Secret CISO 2/27: Unveiling Cyber Vulnerabilities from UnitedHealth to U-Haul – Navigating the New Wave of Attacks

Secret CISO 2/27: Unveiling Cyber Vulnerabilities from UnitedHealth to U-Haul – Navigating the New Wave of Attacks

Welcome to this edition of The Secret CISO newsletter, where we delve into the latest trends, challenges, and innovations in the realm of cybersecurity. Our mission is to equip you with the knowledge and insights necessary to navigate the complex landscape of information security. In this issue, we explore new developments, share expert analyses, and provide practical advice to help you strengthen your organization's cybersecurity posture.

1. Data Breaches

UnitedHealth's Cyberattack Leading to Pharmacy Disruptions

UnitedHealth's cyberattack has caused significant disruptions across pharmacies due to the hack of Change Healthcare. This breach emphasizes the vulnerabilities within healthcare data systems and the domino effect that can occur within interconnected services. It's crucial for healthcare organizations to enhance their cybersecurity measures and for individuals affected to take immediate action​​.

Read more: https://www.kiplinger.com/personal-finance/health-insurance/pharmacy-disruptions-are-ongoing-in-aftermath-of-unitedhealths-cyberattack

U-Haul Customer Data Breach

U-Haul experienced a significant data breach impacting 67,000 customers. The breach involved a reservation tracking system, leading to the compromise of sensitive customer information. This incident highlights the necessity for robust security measures in data management systems and the importance of prompt breach notification to affected individuals​​.

Read more: https://www.securityweek.com/67000-u-haul-customers-impacted-by-data-breach/

Akira Ransomware Attack on Swedish Municipality

The Akira ransomware group has threatened to leak nearly 200GB of data stolen from the systems of Bjuv Municipality in Sweden. This breach underscores the growing threat of ransomware attacks on public sector entities and the critical need for municipal governments to strengthen their cybersecurity defenses to protect sensitive data​​.

Read more: https://thecyberexpress.com/akira-ransomware-group-targets-bjuv/

Cyberattacks on Canada's RCMP and Global Affairs

Canada's Royal Canadian Mounted Police (RCMP) and Global Affairs were hit by cyberattacks, marking a significant breach in national security. The attacks underscore the increasing cyber threats facing government institutions and the importance of implementing stringent security protocols to safeguard sensitive information​​.

Read more: https://www.securityweek.com/canadas-rcmp-global-affairs-hit-by-cyberattacks/

State-Sponsored Group Behind Change Healthcare Breach

A suspected nation-state cyber security threat actor breached Change Healthcare, affecting UnitedHealth Group's systems. This incident highlights the escalating cyber espionage activities targeting healthcare data and the need for enhanced security measures to protect against sophisticated nation-state threats​

Read more: https://www.securityweek.com/state-sponsored-group-blamed-for-change-healthcare-breach/

2. Top CVE

CVE-2024-25469

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and earlier versions. Attackers can obtain sensitive information using the latitude and longitude parameters in the api/front/store/list. Users should update to the latest version to mitigate this vulnerability.

Read more: https://github.com/crmeb/crmeb_java/

CVE-2024-26598

In the Linux kernel, a Use-After-Free (UAF) vulnerability has been resolved in the KVM: arm64: vgic-its component. It concerns a race condition in the LPI translation cache. Updating the Linux kernel to the latest version is recommended to address this issue.

Read more: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=12c2759ab1343c124ed46ba48f27bd1ef5d2dff4

CVE-2024-22988

Vulnerability in zkteco zkbio WDMS v.8.0.5 allows attackers to execute arbitrary code via the /files/backup/ endpoint. Users should apply any available updates or contact the vendor for mitigation steps.

Read more: https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47

CVE-2024-22776

Wallos 0.9 has a Cross Site Scripting (XSS) vulnerability in all text-based input fields without proper validation, except those needing specific formats like dates. Users should update to a version with proper input validation to mitigate this vulnerability.

Read more: https://github.com/ellite/Wallos

CVE-2023-52464

In the Linux kernel, a vulnerability has been resolved in the EDAC/thunderx module: Fix possible out-of-bounds string access. The issue was highlighted by enabling -Wstringop-overflow globally, exposing a common bug in the usage of strncat() within drivers/edac/thunderx_edac.c. Update the Linux kernel to address this issue.

Read more: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=426fae93c01dffa379225eb2bd4d3cdc42c6eec5

3. Security Research

Energy Department Invests $45 Million in Cybersecurity Projects

The Energy Department's $45 million investment into 16 projects, including Georgia Tech Research Corporation's 'GridLogic', is a crucial step towards enhancing the cybersecurity framework of the United States' energy sector. This initiative aims to build a robust defense against cyberattacks and protect against malicious insiders, ensuring the reliability and security of the nation's energy infrastructure. It reflects the growing recognition of the strategic importance of energy security in the national cybersecurity agenda​​.

Read more: https://www.securityweek.com/energy-department-invests-45-million-in-16-projects-to-improve-cybersecurity/

The distinction between security researchers and criminals is becoming increasingly blurred, posing new legal challenges for companies and Chief Information Security Officers (CISOs). Understanding the intent and affiliation of individuals they interact with is crucial for maintaining security without crossing legal boundaries. This evolving landscape underscores the importance of comprehensive security strategies and legal awareness in today's digital age​​.

Read more: https://www.darkreading.com/cyber-risk/what-companies-cisos-should-know-about-rising-legal-threats

AI's Role in Reducing False Positives in Secret Scanners

Recent advancements in AI and machine learning are proving to be a game-changer in the realm of cybersecurity, particularly in reducing false positives in secret scanners. This development not only enhances the accuracy of cybersecurity measures but also streamlines operations, allowing security teams to focus on genuine threats. The integration of AI into cybersecurity practices represents a significant leap forward in the ongoing battle against data breaches and cyber threats​​.

Read more: https://www.helpnetsecurity.com/2024/02/27/secrets-scanners-false-positives/

New iOS Security Warning for iPhone Users

A recent security warning for iPhone users highlights the vulnerabilities within iOS apps, underscoring the constant need for vigilance and regular updates. Security researchers are urging users to stay informed and proactive in protecting their devices from potential exploits. This serves as a reminder of the ever-evolving nature of cyber threats and the importance of maintaining up-to-date security practices​​.

Read more: https://www.forbes.com/sites/kateoflahertyuk/2024/02/27/new-ios-warning-issued-to-all-iphone-users/?sh=583212ae4343

Critical SQLi Vulnerability in WordPress Plugin

A critical SQL injection vulnerability discovered in a popular WordPress plugin threatens over 200,000 websites, highlighting the widespread impact of web-based vulnerabilities. This incident underscores the importance of regular security audits and updates for web applications and plugins. It serves as a stark reminder for businesses and web administrators to prioritize website security to protect sensitive data and maintain user trust​​.

Read more: https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html

4. CISO Jobs

Entertainment Partners in Burbank, CA

As Chief Information Security Officer with an offering of $300K - $375K per year, plus a 401(k) benefit, this position represents a lucrative opportunity in the entertainment industry. The role requires a unique blend of leadership, technical expertise, and an understanding of the entertainment sector's unique security challenges, making it a highly desirable position for any cybersecurity professional looking to make a significant impact​​.

Read more: https://www.linkedin.com/jobs/view/3822592453

Hilton in McLean, VA

The iconic hotel chain is actively recruiting a Chief Information Security Officer, indicating the hospitality industry's increasing focus on cybersecurity to protect guest data and corporate information. This on-site role is pivotal in safeguarding the reputation and operational integrity of one of the world's leading hospitality companies​​.

Read more: https://www.linkedin.com/jobs/view/3817898894

Dice in Washington, DC

The Deputy CISO position at Dice highlights the growing recognition of cybersecurity roles within the tech industry. Located in the heart of the nation's capital, this role involves high-level strategic decision-making and offers a unique opportunity to influence cybersecurity practices in a leading tech company​​.

Read more: https://www.linkedin.com/jobs/view/3841114811

Ohio Department of Administrative Services in Columbus, OH

The Deputy CISO position demonstrates the critical need for cybersecurity leadership within state government agencies. Offering $52.57/hr - $68.90/hr and medical benefits, this role focuses on protecting sensitive government data and systems, providing an excellent opportunity for those looking to serve in the public sector​​.

Read more: https://www.linkedin.com/jobs/view/3818328386

Case Western Reserve University in Cleveland, OH

The Chief Information Security Officer role underscores the importance of cybersecurity in the educational sector. Responsible for protecting the information assets of one of the leading research universities in the US, this position offers a unique challenge to secure an environment that is both open for academic purposes and secure against cyber threats​​.

Read more:https://www.linkedin.com/jobs/view/3836120411

Final words


We are grateful for your continued interest and support in reading this edition of The Secret CISO newsletter. Your dedication to staying informed is key to our collective success in delivering impactful cybersecurity knowledge. Should you find our insights valuable, we encourage you to share them with peers and colleagues who could also benefit. Together, by sharing knowledge, we help forge a more informed and resilient cybersecurity community. Thank you once again for your trust and support.

Best regards,
The Secret CISO Team

Read more

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Secret CISO 12/10: Unprecedented Data Breaches at HealthAlliance, Irish University, and Highgate Hotels; Deloitte and Cipla Deny Hacks; Research Reveals OpenWrt Vulnerability and Arctic Security Shifts

Good morning, Secret CISO readers! Today's newsletter is packed with critical updates from the cybersecurity world. We're seeing a concerning trend of firms failing to grasp the financial impact of cyber breaches, with HealthAlliance paying a hefty $550,000 for neglecting a known vulnerability. In Ireland,

By Secret CISO