TOTOLINK N350RT: A critical vulnerability in TOTOLINK N350RT 9.3.5u.6139_B20201216 allows for a buffer overflow due to the manipulation of the argument ssid in the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The exploit has been publicly disclosed and may be used. Source: CVE-2024-7462

API Security

  1. API Security Vulnerability in Multiple Pimax Products: Multiple Pimax products have been found to accept WebSocket connections from unintended endpoints. This vulnerability, if exploited, could allow arbitrary code execution by a remote unauthenticated user. This is a serious concern as it could potentially lead to unauthorized access and control over the system. Source: CVE-2024-41889
  2. Path Traversal Vulnerability in elunez eladmin: A critical vulnerability has been discovered in elunez eladmin up to version 2.7. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the Database Management/Deployment Management component. The manipulation of the 'file' argument leads to path traversal: 'dir/../../filename'. The exploit has been publicly disclosed and may be used, posing a significant risk. Source: CVE-2024-7458

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. As we can see, the cybersecurity landscape is ever-evolving, with new threats and challenges emerging daily. From data breaches affecting hundreds of thousands of patients to misconfigured databases leaking millions of election records, the need for robust, proactive security measures has never been more critical.

Remember, knowledge is power. By staying informed, we can all play a part in safeguarding our digital world.

If you found today's newsletter helpful, please consider sharing it with your friends and colleagues.

Let's work together to create a safer, more secure digital environment for everyone. Stay safe, stay informed, and see you in the next edition of Secret CISO.

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO