Secret CISO #14: Cannabis Data Leak, Heavy Healthtech Breaches, and Now Daily!

Secret CISO

Feb 10, 2024 — 6 min read

Welcome to the latest edition of the Secret CISO newsletter, now your daily clandestine source for critical cybersecurity insights and news. With the digital landscape evolving rapidly, it's crucial to stay informed. Every day, we bring you high-profile data breaches and vulnerabilities impacting industries from biotech to cybersecurity giants.

Thanks to your feedback, we're excited to offer CISO news every weekday. Get fresh, actionable intelligence directly to your inbox, ensuring you're always up-to-date.

Today, we focus on significant cybersecurity challenges, including the Krystal BioTech data breach and threats from nation-state actors. Discover innovative strategies to strengthen your defenses.

Join us daily in the cyber wilderness, where staying informed is your best defense. Welcome to the Secret CISO – your daily cybersecurity guide. Please share with friends.

1. Data Breaches

Krystal BioTech Data Breach

Krystal BioTech, Inc. experienced a significant data breach, leading to the filing of a formal notice on January 30, 2024. This incident exposed an unknown number of Social Security numbers (SSNs), putting individuals' privacy at risk. The breach reflects the growing concern over data security in the biotech industry and highlights the importance of stringent data protection measures.

Cannabis Industry Data Leak

A data leak in the cannabis industry has put numerous workers at risk, with Cybernews reporting that encrypted Social Security numbers were among the leaked information. The leak originated from a misconfiguration in MongoDB, a popular database system. This incident underscores the critical need for proper database management and security practices within the rapidly growing cannabis sector.

HealthEC's Data Breach Affecting US Renal Care Patients

On February 7, 2024, HealthEC announced a data breach impacting patients of US Renal Care. An unauthorized party gained access to sensitive patient information, emphasizing the ongoing threats facing the healthcare sector. This breach serves as a reminder of the vital importance of cybersecurity measures in protecting patient data.

Connecticut College's Delayed Breach Announcement

Connecticut College revealed a data breach 11 months after its occurrence, which exposed social security numbers among other sensitive information. The delay in disclosure raises questions about transparency and the timeliness of breach notifications, highlighting the need for institutions to promptly address and communicate security incidents to affected individuals.

Plaza Radiology Data Breach Lawsuit

Plaza Radiology is facing a lawsuit over a cyberattack that affected 569,000 people, as reported by ClassAction.org. This incident, involving a Tennessee-based medical imaging services provider, has brought to light the significant repercussions of data breaches on businesses and individuals alike, stressing the critical need for robust cybersecurity defenses and incident response strategies.

2. Top CVE

CVE-2024-22394

Improper Authentication in SonicWall SonicOS SSL-VPN (2024-02-08):** A vulnerability in SonicWall's SonicOS SSL-VPN feature allows remote attackers to bypass authentication in specific firmware versions. This breach stresses the urgent need for firmware updates and enhanced authentication protocols to prevent unauthorized access.

CVE-2024-21762

Fortinet's FortiOS and FortiProxy versions contain an out-of-bounds write flaw, risking application crashes, data corruption, or elevated privileges. It underscores the critical importance of immediate patching and continuous security monitoring in safeguarding network infrastructures.

CVE-2024-22318

NTLM Hash Disclosure in IBM i Access Client Solutions. IBM i Access Client Solutions' vulnerability allows NTLM hash disclosure via manipulated UNC paths, highlighting the risks of NTLM authentication and the need for secure configurations to protect against credential theft.

CVE-2023-6564

Role-Based Access Control Issue in GitLab EE Premium and Ultimate. A flaw in GitLab EE allows Developers in subgroups unauthorized actions on protected branches, emphasizing the necessity of meticulous permission settings verification and robust access control mechanisms within collaborative development environments.

CVE-2024-23452

HTTP Request Smuggling in Apache bRPC. Apache bRPC's HTTP server exhibits a request smuggling vulnerability due to RFC-7230 non-compliance, accentuating the importance of adhering to protocol standards and thorough security testing to prevent data breaches and unauthorized access.

3. Security Research

Fortinet's Challenging Week

Fortinet recently faced significant scrutiny due to undisclosed vulnerabilities within its products. The Register reports that Fortinet's PSIRT (Product Security Incident Response Team) has been balancing customer security with a culture of transparency and collaboration with researchers. Despite efforts, the undisclosed vulnerabilities have raised concerns about potential exploitation and the implications for Fortinet's vast user base. This incident underscores the continuous battle between maintaining security and fostering an open relationship with the security research community.

North Korean Malware Targeting South Korea

NK News highlighted a sophisticated cyber-espionage campaign by North Korean hackers targeting South Korean entities. The threat group, known as Kimsuky, has deployed new malware to steal sensitive data. This development signifies an ongoing geopolitical cyber conflict, illustrating the advanced capabilities of nation-state actors and the critical need for robust cybersecurity defenses in the face of targeted attacks.

Raspberry Pi Pico Used to Crack BitLocker

GBHackers on Security reported an alarming discovery where security researchers successfully used a Raspberry Pi Pico to bypass BitLocker encryption in under a minute. This breakthrough exposes significant vulnerabilities in widely trusted encryption mechanisms, posing a grave risk to data security for organizations relying on BitLocker for disk encryption. The incident highlights the importance of re-evaluating encryption strategies and ensuring that physical access controls are as robust as digital ones.

Mass-Exploitation of Ivanti VPN Flaw

Yahoo News Canada covered a recent wave of attacks exploiting newly discovered vulnerabilities in Ivanti's VPN products. Even though Ivanti has released patches, the widespread exploitation of these flaws by attackers could have long-lasting impacts on organizations that are slow to update their systems. This scenario is a stark reminder of the importance of timely patch management and the potential consequences of neglecting vulnerability remediation.

FBI's Defense of Warrantless Surveillance Highlighting China

The Register reported on the FBI's justification for warrantless Section 702 surveillance, citing concerns over Chinese espionage. This defense illuminates the complex balance between national security and individual privacy rights. The emphasis on China as a significant cyber threat underscores the broader geopolitical tensions and the role of cybersecurity in national defense strategies.

4. CISO Jobs

Chief Information Security Officer at Aegistech

Aegistech is offering a remote CISO position with an impressive salary range of $300K to $400K per year. This role presents an unparalleled opportunity to lead cybersecurity initiatives in a dynamic environment, perfect for those looking to make a significant impact while enjoying the flexibility of remote work.

Director IT Security at Howard Hughes Holdings Inc.

Howard Hughes Holdings Inc. is seeking a Director of IT Security to act in a CISO capacity within their organization. Located in The Woodlands, Texas, this role is ideal for individuals seeking to influence security strategy in a developing and vibrant community.

Executive Director, Information Security- Governance, Risk, and Compliance at Amgen

Amgen is on the hunt for an Executive Director to oversee Information Security, focusing on Governance, Risk, and Compliance. This fully remote position offers the chance to work with one of the leading biotechnology companies, emphasizing strategic leadership in information security.

Deputy CISO Governance, Risk & Compliance at New York City Office of Technology & Innovation

The NYC Office of Technology & Innovation is looking for a Deputy CISO with a focus on Governance, Risk, and Compliance. This hybrid role based in Manhattan allows for a blend of on-site and remote work, providing a unique opportunity to impact the digital security of one of the world's most significant urban centers.

Chief Information Security Officer at Concord Technologies

Concord Technologies is offering a hybrid CISO role based in Seattle, WA, with a competitive salary range of $200K to $230K per year, plus 401(k) and seven additional benefits. This position is perfect for those looking to lead in an innovative environment that values both security and technology.

Final Words

Thank you for reading Secret CISO #14!

We hope you found the insights and updates informative and engaging. If you enjoyed this edition, please consider sharing it with your friends to spread the knowledge. As a token of our appreciation, we're including a digital gift for you – a unique cyber fish in a cyberpunk style. Share the wonders of the digital sea with your network and let the cyber fish swim into their digital realms. Thank you once again for your support and engagement.

Thank you again for your time and interest in our newsletter!

Always with you in all the cyber challenges, Secret CISO Team.