Good morning, Secret CISO readers. Today's newsletter is packed with critical updates on recent data breaches and cybersecurity incidents. PowerSchool, a software provider for K-12 schools, suffered a data breach in late December, exposing student information. The breach also exposed the Social Security numbers of about 312,000 North Carolina teachers. In another incident, the Minnesota police association is suing the POST Board for releasing the IDs of at least 257 undercover officers. The patient data breach lawsuit against Atrium has moved to the NC Business Court. In the healthcare sector, account compromise and phishing top the list of security incidents.

Meanwhile, Conduent confirmed a cybersecurity incident behind a recent outage. School boards in Ontario, hit by a massive data breach, say they have no way of tracking down affected students. The data breach at Upper Canada DSB is extensive, impacting the region's largest school board. In legal news, OpenAI has told an Indian court that any order to remove training data powering its ChatGPT service would breach US legal obligations. Wabtech will pay $625,000 to settle allegations it negligently failed to protect personal information in a 2022 data breach.

In research news, security researchers have uncovered a major ChatGPT security flaw, and a fake Google Ads campaign is targeting Mac users. Stay tuned for more updates and remember, knowledge is the first line of defense.

Data Breaches

1. PowerSchool Data Breach: PowerSchool, a software provider for K-12 schools, suffered a data breach in late December, exposing student information. The extent of the breach is still under investigation. Source: KHQ
2. Minnesota Police Association Data Breach: The Minnesota Police Association is suing the POST Board for releasing the identities of at least 257 undercover officers. The association is seeking a court injunction to prevent further data breaches. Source: Star Tribune
3. Atrium Patient Data Breach: A lawsuit related to a data breach at Atrium has been moved to the NC Business Court. The breach may have exposed patient demographic information, including email addresses, phone numbers, and computer IP addresses. Source: Winston-Salem Journal
4. Conduent Cybersecurity Incident: Conduent, a business process services company, has confirmed a cybersecurity incident that caused a recent service outage. The extent of the breach and the data affected are still unknown. Source: Bleeping Computer
5. OpenAI Data Breach: OpenAI has informed an Indian court that any order to remove training data from its ChatGPT service would be inconsistent with its legal obligations in the US. The case highlights the complex legal challenges associated with AI and data privacy. Source: Reuters

Security Research

1. Defense strategies to counter escalating hybrid attacks: In an interview with Help Net Security, Tomer Shloman, a Senior Security Researcher at Trellix, discusses the importance of attack attribution and outlines solutions for countering escalating hybrid attacks. Source: Help Net Security
2. Mac Users Targeted: Fake Google Ads Exploit Homebrew In Malware Campaign: Security researcher Ryan Chenkie discovered a scheme that uses fake Google ads to deliver malware, compromising user credentials on Mac systems. Source: Information Security Buzz
3. Mastercard's multi-year DNS cut-and-paste nightmare: A security researcher discovered a significant error in Mastercard's DNS configuration that persisted for several years, which appears to be a cut-and-paste error rather than a typo. Source: CSO Online
4. Cybersecurity Threats Continue to Rise for Healthcare Organizations, Research Shows: Dirk Schrader, Netwrix's field CISO and vice president of security research, reveals that cybersecurity threats continue to rise for healthcare organizations due to a combination of factors leading to a higher rate of security incidents. Source: MedCity News
5. DryRun Security raises $8.7M to advance AI-driven application security: DryRun Security has raised $8.7 million to further develop its AI-driven application security. The news comes alongside a warning from a security researcher about a potential vulnerability in the ChatGPT API that could enable large-scale DDoS attacks. Source: SiliconANGLE

Top CVEs

1. CVE-2024-31903 - IBM Sterling B2B Integrator Standard Edition Vulnerability: Versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 are susceptible to arbitrary code execution by an attacker on the local network, due to the deserialization of untrusted data. Source: CVE-2024-31903
2. CVE-2023-32340 - IBM Sterling B2B Integrator Cross-Site Scripting: Versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 are vulnerable to cross-site scripting, allowing users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure. Source: CVE-2023-32340
3. CVE-2023-50309 - IBM Sterling B2B Integrator Stored Cross-Site Scripting: Versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 are vulnerable to stored cross-site scripting, allowing users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure. Source: CVE-2023-50309
4. CVE-2025-0395 - GNU C Library Buffer Overflow: In versions 2.13 to 2.40, the assert() function does not allocate enough space for the assertion failure message string and size information, potentially leading to a buffer overflow if the message string size aligns to a page. Source: CVE-2025-0395
5. CVE-2025-0611 - Google Chrome V8 Object Corruption: Prior to version 132.0.6834.110, object corruption in V8 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Source: CVE-2025-0611

API Security

1. Server Side Request Forgery Vulnerability in Kibana (CVE-2024-43710): A server-side request forgery vulnerability was identified in Kibana, where the /api/fleet/health_check API could be used to send requests to internal endpoints. This vulnerability could only be exploited over HTTPS and by users with read access. Source: vulners.com
2. Resource Allocation Vulnerability in Kibana (CVE-2024-52972): Kibana's allocation of resources without limits or throttling can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This vulnerability can be exploited by users with read access to the Observability Metrics or Logs features. Source: vulners.com
3. Path Traversal Attack Vulnerability in Envoy Gateway (CVE-2025-24030): A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. This vulnerability can be used to terminate the Envoy process and extract the Envoy configuration. Source: vulners.com
4. CSRF Protection Bypass Vulnerability in Bitbucket Server Integration Plugin: An extension point in Jenkins allows selectively disabling cross-site request forgery (CSRF) protection for specific URLs. Bitbucket Server Integration Plugin implements this extension point to support OAuth 1.0 authentication. However, this implementation is too permissive, allowing attackers to craft URLs that would bypass the CSRF protection of any target URL. Source: vulners.com
5. Incorrect Permission Check Vulnerability in Jenkins GitLab Plugin: The Jenkins GitLab Plugin 1.9.6 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with global Item/Configure permission to enumerate credential IDs of GitLab API token credentials and Secret text credentials stored in Jenkins. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, we're reminded of the importance of vigilance and proactive measures in the realm of cybersecurity. From the PowerSchool data breach affecting student information to the lawsuit against the Minnesota police association for releasing IDs of undercover officers, it's clear that no sector is immune to these threats.

We've also seen how healthcare security incidents continue to rise, with account compromise and phishing topping the list of concerns. And let's not forget the cybersecurity incident at Conduent, which led to a major service outage. In the face of these challenges, we must remain committed to staying informed and taking the necessary steps to protect our data and systems.

Remember, knowledge is power. So, let's continue to learn, share, and grow together in this ever-evolving landscape. If you found today's newsletter helpful, please consider sharing it with your friends and colleagues. Stay safe, stay informed, and see you in the next edition of Secret CISO.