Welcome to today's issue of Secret CISO, your daily dose of the latest in cybersecurity news. Today, we're diving into a series of data breaches that have rocked the education and healthcare sectors, and the hefty price one entertainment giant had to pay in a data breach settlement.

First up, the Rochester City School District and several school districts in Southern Idaho have issued warnings about data breaches involving student information. Meanwhile, UK telecommunications company TalkTalk has also suffered a data breach, though initial findings suggest no leak of highly sensitive personal data. In a staggering revelation, Change Healthcare has identified a ransomware group behind a security breach that has impacted a whopping 190 million victims.

On a similar note, a massive data breach at PowerSchool has affected millions of students, with sensitive records including names, addresses, Social Security numbers, and medical records being compromised. In the world of entertainment, MGM Resorts has agreed to pay $45 million in a data breach settlement, highlighting the costly consequences of data breaches. In the realm of cybersecurity research, we have updates on Apple patching an actively exploited zero-day affecting iPhones, Macs, and more. We also have news on a critical Kubernetes flaw discovered by Akamai's security research team, and a warning about toll scam texts targeting U.S. drivers.

Lastly, we have a series of updates on various CVEs, including vulnerabilities in IBM MQ Container, IBM Sterling File Gateway, and more. Stay tuned for more updates and remember, knowledge is the first line of defense in cybersecurity. Stay safe, stay informed with Secret CISO.

Data Breaches

1. Rochester City School District Data Breach: The Rochester City School District has issued a warning to students, families, and staff about a data breach. The specifics of the breach are not yet clear, but the district is taking steps to address the situation. Source: YouTube
2. MGM Resorts Data Breach Settlement: MGM Resorts has agreed to pay $45 million in a lawsuit regarding two data breaches. The breaches had significant impacts, and the settlement aims to compensate those affected. Source: FOX5 Vegas
3. TalkTalk Data Breach: UK telecommunications company TalkTalk has suffered a data breach. Initial findings suggest no leak of highly sensitive personal data, but the company is still investigating the incident. Source: Check Point Research
4. Change Healthcare Data Breach: Change Healthcare has reported a massive data breach affecting 190 million people. The breach was carried out by the ransomware group ALPHV/Blackcat, highlighting the need for robust cybersecurity measures. Source: HC Innovation Group
5. PowerSchool Data Breach: PowerSchool, a leading software provider in K-12 education, suffered a data breach in late December that affected thousands of students' accounts. The full scale of the breach is still unclear as impacted individuals are being contacted. Source: The Sentinel

Security Research

1. Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More: Apple has released updates to address an actively exploited zero-day vulnerability affecting its devices. The flaw, yet to be attributed to a specific security researcher, could potentially compromise user data and device security. Source: The Hacker News
2. Election Security Expert Avoids OAN Subpoena in Dominion Case: An election cybersecurity expert has successfully avoided a subpoena from One America News Network in a case brought by Dominion. The case highlights the ongoing tension between cybersecurity experts and media outlets in the context of election security. Source: Bloomberg Law News
3. For $50, Attackers Can Use GhostGPT to Write Malicious Code: Security researchers have discovered that GhostGPT, a tool marketed for a range of malicious activities including coding and malware creation, can be used by attackers for as little as $50. This highlights the increasing accessibility of cyber attack tools. Source: Dark Reading
4. Akamai Uncovers Critical Kubernetes Flaw for Windows Nodes: Akamai's security research team has discovered a critical flaw in Kubernetes for Windows nodes. The extent of the vulnerability, highlighted by security researcher Tomer Peled, underscores the importance of robust security measures in cloud-based systems. Source: SecurityBrief Asia
5. Hackers Found a Way to Control Subaru Cars Over the Internet Without Drivers Even Knowing: Security researcher Sam Curry has found a security flaw in the Starlink system integrated into connected Subaru cars. This flaw allows bad actors to gain control over the vehicles remotely, highlighting the growing risks associated with connected vehicles. Source: Autoevolution

Top CVEs

1. CVE-2024-27256 - IBM MQ Container Cryptographic Weakness: IBM MQ Container versions 3.0.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS, and 2.4.0 through 2.4.8, among others, use weaker than expected cryptographic algorithms. This could allow an attacker to decrypt highly sensitive information. Source: CVE-2024-27256
2. CVE-2023-47159 - IBM Sterling File Gateway User Enumeration: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. Source: CVE-2023-47159
3. CVE-2024-38320 - IBM Storage Protect Cryptographic Weakness: IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client versions 8.1.0.0 through 8.1.23.0 use weaker than expected cryptographic algorithms. This could allow an attacker to decrypt highly sensitive information. Source: CVE-2024-38320
4. CVE-2023-50316 - IBM Sterling B2B Integrator SQL Injection: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Source: CVE-2023-50316
5. CVE-2023-52292 - IBM Sterling File Gateway Stored XSS: IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Source: CVE-2023-52292

API Security

1. CVE-2025-23084 - Node.js Vulnerability in Windows Environment: A vulnerability has been discovered in Node.js, specifically affecting the handling of drive names in the Windows environment. This issue arises from certain Node.js functions not treating drive names as special on Windows, leading to potential security risks. Users are advised to update their Node.js to the latest version to mitigate this vulnerability. Source: vulners.com
2. CVE-2024-56316 - AXESS ACS TR069 API Vulnerability: A serious vulnerability has been identified in AXESS ACS (Auto Configuration Server) through 5.2.0, where unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests. Users are advised to update their AXESS ACS to the latest version to prevent this attack. Source: vulners.com
3. CVE-2024-52012 - Apache Solr Relative Path Traversal Vulnerability: A Relative Path Traversal vulnerability has been found in Apache Solr. This vulnerability, commonly known as a "zipslip", allows maliciously constructed ZIP files to write data to unanticipated parts of the filesystem. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Alternatively, users can use Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API. Source: vulners.com

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of Secret CISO. We hope you found these updates insightful and helpful in staying ahead of the curve in the ever-evolving world of cybersecurity.

Remember, knowledge is power, and sharing is caring. So, don't hesitate to pass this newsletter along to your friends and colleagues.

Let's work together to create a safer digital world. Until next time, stay safe and secure!