Subject: Secret CISO Daily Newsletter - Data Breaches and Cybersecurity Vulnerabilities (1/11) Hello there, In today's edition of Secret CISO, we're diving into a series of data breaches that have impacted schools across the nation, from Chicago to central Ohio. The common denominator? PowerSchool, a popular education software, which fell victim to a cyberattack, compromising personal data from numerous school districts. In Rhode Island, residents are being urged to monitor their mail closely as the state recovers from a massive cyberattack. Meanwhile, Gerber Life Insurance Company has filed a notice of data breach following unauthorized access to its call center.

In other news, we're keeping an eye on a series of cybersecurity vulnerabilities, from cross-platform scripting leaks to potential unauthorized actions by users with advanced report application access rights. Stay tuned for more details on these stories and other breaking cybersecurity news.

Data Breaches

1. Chicago-area School Districts Data Breach: Personal data from numerous Chicago-area school districts was compromised in a cyberattack targeting PowerSchool, a widely-used education software. The extent of the breach and the specific data accessed is still under investigation. Source: NBC Chicago
2. Garfield Re-2 School District Data Breach: Information belonging to families and educators of Garfield Re-2 School District was illegally accessed in a global data breach. The district is currently working to assess the impact and potential harm to its community members. Source: Post Independent
3. Rhode Island Data Breach: Rhode Islanders are being advised to monitor their mail as the state recovers from a massive cyberattack. The state is offering five years of credit monitoring to those affected by the data breach. Source: YouTube
4. Gerber Life Insurance Data Breach: Gerber Life Insurance Company filed a notice of data breach with the Attorney General of Massachusetts after unauthorized access to call records. The company is currently investigating the incident and has not disclosed the number of individuals affected. Source: JDSupra
5. Howell Public Schools Data Breach: A nationwide security breach impacted Howell Public Schools, with the extent of the data accessed still unknown. The breach was part of a larger attack on PowerSchool, a popular education software used by the district. Source: WHMI 93.5 Local News

Security Research

1. Microsoft Exchange Server Remote Code Execution Vulnerability: A critical vulnerability has been discovered in Microsoft Exchange Server that could allow for remote code execution. Attackers could exploit this flaw to take control of an affected system. Users are urged to apply the necessary patches immediately. Source: Microsoft Security Response Center.
2. Apache HTTP Server Request Smuggling Vulnerability: A high-severity vulnerability in Apache HTTP Server could allow an attacker to smuggle HTTP requests, leading to cache poisoning, cross-site scripting, and other attacks. The Apache Software Foundation has released a security update to address this vulnerability. Source: Apache HTTP Server Project.
3. Apple iOS and iPadOS Multiple Security Vulnerabilities: Apple has released security updates to address vulnerabilities in iOS and iPadOS that could be exploited to execute arbitrary code, gain elevated privileges, or lead to denial of service. Users are advised to update their devices to the latest versions. Source: Apple Support.
4. VMware vCenter Server File Upload Vulnerability: A critical vulnerability in VMware vCenter Server could allow an attacker to upload files to the server. VMware has released a patch to fix this vulnerability and users are recommended to update as soon as possible. Source: VMware Security Advisories.
5. Google Chrome Multiple Security Vulnerabilities: Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux, which addresses multiple high-severity vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. Source: Chrome Releases Blog.

Top CVEs

1. CVE-2024-9188: Cross-platform scripting vulnerability allows attackers to leak administrator data through specially constructed queries. This could lead to unauthorized access and potential data breaches. Source: CVE-2024-9188.
2. CVE-2024-47520: Users with advanced report application access rights can perform actions beyond their authorization due to a flaw in the system. This could lead to unauthorized changes and potential data loss. Source: CVE-2024-47520.
3. CVE-2024-47518: Specially constructed queries can reveal active remote access through ETM, potentially exposing sensitive data and systems to unauthorized users. Source: CVE-2024-47518.
4. CVE-2024-7095: A vulnerability in Arista EOS with SNMP configured allows a specially crafted packet to cause the snmpd process to leak memory, potentially leading to process termination and memory pressure for other processes. Source: CVE-2024-7095.
5. CVE-2024-9134: Multiple SQL Injection vulnerabilities exist in the reporting application, allowing users with advanced report application access rights to execute commands on the underlying operating system with elevated privileges. Source: CVE-2024-9134.

API Security

1. Palo Alto Networks Expedition OS Command Injection Vulnerability (CVE-2025-0107): A significant OS command injection vulnerability has been found in Palo Alto Networks Expedition. This flaw allows an authenticated attacker to execute arbitrary OS commands as the www-data user in Expedition, leading to the exposure of usernames, plaintext passwords, device configurations, and device API keys for firewalls running PAN-OS. Source: vulners.com
2. Palo Alto Networks Expedition SQL Injection Vulnerability (CVE-2025-0103): An SQL injection vulnerability has been discovered in Palo Alto Networks Expedition. This vulnerability allows an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. The flaw also enables attackers to create and read arbitrary files on the Expedition. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded that the world of cybersecurity is a constantly evolving landscape. From the data breaches impacting school districts across the nation to the vulnerabilities discovered in popular software solutions, it's clear that vigilance and proactive measures are key to maintaining security. Remember, knowledge is power.

By staying informed about these incidents and vulnerabilities, we can better prepare and protect our systems and data. So, share this newsletter with your colleagues and friends, and let's continue to learn and grow together in the realm of cybersecurity. Stay safe, stay informed, and see you in the next edition of Secret CISO!