Secret CISO 9/24: Dell's Double Data Breach, US Healthcare Breach Affects 14M, MC2 Leak Exposes 100M Americans, AI in Security, and Cybersecurity Research Threats

Secret CISO 9/24: Dell's Double Data Breach, US Healthcare Breach Affects 14M, MC2 Leak Exposes 100M Americans, AI in Security, and Cybersecurity Research Threats

Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity. Today, we're diving into the importance of post-breach digital identity, discussing the recent data breaches at Dell and the potential risks for over 10,000 employees. We'll also explore the link between layoffs and data breaches, and the potential financial implications of the PSNI data breach. In the healthcare sector, we're looking at the impact of data breaches on 14 million patients in the US. We'll also discuss the rising costs of data breaches, driven by an increase in intellectual property theft and the use of shadow data. In AI news, Absolute Security has integrated AI-powered threat detection into its Secure Access Security Service Edge offering.

We'll also discuss a massive data leak that could potentially affect one-third of Americans, and a cybersecurity incident that has put the personal information of 100 million Americans at risk. Stay tuned for more on new cybersecurity incident response plans for lawyers, data breaches at Delta Health System and Metropolitan Life Insurance Company, and the potential threat to sensitive data following a claimed server breach at Deloitte. We'll also cover the relation between data breaches and stock price drops, a data breach at Star Health that has exposed millions on Telegram, and the fifth security breach at OpenAI in 20 months.

Don't miss our coverage of a lawsuit against Katz Nannis & Solomon Accounting Firm over a 2023 data breach, amendments to Pennsylvania's breach notification law, and the latest ransomware tactics and zero trust strategies.

We'll wrap up with a look at the latest vulnerabilities, including a remote code execution flaw in Rockwell Automation PLC Software and a potential national security issue linked to misogyny and violent extremism. Stay safe and informed with Secret CISO.

Data Breaches

  1. Dell Data Breach Leaves Info of Over 10,000 Employees at Risk: Computing manufacturer Dell has suffered a significant database hack, potentially exposing the private information of over 10,000 employees. The company is the latest in a string of high-profile businesses to fall victim to data breaches. Source: Tech.co
  2. PSNI Data Breach: Attempt to Agree on Compensation Amount: The Police Service of Northern Ireland (PSNI) is currently in discussions to agree on a compensation amount following a significant data leak. The final bill could potentially reach as high as £240m. Source: BBC News
  3. 14 Million Patients Impacted by US Healthcare Data Breaches in 2024: SonicWall's research reveals that data breaches caused by malware attacks on US healthcare organizations have affected 14 million people so far in 2024. Source: Infosecurity Magazine
  4. Massive Data Leak Could Mean One-Third of Americans Has Data Leaked Online: A significant data leak originating from background check firm MC2 Data has potentially exposed the data of one-third of Americans. The firm left a 2.2TB database online, making it a potential goldmine for cybercriminals. Source: TechRadar
  5. Delta Health System Data Breach Leaks Patients' SSNs and Medical Information: Delta Health System has filed a notice of data breach with the Attorney General of Montana after discovering that patients' Social Security Numbers and medical information had been leaked. Source: JD Supra

Security Research

  1. "CISA catalog falls short on CVEs targeted by Flax Typhoon": The Flax Typhoon threat group is actively exploiting 66 security vulnerabilities, a number of which are not covered in the CISA catalog. This highlights the need for a more comprehensive and updated database of vulnerabilities. Source: Cybersecurity Dive
  2. "Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar": This expert-led webinar provides insights into the latest ransomware strategies and zero-trust defenses, offering valuable knowledge to businesses looking to bolster their security. Source: The Hacker News
  3. "Behind the Scenes: The Technical Details of Arc's Recent Vulnerability": The Browser Company has disclosed a security vulnerability in the Arc browser, CVE-2024-45489. The details of this vulnerability serve as a reminder of the importance of regular security audits and updates. Source: INA
  4. "North Korea Targets Software Supply Chain Via PyPI": A North Korean hacking group is suspected of poisoning Python packages, targeting developers and potentially compromising software supply chains. This highlights the need for stringent security measures in software development and distribution. Source: BankInfoSecurity
  5. "Nearly half of security pros see AI as top threat, survey finds": A survey by HackerOne reveals that nearly half of security professionals view AI as the top security risk, with 68% advocating for external AI security reviews. This underscores the growing concern about the potential misuse of AI in cyberattacks. Source: IT Brief Australia

Top CVEs

  1. CVE-2024-9014: pgAdmin versions 8.11 and earlier have a security flaw in OAuth2 authentication. This vulnerability could allow an attacker to obtain the client ID and secret, leading to unauthorized access to user data. Source: vulners.com
  2. CVE-2024-39843: Centreon 24.04.2 is vulnerable to a SQL injection. A remote high-privileged attacker could execute arbitrary SQL commands via the create user form. Source: vulners.com
  3. CVE-2024-47068: Rollup, a module bundler for JavaScript, has a DOM Clobbering vulnerability in versions prior to 3.29.5 and 4.22.4. This could lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present. Source: vulners.com
  4. CVE-2024-7023: Google Chrome prior to 128.0.6537.0 has insufficient data validation in its Updater. This could allow a remote attacker to perform privilege escalation via a malicious file. Source: vulners.com
  5. CVE-2024-7024: Google Chrome prior to 126.0.6478.54 has an inappropriate implementation in V8. This could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Source: vulners.com

API Security

  1. W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext: The W3 Total Cache plugin for WordPress, up to version 2.7.5, is vulnerable to sensitive information exposure. Google OAuth API secrets are stored in plaintext in the publicly visible plugin source, potentially allowing unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information. Source: CVE-2023-5359
  2. Proxmox Virtual Environment API Security Vulnerability: Proxmox Virtual Environment, an open-source server management platform for enterprise virtualization, has insufficient safeguards against malicious API response values. Authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges can download arbitrary host files via the API, potentially leading to full system compromise. Source: CVE-2024-21545
  3. Traccar 5.12 Remote Code Execution: Traccar, an open-source GPS tracking system, has a remote code execution vulnerability in version 5.12. The details of this vulnerability are not fully disclosed in the source. Source: PACKETSTORM:181800
  4. Lobe-chat Insufficient Fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964): Lobe-chat, an open-source AI chat framework, implemented an insufficient fix for a previous server-side request forgery vulnerability. The protection does not consider redirects and can be bypassed when an attacker provides an external malicious URL that redirects to internal resources. Source: GHSA-3FC8-2R3F-8WRG
  5. DataEase XML External Entity Reference Vulnerability: DataEase, a database management system, has an XML external entity injection vulnerability in its static resource upload interface. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in version v2.10.1. Source: GHSA-4M9P-7XG6-F4MM

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We've covered a lot of ground, from the importance of post-breach digital identity to the latest data breaches affecting major companies and millions of individuals. We've also touched on the role of AI in security and the potential risks it poses. Remember, in the world of cybersecurity, knowledge is power. Stay informed, stay vigilant, and most importantly, stay secure.

If you found this newsletter helpful, please consider sharing it with your colleagues and friends.

Let's work together to create a safer digital world for everyone. Until next time, stay safe and secure.

Read more

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Secret CISO 10/7: Comcast, Truist, T-Mobile Breaches, Dutch Police Data Exposed, CISA Warning, Matru Poshan App Breach, USAA System Error, Cybersecurity Misconceptions Debunked

Welcome to today's issue of Secret CISO, your daily dose of cybersecurity insights. Today, we navigate the fallout of recent data breaches and the essential steps healthcare companies should take to bolster their security programs. We'll delve into the FBCS breach that impacted Comcast and Truist,

By Secret CISO
Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Secret CISO 10/5: China-linked breach hits U.S. wiretap systems, Hezbollah data breach tops cybersecurity events, Google's Pixel 9 Pro XL privacy flaws under scrutiny

Good morning, Secret CISO readers! Today's newsletter is packed with some serious security breaches and data leaks that have been making headlines. Starting off with a major security breach linked to China, U.S. wiretap systems have been targeted, compromising the networks of U.S. broadband providers. This

By Secret CISO